From 32258fdcbb2559f61567a52dc64dca203b1449d2 Mon Sep 17 00:00:00 2001
From: "ulan@chromium.org" <ulan@chromium.org>
Date: Fri, 19 Sep 2014 11:32:17 +0000
Subject: [PATCH] Annotate Heap::FindAllocationMemento for MemorySanitizer.

This function may intentionally, safely use uninitialized memory.

BUG=chromium:413232
LOG=N
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/585643002

Patch from Sergey Matveev <earthdok@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24081 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/heap/heap-inl.h | 10 ++++++++--
 src/msan.h          |  3 +++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/heap/heap-inl.h b/src/heap/heap-inl.h
index 8863777..e658224 100644
--- a/src/heap/heap-inl.h
+++ b/src/heap/heap-inl.h
@@ -15,6 +15,7 @@
 #include "src/heap-profiler.h"
 #include "src/isolate.h"
 #include "src/list-inl.h"
+#include "src/msan.h"
 #include "src/objects.h"
 
 namespace v8 {
@@ -495,7 +496,7 @@ void Heap::ScavengePointer(HeapObject** p) { ScavengeObject(p, *p); }
 
 AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) {
   // Check if there is potentially a memento behind the object. If
-  // the last word of the momento is on another page we return
+  // the last word of the memento is on another page we return
   // immediately.
   Address object_address = object->address();
   Address memento_address = object_address + object->Size();
@@ -505,7 +506,12 @@ AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) {
   }
 
   HeapObject* candidate = HeapObject::FromAddress(memento_address);
-  if (candidate->map() != allocation_memento_map()) return NULL;
+  Map* candidate_map = candidate->map();
+  // This fast check may peek at an uninitialized word. However, the slow check
+  // below (memento_address == top) ensures that this is safe. Mark the word as
+  // initialized to silence MemorySanitizer warnings.
+  MSAN_MEMORY_IS_INITIALIZED(&candidate_map, sizeof(candidate_map));
+  if (candidate_map != allocation_memento_map()) return NULL;
 
   // Either the object is the last object in the new space, or there is another
   // object of at least word size (the header map word) following it, so
diff --git a/src/msan.h b/src/msan.h
index c9be864..f099595 100644
--- a/src/msan.h
+++ b/src/msan.h
@@ -23,8 +23,11 @@
 // Marks a memory range as uninitialized, as if it was allocated here.
 # define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s) \
     __msan_allocated_memory((p), (s))
+// Marks a memory range as initialized.
+#define MSAN_MEMORY_IS_INITIALIZED(p, s) __msan_unpoison((p), (s))
 #else
 # define MSAN_ALLOCATED_UNINITIALIZED_MEMORY(p, s)
+#define MSAN_MEMORY_IS_INITIALIZED(p, s)
 #endif
 
 #endif  // V8_MSAN_H_
-- 
2.7.4