Revision: 23268
Author: [email protected]
Date: Thu Aug 21 09:35:59 2014 UTC
Log: MSan: mark any memory allocated from the JS heap as uninitialized.
BUG=chromium:403409,chromium:178409
[email protected]
LOG=N
Review URL: https://codereview.chromium.org/480763003
http://code.google.com/p/v8/source/detail?r=23268
Modified:
/branches/bleeding_edge/src/heap/spaces-inl.h
/branches/bleeding_edge/src/heap/spaces.cc
/branches/bleeding_edge/src/msan.h
=======================================
--- /branches/bleeding_edge/src/heap/spaces-inl.h Tue Aug 5 08:18:22 2014
UTC
+++ /branches/bleeding_edge/src/heap/spaces-inl.h Thu Aug 21 09:35:59 2014
UTC
@@ -8,6 +8,7 @@
#include "src/heap/spaces.h"
#include "src/heap-profiler.h"
#include "src/isolate.h"
+#include "src/msan.h"
#include "src/v8memory.h"
namespace v8 {
@@ -258,6 +259,7 @@
if (identity() == CODE_SPACE) {
SkipList::Update(object->address(), size_in_bytes);
}
+ MSAN_ALLOCATED_UNINITIALIZED_MEMORY(object->address(), size_in_bytes);
return object;
}
@@ -280,6 +282,9 @@
allocation_info_.set_top(allocation_info_.top() + size_in_bytes);
DCHECK_SEMISPACE_ALLOCATION_INFO(allocation_info_, to_space_);
+ // The slow path above ultimately goes through AllocateRaw, so this
suffices.
+ MSAN_ALLOCATED_UNINITIALIZED_MEMORY(obj->address(), size_in_bytes);
+
return obj;
}
=======================================
--- /branches/bleeding_edge/src/heap/spaces.cc Wed Aug 20 15:37:43 2014 UTC
+++ /branches/bleeding_edge/src/heap/spaces.cc Thu Aug 21 09:35:59 2014 UTC
@@ -2881,6 +2881,8 @@
HeapObject* object = page->GetObject();
+ MSAN_ALLOCATED_UNINITIALIZED_MEMORY(object->address(), object_size);
+
if (Heap::ShouldZapGarbage()) {
// Make the object consistent so the heap can be verified in
OldSpaceStep.
// We only need to do this in debug builds or if verify_heap is on.
=======================================
--- /branches/bleeding_edge/src/msan.h Tue Jun 3 08:12:43 2014 UTC
+++ /branches/bleeding_edge/src/msan.h Thu Aug 21 09:35:59 2014 UTC
@@ -17,8 +17,17 @@
# define MEMORY_SANITIZER
#endif
+#if defined(MEMORY_SANITIZER)
+# include <sanitizer/msan_interface.h> // NOLINT
+
+// Marks a memory range as uninitialized, as if it was allocated here.
+# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s) \
+ __msan_allocated_memory((p), (s))
+#else
+# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s)
+#endif
+
#if defined(MEMORY_SANITIZER) && !defined(USE_SIMULATOR)
-# include <sanitizer/msan_interface.h> // NOLINT
// Marks a memory range as fully initialized.
# define MSAN_MEMORY_IS_INITIALIZED_IN_JIT(p, s) __msan_unpoison((p), (s))
#else
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
