Chromium Code Reviews Chromium Code Reviews
Issue 941073002:
Oilpan: improve handling of ASan contiguous container annotations. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 | 33 |
| 34 #include "platform/ScriptForbiddenScope.h" | 34 #include "platform/ScriptForbiddenScope.h" |
| 35 #include "platform/Task.h" | 35 #include "platform/Task.h" |
| 36 #include "platform/TraceEvent.h" | 36 #include "platform/TraceEvent.h" |
| 37 #include "platform/heap/CallbackStack.h" | 37 #include "platform/heap/CallbackStack.h" |
| 38 #include "platform/heap/MarkingVisitorImpl.h" | 38 #include "platform/heap/MarkingVisitorImpl.h" |
| 39 #include "platform/heap/ThreadState.h" | 39 #include "platform/heap/ThreadState.h" |
| 40 #include "public/platform/Platform.h" | 40 #include "public/platform/Platform.h" |
| 41 #include "wtf/AddressSpaceRandomization.h" | 41 #include "wtf/AddressSpaceRandomization.h" |
| 42 #include "wtf/Assertions.h" | 42 #include "wtf/Assertions.h" |
| 43 #include "wtf/ContainerAnnotations.h" | |
| 43 #include "wtf/LeakAnnotations.h" | 44 #include "wtf/LeakAnnotations.h" |
| 44 #include "wtf/PassOwnPtr.h" | 45 #include "wtf/PassOwnPtr.h" |
| 45 #if ENABLE(GC_PROFILING) | 46 #if ENABLE(GC_PROFILING) |
| 46 #include "platform/TracedValue.h" | 47 #include "platform/TracedValue.h" |
| 47 #include "wtf/HashMap.h" | 48 #include "wtf/HashMap.h" |
| 48 #include "wtf/HashSet.h" | 49 #include "wtf/HashSet.h" |
| 49 #include "wtf/text/StringBuilder.h" | 50 #include "wtf/text/StringBuilder.h" |
| 50 #include "wtf/text/StringHash.h" | 51 #include "wtf/text/StringHash.h" |
| 51 #include <stdio.h> | 52 #include <stdio.h> |
| 52 #include <utility> | 53 #include <utility> |
| 53 #endif | 54 #endif |
| 54 | 55 |
| 55 #if OS(POSIX) | 56 #if OS(POSIX) |
| 56 #include <sys/mman.h> | 57 #include <sys/mman.h> |
| 57 #include <unistd.h> | 58 #include <unistd.h> |
| 58 #elif OS(WIN) | 59 #elif OS(WIN) |
| 59 #include <windows.h> | 60 #include <windows.h> |
| 60 #endif | 61 #endif |
| 61 | 62 |
| 63 #ifdef ANNOTATE_CONTIGUOUS_CONTAINER | |
| 64 // FIXME: have ContainerAnnotations.h define an ENABLE_-style name instead. | |
| 65 #define ENABLE_ASAN_CONTAINER_ANNOTATIONS 1 | |
| 66 | |
| 67 // When finalizing a non-inlined vector backing store/container, remove | |
| 68 // its contiguous container annotation. Required as it will not be destructed | |
| 69 // from its Vector. | |
| 70 #define ASAN_RETIRE_CONTAINER_ANNOTATION(object, objectSize) \ | |
| 71 do { \ | |
| 72 BasePage* page = pageFromObject(object); \ | |
| 73 ASSERT(page); \ | |
| 74 bool isContainer = page->heap()->heapIndex() == VectorHeapIndex; \ | |
| 75 if (!isContainer && page->isLargeObjectPage()) \ | |
| 76 isContainer = static_cast<LargeObjectPage*>(page)->isVectorBackingPa ge(); \ | |
| 77 if (isContainer) \ | |
| 78 ANNOTATE_DELETE_BUFFER(object, objectSize, 0); \ | |
| 79 } while (0) | |
| 80 | |
| 81 // A vector backing store represented by a large object is marked | |
| 82 // so that when it is finalized, its ASan annotation will be | |
| 83 // correctly retired. | |
| 84 #define ASAN_MARK_LARGE_VECTOR_CONTAINER(heap, largeObject) \ | |
|
haraken
2015/02/21 22:45:41
ASAN_ADD_CONTAINER_ANNOTATION ? (for consistency w
sof
2015/02/22 07:22:11
That would be imprecise consistency, as it doesn't
| |
| 85 if (heap->heapIndex() == VectorHeapIndex) { \ | |
| 86 BasePage* largePage = pageFromObject(largeObject); \ | |
| 87 ASSERT(largePage->isLargeObjectPage()); \ | |
| 88 static_cast<LargeObjectPage*>(largePage)->setIsVectorBackingPage(); \ | |
| 89 } | |
| 90 #else | |
| 91 #define ENABLE_ASAN_CONTAINER_ANNOTATIONS 0 | |
| 92 #define ASAN_RETIRE_CONTAINER_ANNOTATION(payload, payloadSize) | |
| 93 #define ASAN_MARK_LARGE_VECTOR_CONTAINER(heap, largeObject) | |
| 94 #endif | |
| 95 | |
| 62 namespace blink { | 96 namespace blink { |
| 63 | 97 |
| 64 #if ENABLE(GC_PROFILING) | 98 #if ENABLE(GC_PROFILING) |
| 65 static String classOf(const void* object) | 99 static String classOf(const void* object) |
| 66 { | 100 { |
| 67 if (const GCInfo* gcInfo = Heap::findGCInfo(reinterpret_cast<Address>(const_ cast<void*>(object)))) | 101 if (const GCInfo* gcInfo = Heap::findGCInfo(reinterpret_cast<Address>(const_ cast<void*>(object)))) |
| 68 return gcInfo->m_className; | 102 return gcInfo->m_className; |
| 69 return "unknown"; | 103 return "unknown"; |
| 70 } | 104 } |
| 71 #endif | 105 #endif |
| (...skipping 380 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 452 } | 486 } |
| 453 #endif | 487 #endif |
| 454 | 488 |
| 455 void HeapObjectHeader::finalize(Address object, size_t objectSize) | 489 void HeapObjectHeader::finalize(Address object, size_t objectSize) |
| 456 { | 490 { |
| 457 const GCInfo* gcInfo = Heap::gcInfo(gcInfoIndex()); | 491 const GCInfo* gcInfo = Heap::gcInfo(gcInfoIndex()); |
| 458 if (gcInfo->hasFinalizer()) { | 492 if (gcInfo->hasFinalizer()) { |
| 459 gcInfo->m_finalize(object); | 493 gcInfo->m_finalize(object); |
| 460 } | 494 } |
| 461 | 495 |
| 496 ASAN_RETIRE_CONTAINER_ANNOTATION(object, objectSize); | |
| 497 | |
| 462 #if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER) | 498 #if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER) |
| 463 // In Debug builds, memory is zapped when it's freed, and the zapped memory | 499 // In Debug builds, memory is zapped when it's freed, and the zapped memory |
| 464 // is zeroed out when the memory is reused. Memory is also zapped when | 500 // is zeroed out when the memory is reused. Memory is also zapped when |
| 465 // using Leak Sanitizer because the heap is used as a root region for LSan | 501 // using Leak Sanitizer because the heap is used as a root region for LSan |
| 466 // and therefore pointers in unreachable memory could hide leaks. | 502 // and therefore pointers in unreachable memory could hide leaks. |
| 467 for (size_t i = 0; i < objectSize; ++i) | 503 for (size_t i = 0; i < objectSize; ++i) |
| 468 object[i] = finalizedZapValue; | 504 object[i] = finalizedZapValue; |
| 469 | 505 |
| 470 // Zap the primary vTable entry (secondary vTable entries are not zapped). | 506 // Zap the primary vTable entry (secondary vTable entries are not zapped). |
| 471 if (gcInfo->hasVTable()) { | 507 if (gcInfo->hasVTable()) { |
| (...skipping 540 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1012 Address NormalPageHeap::outOfLineAllocate(size_t allocationSize, size_t gcInfoIn dex) | 1048 Address NormalPageHeap::outOfLineAllocate(size_t allocationSize, size_t gcInfoIn dex) |
| 1013 { | 1049 { |
| 1014 ASSERT(allocationSize > remainingAllocationSize()); | 1050 ASSERT(allocationSize > remainingAllocationSize()); |
| 1015 ASSERT(allocationSize >= allocationGranularity); | 1051 ASSERT(allocationSize >= allocationGranularity); |
| 1016 | 1052 |
| 1017 #if ENABLE(GC_PROFILING) | 1053 #if ENABLE(GC_PROFILING) |
| 1018 threadState()->snapshotFreeListIfNecessary(); | 1054 threadState()->snapshotFreeListIfNecessary(); |
| 1019 #endif | 1055 #endif |
| 1020 | 1056 |
| 1021 // 1. If this allocation is big enough, allocate a large object. | 1057 // 1. If this allocation is big enough, allocate a large object. |
| 1022 if (allocationSize >= largeObjectSizeThreshold) | 1058 if (allocationSize >= largeObjectSizeThreshold) { |
| 1023 return static_cast<LargeObjectHeap*>(threadState()->heap(LargeObjectHeap Index))->allocateLargeObjectPage(allocationSize, gcInfoIndex); | 1059 LargeObjectHeap* largeObjectHeap = static_cast<LargeObjectHeap*>(threadS tate()->heap(LargeObjectHeapIndex)); |
| 1060 Address largeObject = largeObjectHeap->allocateLargeObjectPage(allocatio nSize, gcInfoIndex); | |
| 1061 ASAN_MARK_LARGE_VECTOR_CONTAINER(this, largeObject); | |
| 1062 return largeObject; | |
| 1063 } | |
| 1024 | 1064 |
| 1025 // 2. Check if we should trigger a GC. | 1065 // 2. Check if we should trigger a GC. |
| 1026 updateRemainingAllocationSize(); | 1066 updateRemainingAllocationSize(); |
| 1027 threadState()->scheduleGCIfNeeded(); | 1067 threadState()->scheduleGCIfNeeded(); |
| 1028 | 1068 |
| 1029 // 3. Try to allocate from a free list. | 1069 // 3. Try to allocate from a free list. |
| 1030 Address result = allocateFromFreeList(allocationSize, gcInfoIndex); | 1070 Address result = allocateFromFreeList(allocationSize, gcInfoIndex); |
| 1031 if (result) | 1071 if (result) |
| 1032 return result; | 1072 return result; |
| 1033 | 1073 |
| (...skipping 733 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1767 #endif | 1807 #endif |
| 1768 | 1808 |
| 1769 NormalPageHeap* NormalPage::heapForNormalPage() | 1809 NormalPageHeap* NormalPage::heapForNormalPage() |
| 1770 { | 1810 { |
| 1771 return static_cast<NormalPageHeap*>(heap()); | 1811 return static_cast<NormalPageHeap*>(heap()); |
| 1772 } | 1812 } |
| 1773 | 1813 |
| 1774 LargeObjectPage::LargeObjectPage(PageMemory* storage, BaseHeap* heap, size_t pay loadSize) | 1814 LargeObjectPage::LargeObjectPage(PageMemory* storage, BaseHeap* heap, size_t pay loadSize) |
| 1775 : BasePage(storage, heap) | 1815 : BasePage(storage, heap) |
| 1776 , m_payloadSize(payloadSize) | 1816 , m_payloadSize(payloadSize) |
| 1817 #if ENABLE(ASAN_CONTAINER_ANNOTATIONS) | |
| 1818 , m_isVectorBackingPage(false) | |
| 1819 #endif | |
| 1777 { | 1820 { |
| 1778 } | 1821 } |
| 1779 | 1822 |
| 1780 size_t LargeObjectPage::objectPayloadSizeForTesting() | 1823 size_t LargeObjectPage::objectPayloadSizeForTesting() |
| 1781 { | 1824 { |
| 1782 markAsSwept(); | 1825 markAsSwept(); |
| 1783 return payloadSize(); | 1826 return payloadSize(); |
| 1784 } | 1827 } |
| 1785 | 1828 |
| 1786 bool LargeObjectPage::isEmpty() | 1829 bool LargeObjectPage::isEmpty() |
| (...skipping 1037 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2824 bool Heap::s_shutdownCalled = false; | 2867 bool Heap::s_shutdownCalled = false; |
| 2825 bool Heap::s_lastGCWasConservative = false; | 2868 bool Heap::s_lastGCWasConservative = false; |
| 2826 FreePagePool* Heap::s_freePagePool; | 2869 FreePagePool* Heap::s_freePagePool; |
| 2827 OrphanedPagePool* Heap::s_orphanedPagePool; | 2870 OrphanedPagePool* Heap::s_orphanedPagePool; |
| 2828 Heap::RegionTree* Heap::s_regionTree = nullptr; | 2871 Heap::RegionTree* Heap::s_regionTree = nullptr; |
| 2829 size_t Heap::s_allocatedObjectSize = 0; | 2872 size_t Heap::s_allocatedObjectSize = 0; |
| 2830 size_t Heap::s_allocatedSpace = 0; | 2873 size_t Heap::s_allocatedSpace = 0; |
| 2831 size_t Heap::s_markedObjectSize = 0; | 2874 size_t Heap::s_markedObjectSize = 0; |
| 2832 | 2875 |
| 2833 } // namespace blink | 2876 } // namespace blink |
| OLD | NEW |
