This is the coarsest grained ASAN instrumentation possible for the LibJS
heap. Future instrumentation could add red-zones to heap block
allocations, and poison the entire heap block and only un-poison used
cells at the CellAllocator level.
The ASAN_[UN]POISON_MEMORY_REGION macros can be used to manually notify
the AddressSanitizer runtime about the reachability of instrumented code
accessing a memory region. This is most useful for manually managed
heaps and arenas that do not go directly to malloc or alligned_alloc.
This adds __attribute__((used)) to the function declaration so the
compiler doesn't discard it. It also makes the function NEVER_INLINE
so that we don't end up with multiple copies of the function. This
is necessary because the function uses inline assembly to define some
unique labels.
The POSIX man-page states that inet_pton returns 0 if the input is not a
valid IPv4 dotted-decimal string or a valid IPv6 address string. This is
also how it is implemented in SerenityOS.
This means that we should treat a return value of 0 as an error to avoid
using an invalid address (or 0.0.0.0).
Previously GCC came to the conclusion that we were reading
m_outline_capacity via ByteBuffer(ByteBuffer const&) -> grow()
-> capacity() even though that could never be the case because
m_size is 0 at that point which means we have an inline buffer
and capacity() would return inline_capacity in that case without
reading m_outline_capacity.
This makes GCC inline parts of the grow() function into the
ByteBuffer copy constructor which seems sufficient for GCC to
realize that m_outline_capacity isn't actually being read.
It seems like overly-specific classes were written for no good reason.
Instead of making each adapter to have its own unique FramebufferDevice
class, let's generalize everything to keep implementation more
consistent.
The previous VERIFY() call checked that aligned_alloc() didn't return
MAP_FAILED. When out of memory aligned_alloc() returns a null pointer
so let's check for that instead.
This patch adds a BlockAllocator to the GC heap where we now cache up to
64 HeapBlock-sized mmap's that get recycled when allocating HeapBlocks.
This improves test-js runtime performance by ~35%, pretty cool! :^)
go-up.png and go-down.png don't exist (and would look silly here, with
the buttons being next to each other horizontally). Use go-back.png and
go-forward.png instead.
Just casting a void* to a T* and dereferencing it is not particularly
safe. Also UBSAN was complaining. Use memcpy into a default constructed
T instead and require that the T be trivially copyable.
Note that until UBSAN is made deadly by default in LibSanitizer, UBSAN
warnings will not fail the build.
Also remove BUILD_LAGOM=ON from the NORMAL_DEBUG build as it's
unnecessary and extends the build time for no benefit when building with
sanitizers
Take Kernel/UBSanitizer.cpp and make a copy in LibSanitizer.
We can use LibSanitizer to hold other sanitizers as people implement
them :^).
To enable UBSAN for LibC, DynamicLoader, and other low level system
libraries, LibUBSanitizer is built as a serenity_libc, and has a static
version for LibCStatic to use. The approach is the same as that taken in
Note that this means now UBSAN is enabled for code generators, Lagom,
Kernel, and Userspace with -DENABLE_UNDEFINED_SANTIZER=ON. In userspace
however, UBSAN is not deadly (yet).
Co-authored-by: ForLoveOfCats <ForLoveOfCats@vivaldi.net>
The round trip compress test wants the first half of the byte buffer to
be filled with random data, and the second half to be all zeroes. The
strategy of using memset on ByteBuffer::offset_pointer confuses
__builtin_memset_chk when building with -fsanitize=undefined. It thinks
that the buffer is using inline capacity when we can prove to ourselves
pretty easily that it's not. To avoid this, just create the buffer
zeroed to start, and then fill the first half with the random data.
This allows multiply different kinds of interpreters to be used by the
runtime; currently a BytecodeInterpreter and a
DebuggerBytecodeInterpreter is provided.
This should make it easier to implement multiple types of interpreters
on top of a configuration, and also give a small speed boost in not
initialising as many Stack objects.
Doing that was causing a lot of malloc/free traffic, but since there's
no need to have a stable pointer to them, we can just store them by
value.
This makes execution significantly faster :^)
