Annotate Heap::FindAllocationMemento for MemorySanitizer.

This function may intentionally, safely use uninitialized memory. BUG=chromium:413232 LOG=N R=ulan@chromium.org Review URL: https://codereview.chromium.org/585643002 Patch from Sergey Matveev <earthdok@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24081 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Annotate Heap::FindAllocationMemento for MemorySanitizer.
This function may intentionally, safely use uninitialized memory. BUG=chromium:413232 LOG=N R=ulan@chromium.org Review URL: https://codereview.chromium.org/585643002 Patch from Sergey Matveev <earthdok@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24081 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
32258fdc · ulan@chromium.org · 4bdd165f · 32258fdc · 32258fdc
Commit 32258fdc authored Sep 19, 2014 by ulan@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 2 deletions

heap-inl.h src/heap/heap-inl.h +8 -2

msan.h src/msan.h +3 -0

No files found.
--- a/src/heap/heap-inl.h
+++ b/src/heap/heap-inl.h
@@ -15,6 +15,7 @@
 #include "src/heap-profiler.h"
 #include "src/isolate.h"
 #include "src/list-inl.h"
+#include "src/msan.h"
 #include "src/objects.h"

 namespace v8 {
@@ -495,7 +496,7 @@ void Heap::ScavengePointer(HeapObject** p) { ScavengeObject(p, *p); }

 AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) {
  // Check if there is potentially a memento behind the object. If
-  // the last word of the momento is on another page we return
+  // the last word of the memento is on another page we return
  // immediately.
  Address object_address = object->address();
  Address memento_address = object_address + object->Size();
@@ -505,7 +506,12 @@ AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) {
  }

  HeapObject* candidate = HeapObject::FromAddress(memento_address);
-  if (candidate->map() != allocation_memento_map()) return NULL;
+  Map* candidate_map = candidate->map();
+  // This fast check may peek at an uninitialized word. However, the slow check
+  // below (memento_address == top) ensures that this is safe. Mark the word as
+  // initialized to silence MemorySanitizer warnings.
+  MSAN_MEMORY_IS_INITIALIZED(&candidate_map, sizeof(candidate_map));
+  if (candidate_map != allocation_memento_map()) return NULL;

  // Either the object is the last object in the new space, or there is another
  // object of at least word size (the header map word) following it, so

--- a/src/msan.h
+++ b/src/msan.h
@@ -23,8 +23,11 @@
 // Marks a memory range as uninitialized, as if it was allocated here.
 # define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s) \
    __msan_allocated_memory((p), (s))
+// Marks a memory range as initialized.
+#define MSAN_MEMORY_IS_INITIALIZED(p, s) __msan_unpoison((p), (s))
 #else
 # define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s)
+#define MSAN_MEMORY_IS_INITIALIZED(p, s)
 #endif

 #endif  // V8_MSAN_H_