1 // Copyright 2020 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef BASE_ALLOCATOR_PARTITION_ALLOC_FEATURES_H_ 6 #define BASE_ALLOCATOR_PARTITION_ALLOC_FEATURES_H_ 7 8 #include "base/allocator/partition_allocator/partition_alloc_buildflags.h" 9 #include "base/base_export.h" 10 #include "base/compiler_specific.h" 11 #include "base/feature_list.h" 12 #include "base/metrics/field_trial_params.h" 13 #include "build/build_config.h" 14 15 namespace base { 16 namespace features { 17 18 extern const BASE_EXPORT Feature kPartitionAllocUnretainedDanglingPtr; 19 enum class UnretainedDanglingPtrMode { 20 kCrash, 21 kDumpWithoutCrashing, 22 }; 23 extern const BASE_EXPORT base::FeatureParam<UnretainedDanglingPtrMode> 24 kUnretainedDanglingPtrModeParam; 25 26 // See /docs/dangling_ptr.md 27 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocDanglingPtr); 28 enum class DanglingPtrMode { 29 // Crash immediately after detecting a dangling raw_ptr. 30 kCrash, // (default) 31 32 // Log the signature of every occurrences without crashing. It is used by 33 // bots. 34 // Format "[DanglingSignature]\t<1>\t<2>\t<3>\t<4>" 35 // 1. The function which freed the memory while it was still referenced. 36 // 2. The task in which the memory was freed. 37 // 3. The function which released the raw_ptr reference. 38 // 4. The task in which the raw_ptr was released. 39 kLogOnly, 40 41 // Note: This will be extended with a single shot DumpWithoutCrashing. 42 }; 43 extern const BASE_EXPORT base::FeatureParam<DanglingPtrMode> 44 kDanglingPtrModeParam; 45 enum class DanglingPtrType { 46 // Act on any dangling raw_ptr released after being freed. 47 kAll, // (default) 48 49 // Detect when freeing memory and releasing the dangling raw_ptr happens in 50 // a different task. Those are more likely to cause use after free. 51 kCrossTask, 52 53 // Note: This will be extended with LongLived 54 }; 55 extern const BASE_EXPORT base::FeatureParam<DanglingPtrType> 56 kDanglingPtrTypeParam; 57 58 #if BUILDFLAG(USE_STARSCAN) 59 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocPCScan); 60 #endif 61 #if BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC) 62 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocPCScanBrowserOnly); 63 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocPCScanRendererOnly); 64 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocBackupRefPtrControl); 65 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocLargeThreadCacheSize); 66 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocLargeEmptySlotSpanRing); 67 #endif // BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC) 68 69 enum class BackupRefPtrEnabledProcesses { 70 // BRP enabled only in the browser process. 71 kBrowserOnly, 72 // BRP enabled only in the browser and renderer processes. 73 kBrowserAndRenderer, 74 // BRP enabled in all processes, except renderer. 75 kNonRenderer, 76 // BRP enabled in all processes. 77 kAllProcesses, 78 }; 79 80 enum class BackupRefPtrMode { 81 // BRP is disabled across all partitions. Equivalent to the Finch flag being 82 // disabled. 83 kDisabled, 84 85 // BRP is enabled in the main partition, as well as certain Renderer-only 86 // partitions (if enabled in Renderer at all). 87 // This entails splitting the main partition. 88 kEnabled, 89 90 // Same as kEnabled but without zapping quarantined objects. 91 kEnabledWithoutZapping, 92 93 // Same as kEnabled but registers the main partition to memory reclaimer. 94 kEnabledWithMemoryReclaimer, 95 96 // BRP is disabled, but the main partition is split out, as if BRP was enabled 97 // in the "previous slot" mode. 98 kDisabledButSplitPartitions2Way, 99 100 // Same as kDisabledButSplitPartitions2Way but registers the main partition to 101 // memory reclaimer. 102 kDisabledButSplitPartitions2WayWithMemoryReclaimer, 103 104 // BRP is disabled, but the main partition *and* aligned partition are split 105 // out, as if BRP was enabled in the "before allocation" mode. 106 kDisabledButSplitPartitions3Way, 107 108 // BRP is disabled, but add dummy ref count to each allocation. This will 109 // increase allocation size but not change any of the logic. If an issue 110 // reproduce in this mode, it means the increase in size is causing it. 111 kDisabledButAddDummyRefCount, 112 }; 113 114 enum class AlternateBucketDistributionMode : uint8_t { 115 kDefault, 116 kDenser, 117 }; 118 119 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocBackupRefPtr); 120 extern const BASE_EXPORT base::FeatureParam<BackupRefPtrEnabledProcesses> 121 kBackupRefPtrEnabledProcessesParam; 122 extern const BASE_EXPORT base::FeatureParam<BackupRefPtrMode> 123 kBackupRefPtrModeParam; 124 extern const BASE_EXPORT base::FeatureParam<bool> 125 kBackupRefPtrAsanEnableDereferenceCheckParam; 126 extern const BASE_EXPORT base::FeatureParam<bool> 127 kBackupRefPtrAsanEnableExtractionCheckParam; 128 extern const BASE_EXPORT base::FeatureParam<bool> 129 kBackupRefPtrAsanEnableInstantiationCheckParam; 130 extern const BASE_EXPORT base::FeatureParam<AlternateBucketDistributionMode> 131 kPartitionAllocAlternateBucketDistributionParam; 132 133 BASE_EXPORT BASE_DECLARE_FEATURE(kLowerPAMemoryLimitForNonMainRenderers); 134 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocPCScanMUAwareScheduler); 135 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocPCScanStackScanning); 136 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocDCScan); 137 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocPCScanImmediateFreeing); 138 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocPCScanEagerClearing); 139 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocSortActiveSlotSpans); 140 BASE_EXPORT BASE_DECLARE_FEATURE(kPartitionAllocUseAlternateDistribution); 141 #if BUILDFLAG(IS_WIN) 142 BASE_EXPORT BASE_DECLARE_FEATURE(kPageAllocatorRetryOnCommitFailure); 143 #endif 144 145 } // namespace features 146 } // namespace base 147 148 #endif // BASE_ALLOCATOR_PARTITION_ALLOC_FEATURES_H_ 149