Bug 1590484 [wpt PR 19830] - Fix flakiness of web-animation/interfaces/Animation...
[gecko.git] / mfbt / Poison.cpp
blobf490856a3155d6a2a49c14f6fb0addea5d328c95
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /*
8 * A poison value that can be used to fill a memory space with
9 * an address that leads to a safe crash when dereferenced.
12 #include "mozilla/Poison.h"
14 #include "mozilla/Assertions.h"
15 #ifdef _WIN32
16 # include <windows.h>
17 #elif !defined(__OS2__)
18 # include <unistd.h>
19 # include <sys/mman.h>
20 # ifndef MAP_ANON
21 # ifdef MAP_ANONYMOUS
22 # define MAP_ANON MAP_ANONYMOUS
23 # else
24 # error "Don't know how to get anonymous memory"
25 # endif
26 # endif
27 #endif
29 extern "C" {
30 uintptr_t gMozillaPoisonValue;
31 uintptr_t gMozillaPoisonBase;
32 uintptr_t gMozillaPoisonSize;
35 // Freed memory is filled with a poison value, which we arrange to
36 // form a pointer either to an always-unmapped region of the address
37 // space, or to a page that has been reserved and rendered
38 // inaccessible via OS primitives. See tests/TestPoisonArea.cpp for
39 // extensive discussion of the requirements for this page. The code
40 // from here to 'class FreeList' needs to be kept in sync with that
41 // file.
43 #ifdef _WIN32
44 static void* ReserveRegion(uintptr_t aRegion, uintptr_t aSize) {
45 return VirtualAlloc((void*)aRegion, aSize, MEM_RESERVE, PAGE_NOACCESS);
48 static void ReleaseRegion(void* aRegion, uintptr_t aSize) {
49 VirtualFree(aRegion, aSize, MEM_RELEASE);
52 static bool ProbeRegion(uintptr_t aRegion, uintptr_t aSize) {
53 SYSTEM_INFO sinfo;
54 GetSystemInfo(&sinfo);
55 if (aRegion >= (uintptr_t)sinfo.lpMaximumApplicationAddress &&
56 aRegion + aSize >= (uintptr_t)sinfo.lpMaximumApplicationAddress) {
57 return true;
58 } else {
59 return false;
63 static uintptr_t GetDesiredRegionSize() {
64 SYSTEM_INFO sinfo;
65 GetSystemInfo(&sinfo);
66 return sinfo.dwAllocationGranularity;
69 # define RESERVE_FAILED 0
71 #elif defined(__OS2__)
72 static void* ReserveRegion(uintptr_t aRegion, uintptr_t aSize) {
73 // OS/2 doesn't support allocation at an arbitrary address,
74 // so return an address that is known to be invalid.
75 return (void*)0xFFFD0000;
78 static void ReleaseRegion(void* aRegion, uintptr_t aSize) { return; }
80 static bool ProbeRegion(uintptr_t aRegion, uintptr_t aSize) {
81 // There's no reliable way to probe an address in the system
82 // arena other than by touching it and seeing if a trap occurs.
83 return false;
86 static uintptr_t GetDesiredRegionSize() {
87 // Page size is fixed at 4k.
88 return 0x1000;
91 # define RESERVE_FAILED 0
93 #else // Unix
95 # include "mozilla/TaggedAnonymousMemory.h"
97 static void* ReserveRegion(uintptr_t aRegion, uintptr_t aSize) {
98 return MozTaggedAnonymousMmap(reinterpret_cast<void*>(aRegion), aSize,
99 PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0,
100 "poison");
103 static void ReleaseRegion(void* aRegion, uintptr_t aSize) {
104 munmap(aRegion, aSize);
107 static bool ProbeRegion(uintptr_t aRegion, uintptr_t aSize) {
108 # ifdef XP_SOLARIS
109 if (posix_madvise(reinterpret_cast<void*>(aRegion), aSize,
110 POSIX_MADV_NORMAL)) {
111 # else
112 if (madvise(reinterpret_cast<void*>(aRegion), aSize, MADV_NORMAL)) {
113 # endif
114 return true;
115 } else {
116 return false;
120 static uintptr_t GetDesiredRegionSize() { return sysconf(_SC_PAGESIZE); }
122 # define RESERVE_FAILED MAP_FAILED
124 #endif // system dependencies
126 static_assert(sizeof(uintptr_t) == 4 || sizeof(uintptr_t) == 8, "");
127 static_assert(sizeof(uintptr_t) == sizeof(void*), "");
129 static uintptr_t ReservePoisonArea(uintptr_t rgnsize) {
130 if (sizeof(uintptr_t) == 8) {
131 // Use the hardware-inaccessible region.
132 // We have to avoid 64-bit constants and shifts by 32 bits, since this
133 // code is compiled in 32-bit mode, although it is never executed there.
134 return (((uintptr_t(0x7FFFFFFFu) << 31) << 1 | uintptr_t(0xF0DEAFFFu)) &
135 ~(rgnsize - 1));
138 // First see if we can allocate the preferred poison address from the OS.
139 uintptr_t candidate = (0xF0DEAFFF & ~(rgnsize - 1));
140 void* result = ReserveRegion(candidate, rgnsize);
141 if (result == (void*)candidate) {
142 // success - inaccessible page allocated
143 return candidate;
146 // That didn't work, so see if the preferred address is within a range
147 // of permanently inacessible memory.
148 if (ProbeRegion(candidate, rgnsize)) {
149 // success - selected page cannot be usable memory
150 if (result != RESERVE_FAILED) {
151 ReleaseRegion(result, rgnsize);
153 return candidate;
156 // The preferred address is already in use. Did the OS give us a
157 // consolation prize?
158 if (result != RESERVE_FAILED) {
159 return uintptr_t(result);
162 // It didn't, so try to allocate again, without any constraint on
163 // the address.
164 result = ReserveRegion(0, rgnsize);
165 if (result != RESERVE_FAILED) {
166 return uintptr_t(result);
169 MOZ_CRASH("no usable poison region identified");
172 void mozPoisonValueInit() {
173 gMozillaPoisonSize = GetDesiredRegionSize();
174 gMozillaPoisonBase = ReservePoisonArea(gMozillaPoisonSize);
176 if (gMozillaPoisonSize == 0) { // can't happen
177 return;
179 gMozillaPoisonValue = gMozillaPoisonBase + gMozillaPoisonSize / 2 - 1;