| OLD | NEW |
|---|
| 1 // Copyright 2016 the V8 project authors. All rights reserved. | 1 // Copyright 2016 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef V8_MARKING_H | 5 #ifndef V8_MARKING_H |
| 6 #define V8_MARKING_H | 6 #define V8_MARKING_H |
| 7 | 7 |
| 8 #include "src/base/atomic-utils.h" | 8 #include "src/base/atomic-utils.h" |
| 9 #include "src/utils.h" | 9 #include "src/utils.h" |
| 10 | 10 |
| (...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 220 MarkBit::CellType matching_mask; | 220 MarkBit::CellType matching_mask; |
| 221 if (start_cell_index != end_cell_index) { | 221 if (start_cell_index != end_cell_index) { |
| 222 matching_mask = ~(start_index_mask - 1); | 222 matching_mask = ~(start_index_mask - 1); |
| 223 if ((cells()[start_cell_index] & matching_mask) != matching_mask) { | 223 if ((cells()[start_cell_index] & matching_mask) != matching_mask) { |
| 224 return false; | 224 return false; |
| 225 } | 225 } |
| 226 for (unsigned int i = start_cell_index + 1; i < end_cell_index; i++) { | 226 for (unsigned int i = start_cell_index + 1; i < end_cell_index; i++) { |
| 227 if (cells()[i] != ~0u) return false; | 227 if (cells()[i] != ~0u) return false; |
| 228 } | 228 } |
| 229 matching_mask = (end_index_mask - 1); | 229 matching_mask = (end_index_mask - 1); |
| 230 return ((cells()[end_cell_index] & matching_mask) == matching_mask); | 230 // Check against a mask of 0 to avoid dereferencing the cell after the |
| 231 // end of the bitmap. |
| 232 return (matching_mask == 0) || |
| 233 ((cells()[end_cell_index] & matching_mask) == matching_mask); |
| 231 } else { | 234 } else { |
| 232 matching_mask = end_index_mask - start_index_mask; | 235 matching_mask = end_index_mask - start_index_mask; |
| 233 return (cells()[end_cell_index] & matching_mask) == matching_mask; | 236 // Check against a mask of 0 to avoid dereferencing the cell after the |
| 237 // end of the bitmap. |
| 238 return (matching_mask == 0) || |
| 239 (cells()[end_cell_index] & matching_mask) == matching_mask; |
| 234 } | 240 } |
| 235 } | 241 } |
| 236 | 242 |
| 237 // Returns true if all bits in the range [start_index, end_index) are cleared. | 243 // Returns true if all bits in the range [start_index, end_index) are cleared. |
| 238 bool AllBitsClearInRange(uint32_t start_index, uint32_t end_index) { | 244 bool AllBitsClearInRange(uint32_t start_index, uint32_t end_index) { |
| 239 unsigned int start_cell_index = start_index >> Bitmap::kBitsPerCellLog2; | 245 unsigned int start_cell_index = start_index >> Bitmap::kBitsPerCellLog2; |
| 240 MarkBit::CellType start_index_mask = 1u << Bitmap::IndexInCell(start_index); | 246 MarkBit::CellType start_index_mask = 1u << Bitmap::IndexInCell(start_index); |
| 241 | 247 |
| 242 unsigned int end_cell_index = end_index >> Bitmap::kBitsPerCellLog2; | 248 unsigned int end_cell_index = end_index >> Bitmap::kBitsPerCellLog2; |
| 243 MarkBit::CellType end_index_mask = 1u << Bitmap::IndexInCell(end_index); | 249 MarkBit::CellType end_index_mask = 1u << Bitmap::IndexInCell(end_index); |
| 244 | 250 |
| 245 MarkBit::CellType matching_mask; | 251 MarkBit::CellType matching_mask; |
| 246 if (start_cell_index != end_cell_index) { | 252 if (start_cell_index != end_cell_index) { |
| 247 matching_mask = ~(start_index_mask - 1); | 253 matching_mask = ~(start_index_mask - 1); |
| 248 if ((cells()[start_cell_index] & matching_mask)) return false; | 254 if ((cells()[start_cell_index] & matching_mask)) return false; |
| 249 for (unsigned int i = start_cell_index + 1; i < end_cell_index; i++) { | 255 for (unsigned int i = start_cell_index + 1; i < end_cell_index; i++) { |
| 250 if (cells()[i]) return false; | 256 if (cells()[i]) return false; |
| 251 } | 257 } |
| 252 matching_mask = (end_index_mask - 1); | 258 matching_mask = (end_index_mask - 1); |
| 253 return !(cells()[end_cell_index] & matching_mask); | 259 // Check against a mask of 0 to avoid dereferencing the cell after the |
| 260 // end of the bitmap. |
| 261 return (matching_mask == 0) || !(cells()[end_cell_index] & matching_mask); |
| 254 } else { | 262 } else { |
| 255 matching_mask = end_index_mask - start_index_mask; | 263 matching_mask = end_index_mask - start_index_mask; |
| 256 return !(cells()[end_cell_index] & matching_mask); | 264 // Check against a mask of 0 to avoid dereferencing the cell after the |
| 265 // end of the bitmap. |
| 266 return (matching_mask == 0) || !(cells()[end_cell_index] & matching_mask); |
| 257 } | 267 } |
| 258 } | 268 } |
| 259 | 269 |
| 260 static void PrintWord(uint32_t word, uint32_t himask = 0) { | 270 static void PrintWord(uint32_t word, uint32_t himask = 0) { |
| 261 for (uint32_t mask = 1; mask != 0; mask <<= 1) { | 271 for (uint32_t mask = 1; mask != 0; mask <<= 1) { |
| 262 if ((mask & himask) != 0) PrintF("["); | 272 if ((mask & himask) != 0) PrintF("["); |
| 263 PrintF((mask & word) ? "1" : "0"); | 273 PrintF((mask & word) ? "1" : "0"); |
| 264 if ((mask & himask) != 0) PrintF("]"); | 274 if ((mask & himask) != 0) PrintF("]"); |
| 265 } | 275 } |
| 266 } | 276 } |
| (...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 452 } | 462 } |
| 453 | 463 |
| 454 private: | 464 private: |
| 455 DISALLOW_IMPLICIT_CONSTRUCTORS(Marking); | 465 DISALLOW_IMPLICIT_CONSTRUCTORS(Marking); |
| 456 }; | 466 }; |
| 457 | 467 |
| 458 } // namespace internal | 468 } // namespace internal |
| 459 } // namespace v8 | 469 } // namespace v8 |
| 460 | 470 |
| 461 #endif // V8_MARKING_H_ | 471 #endif // V8_MARKING_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2799283002:
[heap] Fix off-by-one cell read in verification methods (Closed)
