MSan: mark any memory allocated from the JS heap as uninitialized.

BUG=chromium:403409,chromium:178409 R=jkummerow@chromium.org LOG=N Review URL: https://codereview.chromium.org/480763003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

MSan: mark any memory allocated from the JS heap as uninitialized.
BUG=chromium:403409,chromium:178409 R=jkummerow@chromium.org LOG=N Review URL: https://codereview.chromium.org/480763003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
c360d8d1 · commit-bot@chromium.org · ef006855 · c360d8d1 · c360d8d1 · c360d8d1
Commit c360d8d1 authored Aug 21, 2014 by commit-bot@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 1 deletion

spaces-inl.h src/heap/spaces-inl.h +5 -0

spaces.cc src/heap/spaces.cc +2 -0

msan.h src/msan.h +10 -1

No files found.
--- a/src/heap/spaces-inl.h
+++ b/src/heap/spaces-inl.h
@@ -8,6 +8,7 @@
 #include "src/heap/spaces.h"
 #include "src/heap-profiler.h"
 #include "src/isolate.h"
+#include "src/msan.h"
 #include "src/v8memory.h"

 namespace v8 {
@@ -258,6 +259,7 @@ AllocationResult PagedSpace::AllocateRaw(int size_in_bytes) {
    if (identity() == CODE_SPACE) {
      SkipList::Update(object->address(), size_in_bytes);
    }
+    MSAN_ALLOCATED_UNINITIALIZED_MEMORY(object->address(), size_in_bytes);
    return object;
  }

@@ -280,6 +282,9 @@ AllocationResult NewSpace::AllocateRaw(int size_in_bytes) {
  allocation_info_.set_top(allocation_info_.top() + size_in_bytes);
  DCHECK_SEMISPACE_ALLOCATION_INFO(allocation_info_, to_space_);

+  // The slow path above ultimately goes through AllocateRaw, so this suffices.
+  MSAN_ALLOCATED_UNINITIALIZED_MEMORY(obj->address(), size_in_bytes);
+
  return obj;
 }


--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -2881,6 +2881,8 @@ AllocationResult LargeObjectSpace::AllocateRaw(int object_size,

  HeapObject* object = page->GetObject();

+  MSAN_ALLOCATED_UNINITIALIZED_MEMORY(object->address(), object_size);
+
  if (Heap::ShouldZapGarbage()) {
    // Make the object consistent so the heap can be verified in OldSpaceStep.
    // We only need to do this in debug builds or if verify_heap is on.

--- a/src/msan.h
+++ b/src/msan.h
@@ -17,8 +17,17 @@
 # define MEMORY_SANITIZER
 #endif

-#if defined(MEMORY_SANITIZER) && !defined(USE_SIMULATOR)
+#if defined(MEMORY_SANITIZER)
 # include <sanitizer/msan_interface.h>  // NOLINT
+
+// Marks a memory range as uninitialized, as if it was allocated here.
+# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s) \
+    __msan_allocated_memory((p), (s))
+#else
+# define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s)
+#endif
+
+#if defined(MEMORY_SANITIZER) && !defined(USE_SIMULATOR)
 // Marks a memory range as fully initialized.
 # define MSAN_MEMORY_IS_INITIALIZED_IN_JIT(p, s) __msan_unpoison((p), (s))
 #else