Harden allocator for file-backed memory.

base/metrics/persistent_memory_allocator.h

 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef BASE_METRICS_PERSISTENT_MEMORY_ALLOCATOR_H_
 #define BASE_METRICS_PERSISTENT_MEMORY_ALLOCATOR_H_
 
 #include <stdint.h>
 
 #include <atomic>
@@ skipping 78 matching lines @@
 // change the type to something indicating it is no longer in use.
 //
 // Though persistent memory segments are transferrable between programs built
 // for different natural word widths, they CANNOT be exchanged between CPUs
 // of different endianess. Attempts to do so will simply see the existing data
 // as corrupt and refuse to access any of it.
 class BASE_EXPORT PersistentMemoryAllocator {
  public:
   typedef uint32_t Reference;
 
+  // These states are used to indicate the overall condition of the memory
+  // segment irrespective of what is stored within it. Because the data is
+  // often persistent and thus needs to be readable by different versions of
+  // a program, these values are fixed and can never change.
+  enum MemoryState : uint8_t {
+    // Persistent memory starts all zeros and so shows "uninitialized".
+    MEMORY_UNINITIALIZED = 0,
+
+    // The header has been written and the memory is ready for use.
+    MEMORY_INITIALIZED = 1,
+
+    // The data should be considered deleted. This would be set when the
+    // allocator is being cleaned up. If file-backed, the file is likely
+    // to be deleted but since deletion can fail for a variety of reasons,
+    // having this extra status means a future reader can realize what
+    // should have happened.
+    MEMORY_DELETED = 2,
+
+    // Outside code can create states starting with this number; these too
+    // must also never change between code versions.
+    MEMORY_USER_DEFINED = 100,
+  };
+
   // Iterator for going through all iterable memory records in an allocator.
   // Like the allocator itself, iterators are lock-free and thread-secure.
   // That means that multiple threads can share an iterator and the same
   // reference will not be returned twice.
   //
   // The order of the items returned by an iterator matches the order in which
   // MakeIterable() was called on them. Once an allocation is made iterable,
   // it is always such so the only possible difference between successive
   // iterations is for more to be added to the end.
   //
@@ skipping 161 matching lines @@
   static bool IsMemoryAcceptable(const void* data, size_t size,
                                  size_t page_size, bool readonly);
 
   // Get the internal identifier for this persistent memory segment.
   uint64_t Id() const;
 
   // Get the internal name of this allocator (possibly an empty string).
   const char* Name() const;
 
   // Is this segment open only for read?
-  bool IsReadonly() { return readonly_; }
+  bool IsReadonly() const { return readonly_; }
+
+  // Manage the saved state of the memory.
+  void SetMemoryState(uint8_t memory_state);
+  uint8_t GetMemoryState() const;
 
   // Create internal histograms for tracking memory use and allocation sizes
   // for allocator of |name| (which can simply be the result of Name()). This
   // is done seperately from construction for situations such as when the
   // histograms will be backed by memory provided by this very allocator.
   //
   // IMPORTANT: Callers must update tools/metrics/histograms/histograms.xml
   // with the following histograms:
   //    UMA.PersistentAllocator.name.Errors
   //    UMA.PersistentAllocator.name.UsedPct
   void CreateTrackingHistograms(base::StringPiece name);
 
+  // Flushes the persistent memory to any backing store. This typically does
+  // nothing but is used by the FilePersistentMemoryAllocator to inform the
+  // OS that all the data should be sent to the disk immediately. This is
+  // useful in the rare case where something has just been stored that needs
+  // to survive a hard shutdown of the machine like from a power failure.
+  // The |sync| parameter indicates if this call should block until the flush
+  // is complete but is only advisory and may or may not have an effect
+  // depending on the capabilities of the OS. Synchronous flushes are allowed
+  // only from theads that are allowed to do I/O.
+  void Flush(bool sync);
+
   // Direct access to underlying memory segment. If the segment is shared
   // across threads or processes, reading data through these values does
   // not guarantee consistency. Use with care. Do not write.
   const void* data() const { return const_cast<const char*>(mem_base_); }
   size_t length() const { return mem_size_; }
   size_t size() const { return mem_size_; }
   size_t used() const;
 
   // Get an object referenced by a |ref|. For safety reasons, the |type_id|
   // code and size-of(|T|) are compared to ensure the reference is valid
@@ skipping 266 matching lines @@
     MemoryType type;
   };
 
   // Constructs the allocator. Everything is the same as the public allocator
   // except |memory| which is a structure with additional information besides
   // the base address.
   PersistentMemoryAllocator(Memory memory, size_t size, size_t page_size,
                             uint64_t id, base::StringPiece name,
                             bool readonly);
 
+  // Implementation of Flush that accepts how much to flush.
+  virtual void FlushPartial(size_t length, bool sync);
+
   volatile char* const mem_base_;  // Memory base. (char so sizeof guaranteed 1)
   const MemoryType mem_type_;      // Type of memory allocation.
   const uint32_t mem_size_;        // Size of entire memory segment.
   const uint32_t mem_page_;        // Page size allocations shouldn't cross.
 
  private:
   struct SharedMetadata;
   struct BlockHeader;
   static const uint32_t kAllocAlignment;
   static const Reference kReferenceQueue;
@@ skipping 115 matching lines @@
                                 base::StringPiece name,
                                 bool read_only);
   ~FilePersistentMemoryAllocator() override;
 
   // Ensure that the file isn't so invalid that it would crash when passing it
   // to the allocator. This doesn't guarantee the file is valid, just that it
   // won't cause the program to abort. The existing IsCorrupt() call will handle
   // the rest.
   static bool IsFileAcceptable(const MemoryMappedFile& file, bool read_only);
 
+ protected:
+  // PersistentMemoryAllocator:
+  void FlushPartial(size_t length, bool sync) override;
+
  private:
   std::unique_ptr<MemoryMappedFile> mapped_file_;
 
   DISALLOW_COPY_AND_ASSIGN(FilePersistentMemoryAllocator);
 };
 #endif  // !defined(OS_NACL)
 
 }  // namespace base
 
 #endif  // BASE_METRICS_PERSISTENT_MEMORY_ALLOCATOR_H_