Chromium Code Reviews Chromium Code Reviews
Issue 10391178:
1. Enable large object pointer offset check in release build. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: third_party/tcmalloc/chromium/src/tcmalloc.cc |
| =================================================================== |
| --- third_party/tcmalloc/chromium/src/tcmalloc.cc (revision 137587) |
| +++ third_party/tcmalloc/chromium/src/tcmalloc.cc (working copy) |
| @@ -178,13 +178,13 @@ |
| using tcmalloc::Static; |
| using tcmalloc::ThreadCache; |
| -// ---- Double free debug declarations |
| +// ---- Functions doing validation with an extra mark. |
| static size_t ExcludeSpaceForMark(size_t size); |
| static void AddRoomForMark(size_t* size); |
| static void ExcludeMarkFromSize(size_t* new_size); |
| static void MarkAllocatedRegion(void* ptr); |
| static void ValidateAllocatedRegion(void* ptr, size_t cl); |
| -// ---- End Double free debug declarations |
| +// ---- End validation functions. |
| DECLARE_int64(tcmalloc_sample_parameter); |
| DECLARE_double(tcmalloc_release_rate); |
| @@ -1157,6 +1157,14 @@ |
| Static::pageheap()->CacheSizeClass(p, cl); |
| } |
| + // Validate pointer of large objects. |
| + if (cl == 0) { |
|
jar (doing other things)
2012/05/17 01:36:41
nit: add comment:
// Mimic debug code on done bel
kaiwang
2012/05/19 00:12:27
Done.
|
| + // Make sure ptr is inside the first page of the span. |
|
jar (doing other things)
2012/05/17 01:36:41
nit: pointer
kaiwang
2012/05/19 00:12:27
Done.
|
| + CHECK_CONDITION(span->start == p); |
| + // Make sure we are not freeing interior pointers, even in release build. |
| + CHECK_CONDITION_PRINT(reinterpret_cast<uintptr_t>(ptr) % kPageSize == 0, |
| + "Pointer not pointed to the start of a span"); |
|
jar (doing other things)
2012/05/17 01:36:41
nit:
"Pointer isn't pointing to start of span"
kaiwang
2012/05/19 00:12:27
Done.
|
| + } |
| ValidateAllocatedRegion(ptr, cl); |
| if (cl != 0) { |
| @@ -1171,8 +1179,6 @@ |
| } |
| } else { |
| SpinLockHolder h(Static::pageheap_lock()); |
| - ASSERT(reinterpret_cast<uintptr_t>(ptr) % kPageSize == 0); |
| - ASSERT(span != NULL && span->start == p); |
|
jar (doing other things)
2012/05/17 01:36:41
nit: might as well keep this, so that merges go ea
kaiwang
2012/05/19 00:12:27
Done.
|
| if (span->sample) { |
| StackTrace* st = reinterpret_cast<StackTrace*>(span->objects); |
| tcmalloc::DLL_Remove(span); |
| @@ -1276,7 +1282,7 @@ |
| void* do_memalign(size_t align, size_t size) { |
| ASSERT((align & (align - 1)) == 0); |
| ASSERT(align > 0); |
| - // Marked in CheckMallocResult(), which is also inside SpanToMallocResult(). |
| + // Marked in CheckedMallocResult(), which is also inside SpanToMallocResult(). |
| AddRoomForMark(&size); |
| if (size + align < size) return NULL; // Overflow |
| @@ -1698,7 +1704,7 @@ |
| #endif // TCMALLOC_USING_DEBUGALLOCATION |
| -// ---Double free() debugging implementation ----------------------------------- |
| +// --- Validation implementation with an extra mark ---------------------------- |
| // We will put a mark at the extreme end of each allocation block. We make |
| // sure that we always allocate enough "extra memory" that we can fit in the |
| // mark, and still provide the requested usable region. If ever that mark is |
| @@ -1741,22 +1747,11 @@ |
| #else // TCMALLOC_VALIDATION |
| static void DieFromDoubleFree() { |
| - char* p = NULL; |
| - p++; |
| - *p += 1; // Segv. |
| + Log(kCrash, __FILE__, __LINE__, "Attempt to double free"); |
| } |
| -static size_t DieFromBadFreePointer(const void* unused) { |
| - char* p = NULL; |
| - p += 2; |
| - *p += 2; // Segv. |
| - return 0; |
| -} |
| - |
| static void DieFromMemoryCorruption() { |
| - char* p = NULL; |
| - p += 3; |
| - *p += 3; // Segv. |
| + Log(kCrash, __FILE__, __LINE__, "Memory corrupted"); |
| } |
| // We can either do byte marking, or whole word marking based on the following |
| @@ -1793,7 +1788,7 @@ |
| } |
| inline static MarkType* GetMarkLocation(void* ptr) { |
| - size_t class_size = GetSizeWithCallback(ptr, DieFromBadFreePointer); |
| + size_t class_size = GetSizeWithCallback(ptr, &InvalidGetAllocatedSize); |
| ASSERT(class_size % sizeof(kAllocationMarkMask) == 0); |
| size_t last_index = (class_size / sizeof(kAllocationMarkMask)) - 1; |
| return static_cast<MarkType*>(ptr) + last_index; |
