Commit 32258fdc authored by ulan@chromium.org's avatar ulan@chromium.org

Annotate Heap::FindAllocationMemento for MemorySanitizer.

This function may intentionally, safely use uninitialized memory.

BUG=chromium:413232
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/585643002

Patch from Sergey Matveev <earthdok@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24081 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 4bdd165f
...@@ -15,6 +15,7 @@ ...@@ -15,6 +15,7 @@
#include "src/heap-profiler.h" #include "src/heap-profiler.h"
#include "src/isolate.h" #include "src/isolate.h"
#include "src/list-inl.h" #include "src/list-inl.h"
#include "src/msan.h"
#include "src/objects.h" #include "src/objects.h"
namespace v8 { namespace v8 {
...@@ -495,7 +496,7 @@ void Heap::ScavengePointer(HeapObject** p) { ScavengeObject(p, *p); } ...@@ -495,7 +496,7 @@ void Heap::ScavengePointer(HeapObject** p) { ScavengeObject(p, *p); }
AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) { AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) {
// Check if there is potentially a memento behind the object. If // Check if there is potentially a memento behind the object. If
// the last word of the momento is on another page we return // the last word of the memento is on another page we return
// immediately. // immediately.
Address object_address = object->address(); Address object_address = object->address();
Address memento_address = object_address + object->Size(); Address memento_address = object_address + object->Size();
...@@ -505,7 +506,12 @@ AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) { ...@@ -505,7 +506,12 @@ AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) {
} }
HeapObject* candidate = HeapObject::FromAddress(memento_address); HeapObject* candidate = HeapObject::FromAddress(memento_address);
if (candidate->map() != allocation_memento_map()) return NULL; Map* candidate_map = candidate->map();
// This fast check may peek at an uninitialized word. However, the slow check
// below (memento_address == top) ensures that this is safe. Mark the word as
// initialized to silence MemorySanitizer warnings.
MSAN_MEMORY_IS_INITIALIZED(&candidate_map, sizeof(candidate_map));
if (candidate_map != allocation_memento_map()) return NULL;
// Either the object is the last object in the new space, or there is another // Either the object is the last object in the new space, or there is another
// object of at least word size (the header map word) following it, so // object of at least word size (the header map word) following it, so
......
...@@ -23,8 +23,11 @@ ...@@ -23,8 +23,11 @@
// Marks a memory range as uninitialized, as if it was allocated here. // Marks a memory range as uninitialized, as if it was allocated here.
# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s) \ # define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s) \
__msan_allocated_memory((p), (s)) __msan_allocated_memory((p), (s))
// Marks a memory range as initialized.
#define MSAN_MEMORY_IS_INITIALIZED(p, s) __msan_unpoison((p), (s))
#else #else
# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s) # define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s)
#define MSAN_MEMORY_IS_INITIALIZED(p, s)
#endif #endif
#endif // V8_MSAN_H_ #endif // V8_MSAN_H_
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment