1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-24 23:02:06 +00:00
Commit graph

18 commits

Author SHA1 Message Date
Andreas Kling
ee3d09f225 LibJS: Show class in SerenityOS mmap name for type-specific allocators 2023-12-31 15:35:56 +01:00
Andreas Kling
b6d4eea7ac LibJS: Never give back virtual memory once it belongs to a cell type
Instead of returning HeapBlock memory to the kernel (or a non-type
specific shared cache), we now keep a BlockAllocator per CellAllocator
and implement "deallocation" by basically informing the kernel that we
don't need the physical memory right now.

This is done with MADV_FREE or MADV_DONTNEED if available, but for other
platforms (including SerenityOS) we munmap and then re-mmap the memory
to achieve the same effect. It's definitely clunky, so I've added a
FIXME about implementing the madvise options on SerenityOS too.

The important outcome of this change is that GC types that use a
type-specific allocator become immune to use-after-free type confusion
attacks, since their virtual addresses will only ever be re-used for
the same exact type again and again.

Fixes #22274
2023-12-31 15:35:56 +01:00
Andreas Kling
11c968fa1f LibJS: Make Heap aware of all CellAllocators
Also add a link from HeapBlock to their owning CellAllocator.
This fixes an issue where the Heap would skip over non-size-based
cell allocators.
2023-12-23 23:02:10 +01:00
Ali Mohammad Pur
392b5c3b19 LibJS: Resolve a circular include problem between HeapBlock and Cell
Cell::heap() and Cell::vm() needed to access member functions from
HeapBlock, and wanted to be inline, so they were moved to VM.h.
That approach will no longer work with VM.h not being included in every
file (starting from the next commit), so this commit fixes that circular
import issue by introducing secondary base classes to host the
references to Heap and VM, respectively.
2023-07-11 09:38:37 +03:30
Andrew Kaster
828441852f Everywhere: Replace uses of __serenity__ with AK_OS_SERENITY
Now that we have OS macros for essentially every supported OS, let's try
to use them everywhere.
2022-10-10 12:23:12 +02:00
Andreas Kling
ca940d7240 LibJS: Fix ASAN poisoning range in new HeapBlocks
When poisoning HeapBlock::m_storage, we have to compute the storage size
by excluding the HeapBlock header.
2021-09-11 17:00:07 +02:00
Andreas Kling
b458090d14 LibJS: Don't generate unused HeapBlock names on non-SerenityOS systems
These are just ignored by the BlockAllocator anyway.
2021-06-13 19:11:29 +02:00
Andrew Kaster
6aba64b60f LibJS: Instrument HeapBlock cell allocation for ASAN
Mark the entirety of a heap block's storage poisoned at construction.
Unpoison all of a Cell's memory before allocating it, and re-poison as
much as possible on deallocation. Unfortunately, the entirety of the
FreelistEntry must be kept unpoisoned in order for reallocation to work
correctly.

Decreasing the size of FreelistEntry or adding a larger redzone to Cells
would make the instrumentation even better.
2021-05-29 17:47:29 +01:00
Andreas Kling
14585a9cba LibJS: Remove unused HeapBlock::operator delete() 2021-05-27 20:07:34 +02:00
Andreas Kling
e9081a2644 LibJS: Recycle up to 64 HeapBlocks to improve performance :^)
This patch adds a BlockAllocator to the GC heap where we now cache up to
64 HeapBlock-sized mmap's that get recycled when allocating HeapBlocks.

This improves test-js runtime performance by ~35%, pretty cool! :^)
2021-05-27 19:56:04 +02:00
Andreas Kling
789d20ebb7 LibJS: Replace Cell live bit with a cell state
So far we only have two states: Live and Dead. In the future, we can
add additional states to support incremental sweeping and/or multi-
stage cell destruction.
2021-05-25 18:37:37 +02:00
Andreas Kling
c2d9cd8d53 LibJS: Implement lazy freelist allocation for cells
HeapBlock now implements the same lazy freelist as LibC malloc() does,
where new blocks start out in a "bump allocator" mode that gets used
until we've bump-allocated all the way to the end of the block.

Then we fall back to the old freelist style as before.

This means we don't have to pre-initialize the freelist on HeapBlock
construction. This defers page faults and reduces memory usage for
blocks where all cells don't get used. :^)
2021-05-17 19:30:12 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Ben Wiederhake
bceb98e2df Userland: Remove superfluous headers
Userland has no reason to access 'kmalloc'.
2021-03-11 12:32:53 +01:00
Andreas Kling
5d180d1f99 Everywhere: Rename ASSERT => VERIFY
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)

Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.

We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
2021-02-23 20:56:54 +01:00
Andreas Kling
e1dbf74f15 LibJS: Add some basic freelist validation for the GC heap
When using the freelist, we now validate that the entries are actual
cell pointers within the current HeapBlock.
2021-02-13 00:40:49 +01:00
Andreas Kling
e8d3856736 LibJS: Randomize GC heap block locations
Allocate GC heap blocks with mmap(MAP_RANDOMIZED) for ASLR.

This may very well be too aggressive in terms of fragmentation, and we
can figure out ways to scale that back once it becomes a big problem.

For now, this makes the GC heap a lot less predictable for an attacker.
2021-02-12 19:15:59 +01:00
Andreas Kling
13d7c09125 Libraries: Move to Userland/Libraries/ 2021-01-12 12:17:46 +01:00
Renamed from Libraries/LibJS/Heap/HeapBlock.cpp (Browse further)