PSA: Adding wrapper types for GarbageCollected Blink heap collections

48 views
Skip to first unread message

Michael Lippautz

unread,
Feb 17, 2025, 11:01:44 AMFeb 17
to platform-architecture-dev, Omer Katz
Hey p-a-d@,

Currently all garbage collected heap collections, such as `HeapVector`, are `DISALLOW_NEW()` and `GarbageCollected`. This allows them to be placed on stack, directly within other objects, and being dynamically allocated with `MakeGarbageCollected()`. This is not in line with Oilpan's general rules.

While this may be very convenient, it is prone for accidental misuses as it disables a bunch of static checks. E.g., it permits placing `HeapVector` on stack and referring to such an object via `Member`, which leads to memory corruptions. This has happened a few times and bugs generally have security implications. We also see people trying to infer best practices from the collection types which leads to confusion as rules are not consistently enforced.

We have been asked to strengthen static asserts and the GC plugin. Going forward, we will make Oilpan follow its own rules:
- Keep `HeapVector` and friends as `DISALLOW_NEW()`. This covers the vast majority of cases for which nothing needs to be done.
- Introduce wrapper types (e.g. `HeapVectorWrapper`, use the existing `DisallowNewWrapper`) that should be used when dynamically allocating collections. This requires migrating uses which should be trivial though.

This change is performance neutral and will not impose additional allocations.


Cheers, Michael

Kentaro Hara

unread,
Feb 17, 2025, 10:26:31 PMFeb 17
to Michael Lippautz, platform-architecture-dev, Omer Katz
LGTM.

Member<HeapVector> is not that common, and the practical impact on developer ergonomics won't be that large :)




--
You received this message because you are subscribed to the Google Groups "platform-architecture-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to platform-architect...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/platform-architecture-dev/CAH%2BmL5BT%2BGu0PW0G3DGd6JX8fO27jt4SOTOGj3h%3DpzdZRo8X_w%40mail.gmail.com.


--
Kentaro Hara, Tokyo

Michael Lippautz

unread,
Jul 7, 2025, 6:40:46 AMJul 7
to Kentaro Hara, Michael Lippautz, platform-architecture-dev, Omer Katz
Heads-up: This work is now done and prevents certain types of bugs where on-stack data structures escaped into the heap leading to memory corruptions and security problems.

Cheers, Michael
Reply all
Reply to author
Forward
0 new messages