Make HeapObjectHeader::checkHeader private.

third_party/WebKit/Source/platform/heap/HeapPage.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 177 matching lines @@
 #endif
 
     ASSERT(gcInfoIndex < GCInfoTable::maxIndex);
     ASSERT(size < nonLargeObjectPageSizeMax);
     ASSERT(!(size & allocationMask));
     m_encoded = static_cast<uint32_t>(
         (gcInfoIndex << headerGCInfoIndexShift) | size |
         (gcInfoIndex == gcInfoIndexForFreeListHeader ? headerFreedBitMask : 0));
   }
 
-  NO_SANITIZE_ADDRESS
-  bool isFree() const { return m_encoded & headerFreedBitMask; }
-  NO_SANITIZE_ADDRESS
-  bool isPromptlyFreed() const {
+  NO_SANITIZE_ADDRESS bool isFree() const {
+    return m_encoded & headerFreedBitMask;
+  }
+
+  NO_SANITIZE_ADDRESS bool isPromptlyFreed() const {
     return (m_encoded & headerPromptlyFreedBitMask) ==
            headerPromptlyFreedBitMask;
   }
-  NO_SANITIZE_ADDRESS
-  void markPromptlyFreed() { m_encoded |= headerPromptlyFreedBitMask; }
+
+  NO_SANITIZE_ADDRESS void markPromptlyFreed() {
+    m_encoded |= headerPromptlyFreedBitMask;
+  }
+
   size_t size() const;
 
-  NO_SANITIZE_ADDRESS
-  size_t gcInfoIndex() const {
+  NO_SANITIZE_ADDRESS size_t gcInfoIndex() const {
     return (m_encoded & headerGCInfoIndexMask) >> headerGCInfoIndexShift;
   }
-  NO_SANITIZE_ADDRESS
-  void setSize(size_t size) {
+
+  NO_SANITIZE_ADDRESS void setSize(size_t size) {
     ASSERT(size < nonLargeObjectPageSizeMax);
+    checkHeader();
     m_encoded = static_cast<uint32_t>(size) | (m_encoded & ~headerSizeMask);
   }
+
   bool isWrapperHeaderMarked() const;
   void markWrapperHeader();
   void unmarkWrapperHeader();
   bool isMarked() const;
   void mark();
   void unmark();
 
   Address payload();
   size_t payloadSize();
   Address payloadEnd();
 
-  // TODO(633030): Make |checkHeader| and |zapMagic| private. This class should
-  // manage its integrity on its own, without requiring outside callers to
-  // explicitly check.
-  void checkHeader() const;
+  void finalize(Address, size_t);
+  static HeapObjectHeader* fromPayload(const void*);
 
+  static const uint32_t zappedMagic = 0xDEAD4321;
+
+ protected:
 #if DCHECK_IS_ON() && CPU(64BIT)
   // Zap |m_magic| with a new magic number that means there was once an object
   // allocated here, but it was freed because nobody marked it during GC.
   void zapMagic();
 #endif
 
-  void finalize(Address, size_t);
-  static HeapObjectHeader* fromPayload(const void*);
+ private:
+  void checkHeader() const;
 
-  static const uint32_t zappedMagic = 0xDEAD4321;
-
- private:
 #if CPU(64BIT)
   // Returns a random value.
   //
   // The implementation gets its randomness from the locations of 2 independent
   // sources of address space layout randomization: a function in a Chrome
   // executable image, and a function in an external DLL/so. This implementation
   // should be fast and small, and should have the benefit of requiring
   // attackers to discover and use 2 independent weak infoleak bugs, or 1
   // arbitrary infoleak bug (used twice).
   uint32_t getMagic() const;
   uint32_t m_magic;
-#endif
+#endif  // CPU(64BIT)
 
   uint32_t m_encoded;
 };
 
 class FreeListEntry final : public HeapObjectHeader {
  public:
   NO_SANITIZE_ADDRESS
   explicit FreeListEntry(size_t size)
       : HeapObjectHeader(size, gcInfoIndexForFreeListHeader), m_next(nullptr) {
 #if DCHECK_IS_ON() && CPU(64BIT)
@@ skipping 565 matching lines @@
   size_t result = m_encoded & headerSizeMask;
   // Large objects should not refer to header->size(). The actual size of a
   // large object is stored in |LargeObjectPage::m_payloadSize|.
   ASSERT(result != largeObjectSizeInHeader);
   ASSERT(!pageFromObject(this)->isLargeObjectPage());
   return result;
 }
 
 NO_SANITIZE_ADDRESS inline void HeapObjectHeader::checkHeader() const {
 #if CPU(64BIT)
-  const bool good = getMagic() == m_magic;
-  DCHECK(good);
+  const bool goodMagic = getMagic() == m_magic;
+  CHECK(goodMagic);

[haraken, 2017/03/30 14:12:46]

What's a performance implication for the DCHECK => CHECK replacement?

 #endif
 }
 
 inline Address HeapObjectHeader::payload() {
   return reinterpret_cast<Address>(this) + sizeof(HeapObjectHeader);
 }
 
 inline Address HeapObjectHeader::payloadEnd() {
   return reinterpret_cast<Address>(this) + size();
 }
 
 NO_SANITIZE_ADDRESS inline size_t HeapObjectHeader::payloadSize() {
+  checkHeader();
   size_t size = m_encoded & headerSizeMask;
   if (UNLIKELY(size == largeObjectSizeInHeader)) {
     ASSERT(pageFromObject(this)->isLargeObjectPage());
     return static_cast<LargeObjectPage*>(pageFromObject(this))->payloadSize();
   }
   ASSERT(!pageFromObject(this)->isLargeObjectPage());
   return size - sizeof(HeapObjectHeader);
 }
 
 inline HeapObjectHeader* HeapObjectHeader::fromPayload(const void* payload) {
@@ skipping 111 matching lines @@
   return outOfLineAllocate(allocationSize, gcInfoIndex);
 }
 
 inline NormalPageArena* NormalPage::arenaForNormalPage() const {
   return static_cast<NormalPageArena*>(arena());
 }
 
 }  // namespace blink
 
 #endif  // HeapPage_h