Add redundancy to detect double frees in TCMalloc

I don't think I want to ship this to dev or stable, but
I think it may be valuable to try on our canary
builds.

Added a single byte or word (tranparently) to all
allocations, and wrote a unique value into that
location after each allocation. When free() is
called, we validate the flag, and then mark
the block as not being allocated.

Any time a block fails to validate, we crash,
as this means the object either overran its
allocated region (or suffered memory corruption),
or else (more likely) a double free took place.
We have two distinct crash stacks for the
two distinct validation problems (corrupt vs
double free).

ALthough I haven't been able to demonstrate a
problem on the bots, I'm pretty psyched to try
to find something in the field with this change.
The perf loss is very low, and I think that the
likely cause for TCMalloc cross-linked-list
corruption (double frees) will be detected
(I can hope!)


R=mbelshe
BUG=75921
Review URL: http://codereview.chromium.org/6683029

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78369 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 1 insertions, 1 deletions

diff --git a/base/allocator/allocator_shim.cc b/base/allocator/allocator_shim.cc
index f11164c..0bee3d3 100644
--- a/base/allocator/allocator_shim.cc
+++ b/base/allocator/allocator_shim.cc
@@ -41,7 +41,7 @@ typedef enum {
 // See SetupSubprocessAllocator() to specify a default secondary (subprocess)
 // allocator.
 // TODO(jar): Switch to using TCMALLOC for the renderer as well.
-static Allocator allocator = WINHEAP;
+static Allocator allocator = TCMALLOC;
 
 // The names of the environment variables that can optionally control the
 // selection of the allocator.  The primary may be used to control overall