Reviewers: ulan,
Message:
Please take a look, and if good, please land.
Description:
Annotate Heap::FindAllocationMemento for MemorySanitizer.
This function may intentionally, safely use uninitialized memory.
BUG=413232
[email protected]
Please review this at https://codereview.chromium.org/585643002/
SVN Base: https://chromium.googlesource.com/external/v8.git@bleeding_edge
Affected files (+11, -2 lines):
M src/heap/heap-inl.h
M src/msan.h
Index: src/heap/heap-inl.h
diff --git a/src/heap/heap-inl.h b/src/heap/heap-inl.h
index
8863777e8f557eb3c3023210f7ba311337169d46..e658224aca11190003676d9bbd2df945e1c88508
100644
--- a/src/heap/heap-inl.h
+++ b/src/heap/heap-inl.h
@@ -15,6 +15,7 @@
#include "src/heap-profiler.h"
#include "src/isolate.h"
#include "src/list-inl.h"
+#include "src/msan.h"
#include "src/objects.h"
namespace v8 {
@@ -495,7 +496,7 @@ void Heap::ScavengePointer(HeapObject** p) {
ScavengeObject(p, *p); }
AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) {
// Check if there is potentially a memento behind the object. If
- // the last word of the momento is on another page we return
+ // the last word of the memento is on another page we return
// immediately.
Address object_address = object->address();
Address memento_address = object_address + object->Size();
@@ -505,7 +506,12 @@ AllocationMemento*
Heap::FindAllocationMemento(HeapObject* object) {
}
HeapObject* candidate = HeapObject::FromAddress(memento_address);
- if (candidate->map() != allocation_memento_map()) return NULL;
+ Map* candidate_map = candidate->map();
+ // This fast check may peek at an uninitialized word. However, the slow
check
+ // below (memento_address == top) ensures that this is safe. Mark the
word as
+ // initialized to silence MemorySanitizer warnings.
+ MSAN_MEMORY_IS_INITIALIZED(&candidate_map, sizeof(candidate_map));
+ if (candidate_map != allocation_memento_map()) return NULL;
// Either the object is the last object in the new space, or there is
another
// object of at least word size (the header map word) following it, so
Index: src/msan.h
diff --git a/src/msan.h b/src/msan.h
index
c9be8643aebd81bcf375a98d2856b57d6bb58675..f099595e54f99775e81a0a62d29d4e6c6ad53e15
100644
--- a/src/msan.h
+++ b/src/msan.h
@@ -23,8 +23,11 @@
// Marks a memory range as uninitialized, as if it was allocated here.
# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s) \
__msan_allocated_memory((p), (s))
+// Marks a memory range as initialized.
+#define MSAN_MEMORY_IS_INITIALIZED(p, s) __msan_unpoison((p), (s))
#else
# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s)
+#define MSAN_MEMORY_IS_INITIALIZED(p, s)
#endif
#endif // V8_MSAN_H_
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
