Reviewers: Jakob,
Message:
Please take a look (assuming the general approach makes sense, as discussed
on
crbug).
Description:
MSan: mark any memory allocated from the JS heap as uninitialized.
BUG=chromium:403409,chromium:178409
[email protected]
Please review this at https://codereview.chromium.org/480763003/
SVN Base: https://chromium.googlesource.com/external/v8.git@bleeding_edge
Affected files (+17, -2 lines):
M src/heap/heap-inl.h
M src/heap/spaces.cc
M src/heap/spaces-inl.h
M src/msan.h
Index: src/heap/heap-inl.h
diff --git a/src/heap/heap-inl.h b/src/heap/heap-inl.h
index
adb6e25bb710c581d8a6ae7b571b5eddc4732908..e53e6834eb112ce2412a30187c91c683c13175b2
100644
--- a/src/heap/heap-inl.h
+++ b/src/heap/heap-inl.h
@@ -16,7 +16,6 @@
#include "src/isolate.h"
#include "src/list-inl.h"
#include "src/objects.h"
-
namespace v8 {
namespace internal {
Index: src/heap/spaces-inl.h
diff --git a/src/heap/spaces-inl.h b/src/heap/spaces-inl.h
index
56c2bad70c5dd6f73d3033b14e95be87bc58dc87..d81d253e1b214e89ab2f4d6664f931cdc9c1d5b2
100644
--- a/src/heap/spaces-inl.h
+++ b/src/heap/spaces-inl.h
@@ -8,6 +8,7 @@
#include "src/heap/spaces.h"
#include "src/heap-profiler.h"
#include "src/isolate.h"
+#include "src/msan.h"
#include "src/v8memory.h"
namespace v8 {
@@ -258,6 +259,7 @@ AllocationResult PagedSpace::AllocateRaw(int
size_in_bytes) {
if (identity() == CODE_SPACE) {
SkipList::Update(object->address(), size_in_bytes);
}
+ MSAN_ALLOCATED_UNINITIALIZED_MEMORY(object->address(), size_in_bytes);
return object;
}
@@ -280,6 +282,9 @@ AllocationResult NewSpace::AllocateRaw(int
size_in_bytes) {
allocation_info_.set_top(allocation_info_.top() + size_in_bytes);
DCHECK_SEMISPACE_ALLOCATION_INFO(allocation_info_, to_space_);
+ // The slow path above ultimately goes through AllocateRaw, so this
suffices.
+ MSAN_ALLOCATED_UNINITIALIZED_MEMORY(obj->address(), size_in_bytes);
+
return obj;
}
Index: src/heap/spaces.cc
diff --git a/src/heap/spaces.cc b/src/heap/spaces.cc
index
9be53e03f284018c8b8cafa6462f82712992fba4..6a0de0fe019ed7226108feee21d7b3f69722cabe
100644
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -2875,6 +2875,8 @@ AllocationResult LargeObjectSpace::AllocateRaw(int
object_size,
HeapObject* object = page->GetObject();
+ MSAN_ALLOCATED_UNINITIALIZED_MEMORY(object->address(), object_size);
+
if (Heap::ShouldZapGarbage()) {
// Make the object consistent so the heap can be verified in
OldSpaceStep.
// We only need to do this in debug builds or if verify_heap is on.
Index: src/msan.h
diff --git a/src/msan.h b/src/msan.h
index
4130d22a65211166a5ffa3514733dac425f1155c..dfcbd239e14aa1dd7c0bd08f4fe04ed6450f2fd4
100644
--- a/src/msan.h
+++ b/src/msan.h
@@ -17,8 +17,17 @@
# define MEMORY_SANITIZER
#endif
-#if defined(MEMORY_SANITIZER) && !defined(USE_SIMULATOR)
+#if defined(MEMORY_SANITIZER)
# include <sanitizer/msan_interface.h> // NOLINT
+
+// Marks a memory range as uninitialized, as if it was allocated here.
+# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s) \
+ __msan_allocated_memory((p), (s))
+#else
+# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s)
+#endif
+
+#if defined(MEMORY_SANITIZER) && !defined(USE_SIMULATOR)
// Marks a memory range as fully initialized.
# define MSAN_MEMORY_IS_INITIALIZED_IN_JIT(p, s) __msan_unpoison((p), (s))
#else
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
