LibJS: Add some basic freelist validation for the GC heap

When using the freelist, we now validate that the entries are actual cell pointers within the current HeapBlock.
2025-05-31 19:58:11 +00:00 · 2021-02-13 00:17:28 +01:00 · 2021-02-13 00:17:28 +01:00 · e1dbf74f15
commit e1dbf74f15
parent 46e5890152
2 changed files with 8 additions and 0 deletions
--- a/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
+++ b/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
@ -75,6 +75,8 @@ HeapBlock::HeapBlock(Heap& heap, size_t cell_size)

 void HeapBlock::deallocate(Cell* cell)
 {
+    ASSERT(is_valid_cell_pointer(cell));
+    ASSERT(!m_freelist || is_valid_cell_pointer(m_freelist));
    ASSERT(cell->is_live());
    ASSERT(!cell->is_marked());
    cell->~Cell();
--- a/Userland/Libraries/LibJS/Heap/HeapBlock.h
+++ b/Userland/Libraries/LibJS/Heap/HeapBlock.h
@ -51,6 +51,7 @@ public:
    {
        if (!m_freelist)
            return nullptr;
+        ASSERT(is_valid_cell_pointer(m_freelist));
        return exchange(m_freelist, m_freelist->next);
    }

@ -80,6 +81,11 @@ public:
        return cell(cell_index);
    }

+    bool is_valid_cell_pointer(const Cell* cell)
+    {
+        return cell_from_possible_pointer((FlatPtr)cell);
+    }
+
    IntrusiveListNode m_list_node;

 private: