john/cell
1
0
Fork 0
Code Issues 31 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

mmap for poison heap

Browse Source
This commit is contained in:
John Alanbrook
2026-02-13 04:03:36 -06:00
parent f296a0c10d
commit cb9d6e0c0e
3 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/cell.c
View File

@@ -377,7 +377,7 @@ int cell_init(int argc, char **argv)
free(boot_data); free(boot_data);
return 1; return 1;
} }
JSContext *ctx = JS_NewContextWithHeapSize(g_runtime, 16 * 1024 * 1024); JSContext *ctx = JS_NewContextWithHeapSize(g_runtime, 1024 * 1024);
if (!ctx) { if (!ctx) {
printf("Failed to create JS context\n"); printf("Failed to create JS context\n");
free(boot_data); JS_FreeRuntime(g_runtime); free(boot_data); JS_FreeRuntime(g_runtime);

10
source/quickjs-internal.h
View File

@@ -78,7 +78,7 @@
*/ */
// #define DUMP_BYTECODE (1) // #define DUMP_BYTECODE (1)
/* dump GC summary: old/new heap, recovery %, heap growth */ /* dump GC summary: old/new heap, recovery %, heap growth */
// #define DUMP_GC #define DUMP_GC
/* dump detailed GC: roots, scanning, object traversal (implies DUMP_GC) */ /* dump detailed GC: roots, scanning, object traversal (implies DUMP_GC) */
// #define DUMP_GC_DETAIL // #define DUMP_GC_DETAIL
#ifdef DUMP_GC_DETAIL #ifdef DUMP_GC_DETAIL
@@ -115,6 +115,14 @@
#define gc_poison_region(addr, size) ((void)0) #define gc_poison_region(addr, size) ((void)0)
#define gc_unpoison_region(addr, size) ((void)0) #define gc_unpoison_region(addr, size) ((void)0)
#endif #endif
#include <sys/mman.h>
#include <unistd.h>
static inline size_t poison_page_align(size_t size) {
size_t ps = (size_t)sysconf(_SC_PAGESIZE);
return (size + ps - 1) & ~(ps - 1);
}
#endif /* POISON_HEAP */ #endif /* POISON_HEAP */
#ifdef HAVE_ASAN #ifdef HAVE_ASAN

19
source/runtime.c
View File

@@ -935,7 +935,10 @@ void buddy_destroy (BuddyAllocator *b) {
static void *heap_block_alloc(JSRuntime *rt, size_t size) { static void *heap_block_alloc(JSRuntime *rt, size_t size) {
#ifdef POISON_HEAP #ifdef POISON_HEAP
(void)rt; (void)rt;
return malloc(size); size = poison_page_align(size);
void *p = mmap(NULL, size, PROT_READ | PROT_WRITE,
MAP_ANON | MAP_PRIVATE, -1, 0);
return (p == MAP_FAILED) ? NULL : p;
#else #else
return buddy_alloc(&rt->buddy, size); return buddy_alloc(&rt->buddy, size);
#endif #endif
@@ -944,8 +947,9 @@ static void *heap_block_alloc(JSRuntime *rt, size_t size) {
static void heap_block_free(JSRuntime *rt, void *ptr, size_t size) { static void heap_block_free(JSRuntime *rt, void *ptr, size_t size) {
#ifdef POISON_HEAP #ifdef POISON_HEAP
(void)rt; (void)rt;
(void)size; /* mmap'd memory is intentionally never munmap'd so virtual addresses
/* Don't free - leave it poisoned to catch stale accesses */ are never reused (preventing stale pointer aliasing). Pages stay
resident because chase() reads forwarding pointers from old blocks. */
gc_poison_region(ptr, size); gc_poison_region(ptr, size);
#else #else
buddy_free(&rt->buddy, ptr, size); buddy_free(&rt->buddy, ptr, size);
@@ -1174,10 +1178,16 @@ int ctx_gc (JSContext *ctx, int allow_grow, size_t alloc_size) {
while (new_size < need && new_size < (1ULL << BUDDY_MAX_ORDER)) while (new_size < need && new_size < (1ULL << BUDDY_MAX_ORDER))
new_size *= 2; new_size *= 2;
} }
#ifdef POISON_HEAP
new_size = poison_page_align(new_size);
#endif
uint8_t *new_block = heap_block_alloc (rt, new_size); uint8_t *new_block = heap_block_alloc (rt, new_size);
if (!new_block) { if (!new_block) {
/* Try with same size */ /* Try with same size */
new_size = ctx->current_block_size; new_size = ctx->current_block_size;
#ifdef POISON_HEAP
new_size = poison_page_align(new_size);
#endif
new_block = heap_block_alloc (rt, new_size); new_block = heap_block_alloc (rt, new_size);
if (!new_block) return -1; if (!new_block) return -1;
} }
@@ -1432,6 +1442,9 @@ JSContext *JS_NewContextRawWithHeapSize (JSRuntime *rt, size_t heap_size) {
} }
/* Allocate initial heap block for bump allocation */ /* Allocate initial heap block for bump allocation */
#ifdef POISON_HEAP
heap_size = poison_page_align(heap_size);
#endif
ctx->current_block_size = heap_size; ctx->current_block_size = heap_size;
ctx->next_block_size = ctx->current_block_size; ctx->next_block_size = ctx->current_block_size;
ctx->heap_base = heap_block_alloc (rt, ctx->current_block_size); ctx->heap_base = heap_block_alloc (rt, ctx->current_block_size);