[heap] Verify that newly allocated MemoryChunks are pre-initialzed with 0.

Bug: chromium:829771 Change-Id: I78eab59fded3f41c93ecb3d5d8a30e1bddc4576e Reviewed-on: https://chromium-review.googlesource.com/1039747Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52925}

[heap] Verify that newly allocated MemoryChunks are pre-initialzed with 0.
Bug: chromium:829771 Change-Id: I78eab59fded3f41c93ecb3d5d8a30e1bddc4576e Reviewed-on: https://chromium-review.googlesource.com/1039747Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52925}
77aba17a · Hannes Payer · Commit Bot · 996fe2d2 · 77aba17a · 77aba17a
Commit 77aba17a authored May 02, 2018 by Hannes Payer Committed by Commit Bot May 02, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 0 deletions

spaces.cc src/heap/spaces.cc +13 -0

spaces.h src/heap/spaces.h +3 -0

No files found.
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -883,6 +883,9 @@ MemoryChunk* MemoryAllocator::AllocateChunk(size_t reserve_area_size,
      size_executable_.Increment(reservation.size());
    }

+    VerifyCleared(base, CodePageGuardStartOffset());
+    VerifyCleared(base + CodePageAreaStartOffset(), commit_area_size);
+
    if (Heap::ShouldZapGarbage()) {
      ZapBlock(base, CodePageGuardStartOffset());
      ZapBlock(base + CodePageAreaStartOffset(), commit_area_size);
@@ -902,6 +905,8 @@ MemoryChunk* MemoryAllocator::AllocateChunk(size_t reserve_area_size,

    if (base == kNullAddress) return nullptr;

+    VerifyCleared(base, Page::kObjectStartOffset + commit_area_size);
+
    if (Heap::ShouldZapGarbage()) {
      ZapBlock(base, Page::kObjectStartOffset + commit_area_size);
    }
@@ -1216,6 +1221,14 @@ void MemoryAllocator::ZapBlock(Address start, size_t size) {
  }
 }

+void MemoryAllocator::VerifyCleared(Address start, size_t size) {
+#ifdef VERIFY_HEAP
+  for (size_t i = 0; i < size / kPointerSize; i++) {
+    CHECK_EQ(reinterpret_cast<uintptr_t*>(start)[i], kClearedFreeMemoryValue);
+  }
+#endif  // VERIFY_HEAP
+}
+
 size_t MemoryAllocator::CodePageGuardStartOffset() {
  // We are guarding code pages: the first OS page after the header
  // will be protected as non-writable.

--- a/src/heap/spaces.h
+++ b/src/heap/spaces.h
@@ -1393,6 +1393,9 @@ class V8_EXPORT_PRIVATE MemoryAllocator {
  // filling it up with a recognizable non-nullptr bit pattern.
  void ZapBlock(Address start, size_t size);

+  // Checks if the memory [start..(start+size)[ is initialized with 0.
+  void VerifyCleared(Address start, size_t size);
+
  V8_WARN_UNUSED_RESULT bool CommitExecutableMemory(VirtualMemory* vm,
                                                    Address start,
                                                    size_t commit_size,