[msan] Treat more memory uninitialized

After closing a handle scope, and when allocating a new segment in a
zone, treat that memory as uninitialized in MSan. This will hopefully
catch more errors than handle zapping, which needs to be enabled
explicitly.

R=ahaas@chromium.org

Bug: v8:7570
Change-Id: Ie3be07434bed878fb607a522787514421f397197
Reviewed-on: https://chromium-review.googlesource.com/1046657
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53089}

src/handles-inl.h

@@ -7,6 +7,7 @@
 
 #include "src/handles.h"
 #include "src/isolate.h"
+#include "src/msan.h"
 #include "src/objects-inl.h"
 
 namespace v8 {
@@ -68,15 +69,17 @@ void HandleScope::CloseScope(Isolate* isolate,
 
   std::swap(current->next, prev_next);
   current->level--;
+  Object** limit = prev_next;
   if (current->limit != prev_limit) {
     current->limit = prev_limit;
+    limit = prev_limit;
     DeleteExtensions(isolate);
+  }
 #ifdef ENABLE_HANDLE_ZAPPING
-    ZapRange(current->next, prev_limit);
-  } else {
-    ZapRange(current->next, prev_next);
+  ZapRange(current->next, limit);
 #endif
-  }
+  MSAN_ALLOCATED_UNINITIALIZED_MEMORY(
+      current->next, static_cast<size_t>(limit - current->next));
 }
 
 

src/zone/zone-segment.cc

@@ -4,6 +4,8 @@
 
 #include "src/zone/zone-segment.h"
 
+#include "src/msan.h"
+
 namespace v8 {
 namespace internal {
 
@@ -11,12 +13,14 @@ void Segment::ZapContents() {
 #ifdef DEBUG
   memset(reinterpret_cast<void*>(start()), kZapDeadByte, capacity());
 #endif
+  MSAN_ALLOCATED_UNINITIALIZED_MEMORY(start(), capacity());
 }
 
 void Segment::ZapHeader() {
 #ifdef DEBUG
   memset(this, kZapDeadByte, sizeof(Segment));
 #endif
+  MSAN_ALLOCATED_UNINITIALIZED_MEMORY(start(), sizeof(Segment));
 }
 
 }  // namespace internal