Patch out posix_memalign in the out-of-memory killer....

base/process_util_mac.mm

 // Copyright (c) 2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 
 #include "base/process_util.h"
 
 #import <Cocoa/Cocoa.h>
 #include <crt_externs.h>
 #include <mach/mach.h>
@@ skipping 339 matching lines @@
 
   return (data.active_count * page_size) / 1024;
 }
 
 // ------------------------------------------------------------------------
 
 namespace {
 
 bool g_oom_killer_enabled;
 
-// === C malloc/calloc/valloc/realloc ===
+// === C malloc/calloc/valloc/realloc/posix_memalign ===
+
+// The extended version of malloc_zone_t from the 10.6 SDK's <malloc/malloc.h>,
+// included here to allow for compilation in 10.5. (10.5 has version 3 zone
+// allocators, while 10.6 has version 6 allocators.)
+struct ChromeMallocZone {
+  void* reserved1;
+  void* reserved2;
+  size_t (*size)(struct _malloc_zone_t* zone, const void* ptr);
+  void* (*malloc)(struct _malloc_zone_t* zone, size_t size);
+  void* (*calloc)(struct _malloc_zone_t* zone, size_t num_items, size_t size);
+  void* (*valloc)(struct _malloc_zone_t* zone, size_t size);
+  void (*free)(struct _malloc_zone_t* zone, void* ptr);
+  void* (*realloc)(struct _malloc_zone_t* zone, void* ptr, size_t size);
+  void (*destroy)(struct _malloc_zone_t* zone);
+  const char* zone_name;
+  unsigned (*batch_malloc)(struct _malloc_zone_t* zone, size_t size,
+                           void** results, unsigned num_requested);
+  void (*batch_free)(struct _malloc_zone_t* zone, void** to_be_freed,
+                     unsigned num_to_be_freed);
+  struct malloc_introspection_t* introspect;
+  unsigned version;
+  void* (*memalign)(struct _malloc_zone_t* zone, size_t alignment,
+                    size_t size);  // version >= 5
+  void (*free_definite_size)(struct _malloc_zone_t* zone, void* ptr,
+                             size_t size);  // version >= 6
+};
 
 typedef void* (*malloc_type)(struct _malloc_zone_t* zone,
                              size_t size);
 typedef void* (*calloc_type)(struct _malloc_zone_t* zone,
                              size_t num_items,
                              size_t size);
 typedef void* (*valloc_type)(struct _malloc_zone_t* zone,
                              size_t size);
 typedef void* (*realloc_type)(struct _malloc_zone_t* zone,
                               void* ptr,
                               size_t size);
+typedef void* (*memalign_type)(struct _malloc_zone_t* zone,
+                               size_t alignment,
+                               size_t size);
 
 malloc_type g_old_malloc;
 calloc_type g_old_calloc;
 valloc_type g_old_valloc;
 realloc_type g_old_realloc;
+memalign_type g_old_memalign;
 
 void* oom_killer_malloc(struct _malloc_zone_t* zone,
                         size_t size) {
   void* result = g_old_malloc(zone, size);
-  if (size && !result)
+  if (!result && size)
     DebugUtil::BreakDebugger();
   return result;
 }
 
 void* oom_killer_calloc(struct _malloc_zone_t* zone,
                         size_t num_items,
                         size_t size) {
   void* result = g_old_calloc(zone, num_items, size);
-  if (num_items && size && !result)
+  if (!result && num_items && size)
     DebugUtil::BreakDebugger();
   return result;
 }
 
 void* oom_killer_valloc(struct _malloc_zone_t* zone,
                         size_t size) {
   void* result = g_old_valloc(zone, size);
-  if (size && !result)
+  if (!result && size)
     DebugUtil::BreakDebugger();
   return result;
 }
 
 void* oom_killer_realloc(struct _malloc_zone_t* zone,
                          void* ptr,
                          size_t size) {
   void* result = g_old_realloc(zone, ptr, size);
-  if (size && !result)
+  if (!result && size)
+    DebugUtil::BreakDebugger();
+  return result;
+}
+
+void* oom_killer_memalign(struct _malloc_zone_t* zone,
+                          size_t alignment,
+                          size_t size) {
+  void* result = g_old_memalign(zone, alignment, size);
+  // Only die if posix_memalign would have returned ENOMEM, since there are
+  // other reasons why NULL might be returned (see
+  // http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c ).
+  if (!result && size && alignment >= sizeof(void*)
+      && 0 == (alignment & (alignment - 1)))

[Mark Mentovai, 2010/05/19 20:11:17]

Use {}. That rule should be applied if the conditional statement is multi-line
too. Especially with the continuation line wrapping to a different indent, the
{} makes the distinction between the condition and the controlled statement
really clear.

[Mark Mentovai, 2010/05/19 20:11:17]

Googlers generally write |expression == 0| and not that nutty |0 == expression|
thing. Googlers are apparently not afraid of accidentally writing expression =
0.

     DebugUtil::BreakDebugger();
   return result;
 }
 
 // === C++ operator new ===
 
 void oom_killer_new() {
   DebugUtil::BreakDebugger();
 }
 
@@ skipping 77 matching lines @@
 }
 
 }  // namespace
 
 void EnableTerminationOnOutOfMemory() {
   if (g_oom_killer_enabled)
     return;
 
   g_oom_killer_enabled = true;
 
-  // === C malloc/calloc/valloc/realloc ===
+  // === C malloc/calloc/valloc/realloc/posix_memalign ===
 
   // This approach is not perfect, as requests for amounts of memory larger than
   // MALLOC_ABSOLUTE_MAX_SIZE (currently SIZE_T_MAX - (2 * PAGE_SIZE)) will
   // still fail with a NULL rather than dying (see
   // http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c for details).
   // Unfortunately, it's the best we can do. Also note that this does not affect
   // allocations from non-default zones.
 
-  CHECK(!g_old_malloc && !g_old_calloc && !g_old_valloc && !g_old_realloc)
-      << "Old allocators unexpectedly non-null";
+  CHECK(!g_old_malloc && !g_old_calloc && !g_old_valloc && !g_old_realloc &&
+        !g_old_memalign) << "Old allocators unexpectedly non-null";
 
   int32 major;
   int32 minor;
   int32 bugfix;
   SysInfo::OperatingSystemVersionNumbers(&major, &minor, &bugfix);
   bool zone_allocators_protected = ((major == 10 && minor > 6) || major > 10);
 
-  malloc_zone_t* default_zone = malloc_default_zone();
+  ChromeMallocZone* default_zone =
+      reinterpret_cast<ChromeMallocZone*>(malloc_default_zone());
 
   vm_address_t page_start = NULL;
   vm_size_t len = 0;
   if (zone_allocators_protected) {
     // See http://trac.webkit.org/changeset/53362/trunk/WebKitTools/DumpRenderTree/mac
     page_start = reinterpret_cast<vm_address_t>(default_zone) &
         static_cast<vm_size_t>(~(getpagesize() - 1));
     len = reinterpret_cast<vm_address_t>(default_zone) -
         page_start + sizeof(malloc_zone_t);
     mprotect(reinterpret_cast<void*>(page_start), len, PROT_READ | PROT_WRITE);
   }
 
   g_old_malloc = default_zone->malloc;
   g_old_calloc = default_zone->calloc;
   g_old_valloc = default_zone->valloc;
   g_old_realloc = default_zone->realloc;
   CHECK(g_old_malloc && g_old_calloc && g_old_valloc && g_old_realloc)
       << "Failed to get system allocation functions.";
 
   default_zone->malloc = oom_killer_malloc;
   default_zone->calloc = oom_killer_calloc;
   default_zone->valloc = oom_killer_valloc;
   default_zone->realloc = oom_killer_realloc;
 
+  if (default_zone->version >= 5) {
+    g_old_memalign = default_zone->memalign;
+    if (g_old_memalign)
+      default_zone->memalign = oom_killer_memalign;
+  }
+
   if (zone_allocators_protected) {
     mprotect(reinterpret_cast<void*>(page_start), len, PROT_READ);
   }
 
+  // === C malloc_zone_batch_malloc ===
+
+  // batch_malloc is omitted because the default malloc zone's implementation
+  // only supports batch_malloc for "tiny" allocations from the free list. It
+  // will fail for allocations larger than "tiny", and will only allocate as
+  // many blocks as it's able to from the free list. These factors mean that it
+  // can return less than the requested memory even in a non-out-of-memory
+  // situation. There's no good way to detect whether a batch_malloc failure is
+  // due to these other factors, or due to genuine memory or address space
+  // exhaustion. The fact that it only allocates space from the "tiny" free list
+  // means that it's likely that a failure will not be due to memory exhaustion.
+  // Similarly, these constraints on batch_malloc mean that callers must always
+  // be expecting to receive less memory than was requested, even in situations
+  // where memory pressure is not a concern. Finally, the only public interface
+  // to batch_malloc is malloc_zone_batch_malloc, which is specific to the
+  // system's malloc implementation. It's unlikely that anyone's even heard of
+  // it.
+
   // === C++ operator new ===
 
   // Yes, operator new does call through to malloc, but this will catch failures
   // that our imperfect handling of malloc cannot.
 
   std::set_new_handler(oom_killer_new);
 
   // === Core Foundation CFAllocators ===
 
   // This will not catch allocation done by custom allocators, but will catch
@@ skipping 37 matching lines @@
                                             @selector(allocWithZone:));
   g_old_allocWithZone = reinterpret_cast<allocWithZone_t>(
       method_getImplementation(orig_method));
   CHECK(g_old_allocWithZone)
       << "Failed to get allocWithZone allocation function.";
   method_setImplementation(orig_method,
                            reinterpret_cast<IMP>(oom_killer_allocWithZone));
 }
 
 }  // namespace base