Revert 136250 - This is a copy of CL http://codereview.chromium.org/10307002/

I'll commit this and revert soon to get performance data.

TBR=kaiwang@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10382098

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@136251 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 14 insertions, 10 deletions

diff --git a/third_party/tcmalloc/chromium/src/tcmalloc.cc b/third_party/tcmalloc/chromium/src/tcmalloc.cc
index f0e400f..a87a4df 100644
--- a/third_party/tcmalloc/chromium/src/tcmalloc.cc
+++ b/third_party/tcmalloc/chromium/src/tcmalloc.cc
@@ -178,13 +178,13 @@ using tcmalloc::StackTrace;
 using tcmalloc::Static;
 using tcmalloc::ThreadCache;
 
-// ---- Functions doing validation with an extra mark.
+// ---- Double free debug declarations
 static size_t ExcludeSpaceForMark(size_t size);
 static void AddRoomForMark(size_t* size);
 static void ExcludeMarkFromSize(size_t* new_size);
 static void MarkAllocatedRegion(void* ptr);
 static void ValidateAllocatedRegion(void* ptr, size_t cl);
-// ---- End validation functions.
+// ---- End Double free debug declarations
 
 DECLARE_int64(tcmalloc_sample_parameter);
 DECLARE_double(tcmalloc_release_rate);
@@ -1170,12 +1170,9 @@ inline void do_free_with_callback(void* ptr, void (*invalid_free_fn)(void*)) {
       Static::central_cache()[cl].InsertRange(ptr, ptr, 1);
     }
   } else {
-    // Make sure ptr is inside the first page of the span.
-    CHECK_CONDITION(span->start == p);
-    // Make sure we are not freeing interior pointers, even in release build.
-    CHECK_CONDITION(reinterpret_cast<uintptr_t>(ptr) % kPageSize == 0);
-
     SpinLockHolder h(Static::pageheap_lock());
+    ASSERT(reinterpret_cast<uintptr_t>(ptr) % kPageSize == 0);
+    ASSERT(span != NULL && span->start == p);
     if (span->sample) {
       StackTrace* st = reinterpret_cast<StackTrace*>(span->objects);
       tcmalloc::DLL_Remove(span);
@@ -1279,7 +1276,7 @@ inline void* do_realloc(void* old_ptr, size_t new_size) {
 void* do_memalign(size_t align, size_t size) {
   ASSERT((align & (align - 1)) == 0);
   ASSERT(align > 0);
-  // Marked in CheckedMallocResult(), which is also inside SpanToMallocResult().
+  // Marked in CheckMallocResult(), which is also inside SpanToMallocResult(). 
   AddRoomForMark(&size);
   if (size + align < size) return NULL;         // Overflow
 
@@ -1701,7 +1698,7 @@ extern "C" PERFTOOLS_DLL_DECL size_t tc_malloc_size(void* ptr) __THROW {
 
 #endif  // TCMALLOC_USING_DEBUGALLOCATION
 
-// --- Validation implementation with an extra mark ----------------------------
+// ---Double free() debugging implementation -----------------------------------
 // We will put a mark at the extreme end of each allocation block.  We make
 // sure that we always allocate enough "extra memory" that we can fit in the
 // mark, and still provide the requested usable region.  If ever that mark is
@@ -1749,6 +1746,13 @@ static void DieFromDoubleFree() {
   *p += 1;  // Segv.
 }
 
+static size_t DieFromBadFreePointer(const void* unused) {
+  char* p = NULL;
+  p += 2;
+  *p += 2;  // Segv.
+  return 0;
+}
+
 static void DieFromMemoryCorruption() {
   char* p = NULL;
   p += 3;
@@ -1789,7 +1793,7 @@ inline static size_t ExcludeSpaceForMark(size_t size) {
 }
 
 inline static MarkType* GetMarkLocation(void* ptr) {
-  size_t class_size = GetSizeWithCallback(ptr, &InvalidGetAllocatedSize);
+  size_t class_size = GetSizeWithCallback(ptr, DieFromBadFreePointer);
   ASSERT(class_size % sizeof(kAllocationMarkMask) == 0);
   size_t last_index = (class_size / sizeof(kAllocationMarkMask)) - 1;
   return static_cast<MarkType*>(ptr) + last_index;