[PA] Add configuration for iOS binary experiment
To drive the experiment smoothly, we want to make it configurable with
only `//ios` changes.
`enable_ios_corruption_hardening` is now exposed through build overrides
and toggles `enable_partition_lock_reentrancy_check`,
`use_partition_cookie`, `smaller_partition_cookie`, and
`force_disable_backup_ref_ptr_feature`.
Bug: 371135823
Change-Id: I1e8361f69a054b75942b6269e62449d5eaf5ac19
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925058
Commit-Queue: Mark Cogan <[email protected]>
Reviewed-by: Takashi Sakamoto <[email protected]>
Auto-Submit: Mikihito Matsuura <[email protected]>
Reviewed-by: Mark Cogan <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1367388}
diff --git a/base/allocator/partition_allocator/build_overrides/partition_alloc.gni b/base/allocator/partition_allocator/build_overrides/partition_alloc.gni
index a7939c0..a3f831c7 100644
--- a/base/allocator/partition_allocator/build_overrides/partition_alloc.gni
+++ b/base/allocator/partition_allocator/build_overrides/partition_alloc.gni
@@ -15,6 +15,7 @@
enable_backup_ref_ptr_support_default = false
enable_backup_ref_ptr_slow_checks_default = false
enable_dangling_raw_ptr_checks_default = false
+enable_ios_corruption_hardening_default = false
# This is the default build configuration for pointers/raw_ptr*.
raw_ptr_zero_on_construct_default = true
diff --git a/base/allocator/partition_allocator/partition_alloc.gni b/base/allocator/partition_allocator/partition_alloc.gni
index 31c090b0..17da3298 100644
--- a/base/allocator/partition_allocator/partition_alloc.gni
+++ b/base/allocator/partition_allocator/partition_alloc.gni
@@ -92,6 +92,15 @@
use_partition_alloc_as_malloc
}
+declare_args() {
+ # This is a flag for binary experiment on iOS. When BRP for iOS is enabled,
+ # we see some un-actionable `DoubleFreeOrCorruptionDetected` crashes.
+ # This flag enables some extra `CHECK`s to get actionable crash reports.
+ # TODO(crbug.com/371135823): Remove upon completion of investigation.
+ enable_ios_corruption_hardening = use_partition_alloc_as_malloc && is_ios &&
+ enable_ios_corruption_hardening_default
+}
+
assert(
!enable_allocator_shim_partition_alloc_dispatch_with_advanced_checks_support || use_partition_alloc_as_malloc,
"PartitionAlloc with advanced checks requires PartitionAlloc itself.")
@@ -150,18 +159,19 @@
# Enable reentrancy checks at `partition_alloc::internal::Lock`.
# TODO(crbug.com/371135823): Remove upon completion of investigation.
- enable_partition_lock_reentrancy_check = false
+ enable_partition_lock_reentrancy_check = enable_ios_corruption_hardening
# This will write a fixed cookie pattern at the end of each allocation, and
# later verify the pattern remain unchanged to ensure there is no OOB write.
# It comes with performance and memory cost, hence enabled only in debug.
- use_partition_cookie = is_debug || dcheck_always_on
+ use_partition_cookie =
+ is_debug || dcheck_always_on || enable_ios_corruption_hardening
# This will change partition cookie size to 4B or 8B, whichever equivalent to
# size of InSlotMetadata. This option is useful for InSlotMetadata corruption
# investigation.
# TODO(crbug.com/371135823): Remove upon completion of investigation.
- smaller_partition_cookie = false
+ smaller_partition_cookie = enable_ios_corruption_hardening
}
declare_args() {
@@ -244,7 +254,8 @@
# While keeping BRP support, override a feature flag to make it disabled
# state. This will overwrite `enable_backup_ref_ptr_feature_flag`.
# TODO(https://crbug.com/372183586): Fix the bug and remove this arg.
- force_disable_backup_ref_ptr_feature = enable_backup_ref_ptr_support && false
+ force_disable_backup_ref_ptr_feature =
+ enable_backup_ref_ptr_support && enable_ios_corruption_hardening
# Build support for Dangling Ptr Detection (DPD) via BackupRefPtr (BRP),
# making the raw_ptr<T> implementation to RawPtrBackupRefImpl if active.
diff --git a/build_overrides/partition_alloc.gni b/build_overrides/partition_alloc.gni
index 356e445..4d13509 100644
--- a/build_overrides/partition_alloc.gni
+++ b/build_overrides/partition_alloc.gni
@@ -143,6 +143,9 @@
# at the moment. The other Android bots are not ready for it yet.
!is_android
+enable_ios_corruption_hardening_default =
+ is_ios && ios_partition_alloc_corruption_hardening_enabled
+
raw_ptr_zero_on_construct_default = true
raw_ptr_zero_on_move_default = true
raw_ptr_zero_on_destruct_default = false
diff --git a/ios/features.gni b/ios/features.gni
index 4200ec1f..2e029796 100644
--- a/ios/features.gni
+++ b/ios/features.gni
@@ -11,6 +11,11 @@
# Temporarily disable for rollout -- see crbug.com/1412190 for details.
ios_partition_alloc_enabled = true
+ # Control whether PartitionAlloc for iOS builds has extra checks for
+ # metadata corruption issue investigation.
+ # TODO(crbug.com/371135823): Remove upon completion of the investigation.
+ ios_partition_alloc_corruption_hardening_enabled = false
+
# Control whether //ios/chrome and //ios/web targets are build. This
# is used by bots from projects based on top of Chromium that want to
# only reuse shared code (//ios/net, //remoting/ios, ...).
