[oilpan]: Explicitly unpoison the header when marking or checking if marked in ASAN.

Now that we are using atomics to read/write the mark bit we cannot rely on NO_SANITIZE_ADDRESS since it doesn't propagate to called methods (in this case acquireLoad/releaseStore). We don't want to add NO_SANITIZE_ADDRESS to acquireLoad/releaseStore so instead we explicitly unpoison/poison the header. R=ager@chromium.org, haraken@chromium.org, oilpan-reviews@chromium.org, zerny@chromium.org BUG= Review URL: https://codereview.chromium.org/544043003 git-svn-id: svn://svn.chromium.org/blink/trunk@181470 bbb929c8-8fbe-4397-9dbb-9b2b20218538

[oilpan]: Explicitly unpoison the header when marking or checking if marked in ASAN.
Now that we are using atomics to read/write the mark bit we cannot rely on NO_SANITIZE_ADDRESS since it doesn't propagate to called methods (in this case acquireLoad/releaseStore). We don't want to add NO_SANITIZE_ADDRESS to acquireLoad/releaseStore so instead we explicitly unpoison/poison the header. R=ager@chromium.org, haraken@chromium.org, oilpan-reviews@chromium.org, zerny@chromium.org BUG= Review URL: https://codereview.chromium.org/544043003 git-svn-id: svn://svn.chromium.org/blink/trunk@181470 bbb929c8-8fbe-4397-9dbb-9b2b20218538
214137a8 · wibling@chromium.org · 60742be4 · 214137a8 · 214137a8
Commit 214137a8 authored Sep 05, 2014 by wibling@chromium.org
Showing with 8 additions and 2 deletions

third_party/WebKit/Source/platform/heap/Heap.cpp third_party/WebKit/Source/platform/heap/Heap.cpp +4 -1

third_party/WebKit/Source/platform/heap/Heap.h third_party/WebKit/Source/platform/heap/Heap.h +4 -1

No files found.
--- a/third_party/WebKit/Source/platform/heap/Heap.cpp
+++ b/third_party/WebKit/Source/platform/heap/Heap.cpp
@@ -412,11 +412,14 @@ private:
    bool m_parkedAllThreads; // False if we fail to park all threads
 };
-NO_SANITIZE_ADDRESS
 bool HeapObjectHeader::isMarked() const
 {
    checkHeader();
+    // We need to unpoison/poison the header on ASAN since
+    // acquireLoad doesn't have the NO_SANITIZE_ADDRESS flag.
+    ASAN_UNPOISON_MEMORY_REGION(this, sizeof(this));
    unsigned size = acquireLoad(&m_size);
+    ASAN_POISON_MEMORY_REGION(this, sizeof(this));
    return size & markBitMask;
 }

--- a/third_party/WebKit/Source/platform/heap/Heap.h
+++ b/third_party/WebKit/Source/platform/heap/Heap.h
@@ -1497,7 +1497,6 @@ Address HeapObjectHeader::payloadEnd()
    return reinterpret_cast<Address>(this) + size();
 }
-NO_SANITIZE_ADDRESS
 void HeapObjectHeader::mark()
 {
    checkHeader();
@@ -1506,8 +1505,12 @@ void HeapObjectHeader::mark()
    // Multiple threads can still read the old value and all store the
    // new value. However, the new value will be the same for all of
    // the threads and the end result is therefore consistent.
+    // We need to unpoison/poison the header on ASAN since
+    // acquireLoad/releaseStore don't have the NO_SANITIZE_ADDRESS flag.
+    ASAN_UNPOISON_MEMORY_REGION(this, sizeof(this));
    unsigned size = acquireLoad(&m_size);
    releaseStore(&m_size, size | markBitMask);
+    ASAN_POISON_MEMORY_REGION(this, sizeof(this));
 }
 Address FinalizedHeapObjectHeader::payload()