Context Navigation

← Previous Change
Next Change →

FastMalloc.cpp

Timestamp:

Aug 15, 2008, 11:53:44 PM (17 years ago)

Author:

Message:

<rdar://problem/6143072> FastMallocZone's enumeration code makes assumptions about handling of remote memory regions that overlap

Reviewed by Oliver Hunt.

wtf/FastMalloc.cpp:

(WTF::TCMalloc_Central_FreeList::enumerateFreeObjects): Don't directly compare pointers mapped into the local process with
a pointer that has not been mapped. Instead, calculate a local address for the pointer and compare with that.
(WTF::TCMallocStats::FreeObjectFinder::findFreeObjects): Pass in the remote address of the central free list so that it can
be used when calculating local addresses.
(WTF::TCMallocStats::FastMallocZone::enumerate): Ditto.

File:

: 1 edited

trunk/JavaScriptCore/wtf/FastMalloc.cpp (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/wtf/FastMalloc.cpp

-              r35691
+              r35803
 #ifdef WTF_CHANGES
   template <class Finder, class Reader>
   void enumerateFreeObjects(Finder& finder, const Reader& reader)
+  void enumerateFreeObjects(Finder& finder, const Reader& reader, TCMalloc_Central_FreeList* remoteCentralFreeList)
+  {
     for (Span* span = &empty_; span && span != &empty_; span = (span->next ? reader(span->next) : 0))
 …
     ASSERT(!nonempty_.objects);
+    for (Span* span = reader(nonempty_.next); span && span != &nonempty_; span = (span->next ? reader(span->next) : 0)) {
+    static const ptrdiff_t nonemptyOffset = reinterpret_cast<const char*>(&nonempty_) - reinterpret_cast<const char*>(this);
+    Span* remoteNonempty = reinterpret_cast<Span*>(reinterpret_cast<char*>(remoteCentralFreeList) + nonemptyOffset);
+    Span* remoteSpan = nonempty_.next;
+    for (Span* span = reader(remoteSpan); span && remoteSpan != remoteNonempty; remoteSpan = span->next, span = (span->next ? reader(span->next) : 0)) {
       for (void* nextObject = span->objects; nextObject; nextObject = *reader(reinterpret_cast<void**>(nextObject)))
         finder.visit(nextObject);
 …
+    }
     void findFreeObjects(TCMalloc_Central_FreeListPadded* centralFreeList, size_t numSizes)
+    void findFreeObjects(TCMalloc_Central_FreeListPadded* centralFreeList, size_t numSizes, TCMalloc_Central_FreeListPadded* remoteCentralFreeList)
+    {
         for (unsigned i = 0; i < numSizes; i++)
             centralFreeList[i].enumerateFreeObjects(*this, m_reader);
+            centralFreeList[i].enumerateFreeObjects(*this, m_reader, remoteCentralFreeList + i);
+    }
 };
 …
     FreeObjectFinder finder(memoryReader);
     finder.findFreeObjects(threadHeaps);
     finder.findFreeObjects(centralCaches, kNumClasses);
+    finder.findFreeObjects(centralCaches, kNumClasses, mzone->m_centralCaches);
     TCMalloc_PageHeap::PageMap* pageMap = &pageHeap->pagemap_;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 35803 in webkit for trunk/JavaScriptCore/wtf/FastMalloc.cpp

Legend:

trunk/JavaScriptCore/wtf/FastMalloc.cpp

Download in other formats: