third_party/WebKit/Source/platform/wtf/allocator/Allocator.md - Issue 2870213002: Update the PartitionAlloc documentation.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/Source/platform/wtf/allocator/Allocator.md

Issue 2870213002: Update the PartitionAlloc documentation. (Closed)

Patch Set: Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« base/allocator/partition_allocator/PartitionAlloc.md ('K') | « base/allocator/partition_allocator/partition_alloc.h ('k') | third_party/WebKit/Source/platform/wtf/allocator/Partitions.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 # Blink Allocator Design
	haraken 2017/05/10 01:02:20 Design of PartitionAlloc in Blink (Blink Allocato Design of PartitionAlloc in Blink (Blink Allocator is a bit confusing with Oilpan.) Chris Palmer 2017/05/10 23:45:44 Done. Show quoted text On 2017/05/10 01:02:20, haraken wrote: > > Design of PartitionAlloc in Blink > > (Blink Allocator is a bit confusing with Oilpan.) Done.
	2

	3 All objects in Blink are expected to be allocated with PartitionAlloc or Oilpan.

	4

	5 Blink uses different PartitionAlloc partitions, for different kinds of objects:

	6

	7 * LayoutObject partition: A partition to allocate `LayoutObject`s.

	8 The LayoutObject partition is a `SizeSpecificPartitionAllocator`. This means

	9 that no extra padding is needed to allocate a `LayoutObject` object. Different

	10 sizes of `LayoutObject`s are allocated in different buckets. Having a dedicated

	11 partition for `LayoutObject`s improves cache locality and thus performance.

	12

	13 * Buffer partition: A partition to allocate objects that have a strong risk

	14 that the length and/or the contents are exploited by user scripts. Specifically,

	15 we allocate `Vector`s, `HashTable`s, and `String`s in the Buffer partition.

	16

	17 * ArrayBuffer partition: A partition to allocate `ArrayBufferContents`s.

	18

	19 * Node partition: A partition to allocate `Node`s. Note: Blink does not yet

	20 use this partition, but may in the future.
	haraken 2017/05/10 01:02:21 Remove this. Node partition is gone. Remove this. Node partition is gone. Chris Palmer 2017/05/10 23:45:44 Done. Show quoted text On 2017/05/10 01:02:21, haraken wrote: > > Remove this. Node partition is gone. Done.
	21

	22 * FastMalloc partition: A partition to allocate all other objects. Objects

	23 marked with `USING_FAST_MALLOC` are allocated on the FastMalloc partition.

	24

	25 The Buffer partition and the FastMalloc partition have many buckets. They

	26 support any arbitrary size of allocations but padding may be added to align the

	27 allocation with the closest bucket size. The bucket sizes are chosen to keep the

	28 worst-case memory overhead less than 10%.

	29

	30 ## Security

	31

	32 We put `LayoutObject`s into a dedicated partition because `LayoutObject`s are

	33 likely to be a source of use-after-free (UAF) vulnerabilities. Similarly, we put

	34 `String`s, `Vector`s, et c. into the Buffer partition, and

	35 `ArrayBufferContents`s into the ArrayBuffer partition, because malicious web

	36 contents are likely to exploit the length field and/or contents of these

	37 objects.

	38

	39 ## Performance

	40

	41 PartitionAlloc doesn't acquire a lock when allocating on the LayoutObject

	42 partition, because it's guaranteed that `LayoutObject`s are allocated only by

	43 the main thread.

	44

	45 PartitionAlloc acquires a lock when allocating on the Buffer, ArrayBuffer, and

	46 FastMalloc partitions.

OLD	NEW