Oilpan: improve handling of ASan contiguous container annotations.

Source/platform/heap/Heap.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 20 matching lines @@
 #ifndef Heap_h
 #define Heap_h
 
 #include "platform/PlatformExport.h"
 #include "platform/heap/AddressSanitizer.h"
 #include "platform/heap/ThreadState.h"
 #include "platform/heap/Visitor.h"
 #include "public/platform/WebThread.h"
 #include "wtf/Assertions.h"
 #include "wtf/Atomics.h"
+#if defined(ADDRESS_SANITIZER)

[inferno, 2015/02/20 21:07:41]

can you remove the if defined here. no need of this, better to keep it in side
COntainerAnnotations.

[sof, 2015/02/20 21:13:37]

I could, but I don't want to incur another #include for a file most likely not
used. Heap.h (by way of Handle.h) is included a lot.

[sof, 2015/02/21 08:52:34]

Done.

+#include "wtf/ContainerAnnotations.h"
+#endif
 #include "wtf/HashCountedSet.h"
 #include "wtf/LinkedHashSet.h"
 #include "wtf/ListHashSet.h"
 #include "wtf/OwnPtr.h"
 #include "wtf/PageAllocator.h"
 #include "wtf/PassRefPtr.h"
 #include "wtf/ThreadSafeRefCounted.h"
 #include <stdint.h>
 
 namespace blink {
@@ skipping 509 matching lines @@
         return sizeof(LargeObjectPage) + paddingSize;
     }
     virtual bool isLargeObjectPage() override { return true; }
 
     HeapObjectHeader* heapObjectHeader()
     {
         Address headerAddress = address() + pageHeaderSize();
         return reinterpret_cast<HeapObjectHeader*>(headerAddress);
     }
 
+#ifdef ANNOTATE_CONTIGUOUS_CONTAINER
+    void setIsVectorBackingPage() { m_isVectorBackingPage = true; }
+    bool isVectorBackingPage() const { return m_isVectorBackingPage; }
+#endif
+
 private:
 
     size_t m_payloadSize;
+#ifdef ANNOTATE_CONTIGUOUS_CONTAINER
+    bool m_isVectorBackingPage;
+#endif
 };
 
 // A HeapDoesNotContainCache provides a fast way of taking an arbitrary
 // pointer-sized word, and determining whether it cannot be interpreted as a
 // pointer to an area that is managed by the garbage collected Blink heap.  This
 // is a cache of 'pages' that have previously been determined to be wholly
 // outside of the heap.  The size of these pages must be smaller than the
 // allocation alignment of the heap pages.  We determine off-heap-ness by
 // rounding down the pointer to the nearest page and looking up the page in the
 // cache.  If there is a miss in the cache we can determine the status of the
@@ skipping 1550 matching lines @@
         // payloadSize call below, since there is nowhere to store the
         // originally allocated memory.  This assert ensures that visiting the
         // last bit of memory can't cause trouble.
         static_assert(!ShouldBeTraced<Traits>::value || sizeof(T) > blink::allocationGranularity || Traits::canInitializeWithMemset, "heap overallocation can cause spurious visits");
 
         T* array = reinterpret_cast<T*>(self);
         blink::HeapObjectHeader* header = blink::HeapObjectHeader::fromPayload(self);
         // Use the payload size as recorded by the heap to determine how many
         // elements to mark.
         size_t length = header->payloadSize() / sizeof(T);
+#ifdef ANNOTATE_CONTIGUOUS_CONTAINER
+        // Have no option but to mark the whole container as accessible, but
+        // this trace() is only used for backing stores that are identified
+        // as roots independent from a vector.
+        ANNOTATE_CHANGE_SIZE(array, length, 0, length);
+#endif
         for (size_t i = 0; i < length; ++i)
             blink::CollectionBackingTraceTrait<ShouldBeTraced<Traits>::value, Traits::weakHandlingFlag, WeakPointersActStrong, T, Traits>::trace(visitor, array[i]);
         return false;
     }
 };
 
 // Almost all hash table backings are visited with this specialization.
 template<ShouldWeakPointersBeMarkedStrongly strongify, typename Table>
 struct TraceInCollectionTrait<NoWeakHandlingInCollections, strongify, blink::HeapHashTableBacking<Table>, void> {
     using Value = typename Table::ValueType;
@@ skipping 289 matching lines @@
 template<typename T, size_t inlineCapacity>
 struct GCInfoTrait<HeapVector<T, inlineCapacity>> : public GCInfoTrait<Vector<T, inlineCapacity, HeapAllocator>> { };
 template<typename T, size_t inlineCapacity>
 struct GCInfoTrait<HeapDeque<T, inlineCapacity>> : public GCInfoTrait<Deque<T, inlineCapacity, HeapAllocator>> { };
 template<typename T, typename U, typename V>
 struct GCInfoTrait<HeapHashCountedSet<T, U, V>> : public GCInfoTrait<HashCountedSet<T, U, V, HeapAllocator>> { };
 
 } // namespace blink
 
 #endif // Heap_h