Revert "[zone] Teach ASan about the zone segment pool"

This reverts commit b2f8280e. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/25509 Original change's description: > [zone] Teach ASan about the zone segment pool > > This adds proper poisoning/unpoisoning to segments put into the segment > pool of an accounting allocator, and also marks a segment uninitialized > when returning it from the pool. This gives ASan a better chance at > catching use-after-free and others. > > Drive-by: Fix type check in ASAN_POISON_MEMORY_REGION > > R=mstarzinger@chromium.org > > Change-Id: Iadbdd7c0a0c80da8e7b9bb8f3399209715436073 > Reviewed-on: https://chromium-review.googlesource.com/c/1489086 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59932} TBR=mstarzinger@chromium.org,clemensh@chromium.org Change-Id: Iacf322d04822382ea8e1f5abe1d5e72758adc399 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/1493055Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#59934}

Revert "[zone] Teach ASan about the zone segment pool"
This reverts commit b2f8280e. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/25509 Original change's description: > [zone] Teach ASan about the zone segment pool > > This adds proper poisoning/unpoisoning to segments put into the segment > pool of an accounting allocator, and also marks a segment uninitialized > when returning it from the pool. This gives ASan a better chance at > catching use-after-free and others. > > Drive-by: Fix type check in ASAN_POISON_MEMORY_REGION > > R=mstarzinger@chromium.org > > Change-Id: Iadbdd7c0a0c80da8e7b9bb8f3399209715436073 > Reviewed-on: https://chromium-review.googlesource.com/c/1489086 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59932} TBR=mstarzinger@chromium.org,clemensh@chromium.org Change-Id: Iacf322d04822382ea8e1f5abe1d5e72758adc399 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/1493055Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#59934}
ca5a4ed9 · Michael Achenbach · Commit Bot · cce33f37 · ca5a4ed9 · ca5a4ed9
Commit ca5a4ed9 authored Feb 28, 2019 by Michael Achenbach Committed by Commit Bot Feb 28, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 22 deletions

asan.h src/asan.h +6 -4

accounting-allocator.cc src/zone/accounting-allocator.cc +10 -18

No files found.
--- a/src/asan.h
+++ b/src/asan.h
@@ -16,10 +16,12 @@

 #else  // !V8_USE_ADDRESS_SANITIZER

-#define ASAN_POISON_MEMORY_REGION(start, size)                          \
-  static_assert(std::is_pointer<decltype(start)>::value &&              \
-                    std::is_convertible<decltype(size), size_t>::value, \
-                "static type violation")
+#define ASAN_POISON_MEMORY_REGION(start, size)                         \
+  static_assert(                                                       \
+      (std::is_pointer<decltype(start)>::value ||                      \
+       std::is_same<v8::internal::Address, decltype(start)>::value) && \
+          std::is_convertible<decltype(size), size_t>::value,          \
+      "static type violation")
 #define ASAN_UNPOISON_MEMORY_REGION(start, size) \
  ASAN_POISON_MEMORY_REGION(start, size)


--- a/src/zone/accounting-allocator.cc
+++ b/src/zone/accounting-allocator.cc
@@ -11,8 +11,6 @@
 #endif

 #include "src/allocation.h"
-#include "src/asan.h"
-#include "src/msan.h"

 namespace v8 {
 namespace internal {
@@ -126,24 +124,23 @@ Segment* AccountingAllocator::GetSegmentFromPool(size_t requested_size) {
  power -= kMinSegmentSizePower;

  Segment* segment;
-
  {
    base::MutexGuard lock_guard(&unused_segments_mutex_);

    segment = unused_segments_heads_[power];
-    if (segment == nullptr) return nullptr;

-    unused_segments_heads_[power] = segment->next();
-    segment->set_next(nullptr);
+    if (segment != nullptr) {
+      unused_segments_heads_[power] = segment->next();
+      segment->set_next(nullptr);

-    unused_segments_sizes_[power]--;
+      unused_segments_sizes_[power]--;
+      current_pool_size_.fetch_sub(segment->size(), std::memory_order_relaxed);
+    }
  }

-  current_pool_size_.fetch_sub(segment->size(), std::memory_order_relaxed);
-  ASAN_UNPOISON_MEMORY_REGION(reinterpret_cast<void*>(segment->start()),
-                              segment->size());
-  MSAN_ALLOCATED_UNINITIALIZED_MEMORY(segment->start(), segment->size());
-  DCHECK_GE(segment->size(), requested_size);
+  if (segment) {
+    DCHECK_GE(segment->size(), requested_size);
+  }
  return segment;
 }

@@ -170,15 +167,10 @@ bool AccountingAllocator::AddSegmentToPool(Segment* segment) {

    segment->set_next(unused_segments_heads_[power]);
    unused_segments_heads_[power] = segment;
+    current_pool_size_.fetch_add(size, std::memory_order_relaxed);
    unused_segments_sizes_[power]++;
-    // Poisoning needs to happen while still holding the mutex to guarantee that
-    // it happens before the segment is taken from the pool again.
-    ASAN_POISON_MEMORY_REGION(reinterpret_cast<void*>(segment->start()),
-                              segment->size());
  }

-  current_pool_size_.fetch_add(size, std::memory_order_relaxed);
-
  return true;
 }