Page Heap for Chromium

Page Heap is a Windows mode to help identify memory errors, including those in third-party or OS supplied code. Application Verifier is a Windows mode that can detect additional programming errors.

Enabling Page Heap

1. One way of enabling page heap is using Application Verifier (comes with the Windows Platform SDK, use X64 or WOW versions), which enables full page heap and also enables other checks. If you run Application Verifier (requires Chrome 68.0.3406.0 or later) you can enable the checks for chrome by using File-> Add Application to add chrome.exe. Then open the Basics section and uncheck Leak, to avoid known failures that do not indicate problems we want to fix (see crbug.com/807500 for details). You may also need to disable Handles and Locks depending on your graphics driver and specific Chrome version.

For some builds (debug builds for sure) it is necessary to disable Basics-> TLS due to aggressive TLS index range-checking done by v8.

After adjusting these settings be sure to hit Save. Note that all chrome.exe process launches will be affected so you may want to shut down stable Chrome while testing to avoid confusing problems.

Page heap should always be used with a 64-bit version of Chrome to avoid address space exhaustion - every allocation takes a minimum of 4 KB of memory and at least 8 KB of address space.

2. Another way to turn on page heap is using gflags, which is included in Windows Debugging Tools. You need to use x86 version regardless of your system is 32 bit platform or 64 bit platform. It comes with the Debuggers package in the Windows SDK. If you're a Googler and use the depot_tools toolchain, there's a version in "depot_tools\win_toolchain\vs_files\<hash>\win_sdk\Debuggers\x86".

Or add the SDK's Windows Debugging Tools to your path: "c:\Program Files (x86)\Windows Kits\10\Debuggers\x86"

3. Enable full page heap for a particular executable with this command:

gflags.exe /p /enable chrome.exe /full

If chrome gets too slow with full page heap turned on, you can enable it with normal page heap:

gflags.exe /p /enable chrome.exe

Tip: since you need to run this as administrator, it might be easiest if you right-click on your console program and select Run as administrator so that all operations in that shell are already privileged.

See Background section for more information on page heap and gflags.

Disabling Page Heap

To disable page heap when you're done, run:

gflags.exe /p /disable chrome.exe

Background

1. Page heap is Window built-in support for heap verification. There are two modes:

- Full-Page heap places a non-accessible page at the end of the allocation. Full-page heap has high memory requirements. Its advantage is that a process will access violate (AV) exactly at the point of illegal memory operation.

- Normal page heap checks fill patterns when the block gets freed. Normal page heap can be used for testing large-scale process without the high memory consumption overhead of full-page heap. However, normal page heap delays detection until the blocks are freed - thus failures are more difficult to debug.

When an application foo.exe is launched, Windows looks up in "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\foo.exe" for page heap and other settings of the executable and acts accordingly.

2. To turn on page heap for an executable, one just needs to modify the settings in registry. Gflags is a utility downloadable from Microsoft to edit settings under "Image File Execution Options".

Troubleshooting

  • Are you sure you're using the 32-bit version of gflags? If you use the 64-bit version, you won't get any error messages, but nothing will happen.
  • Are you sure you're using a 64-bit build of Chrome? The 32-bit version will run out of address space and spuriously fail with full page heap.
  • Are you debugging browser_tests? You might want to enable page heap for both browser_tests.exe and chrome.exe, or try running browser_tests with the --single-process flag.
Comments