Add memory ablation experiment.

chrome/browser/experiments/memory_ablation_experiment.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/experiments/memory_ablation_experiment.h"
+

[Primiano Tucci (use gerrit), 2017/04/10 18:05:04]

do you need a class at all here?
It seems all this code could be just a function, something like

MaybeStartMemoryAblationExperiment() {
  int size = GetFieldTrialParamByFeatureAsInt(....);
  if (!size <= 0)
   return;
 std::unique_ptr mem(new uint8_t[size]);
 for(i = 0 ....)  
   touch memory
  PostDelayedTask(FROM_HERE, Bind([] (std::unique_ptr<uint8_t>) {}, delay )
}

[DmitrySkiba, 2017/04/10 19:31:00]

I think class is more flexible, for example we might want to do periodic
touching, or allocate in several chunks.

[Primiano Tucci (use gerrit), 2017/04/10 19:40:11]

A good rule of thumb is don't introduce unnecessary complexity until it becomes
necessary ;-)
If everybody did this we'd end up with a .so which is 2x bigger

[DmitrySkiba, 2017/04/10 19:51:41]

I mean, we might end up doing those things in this CL.

+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/metrics/field_trial_params.h"
+#include "base/process/process_metrics.h"
+
+const base::Feature kMemoryAblationFeature{"MemoryAblation",
+                                           base::FEATURE_DISABLED_BY_DEFAULT};
+
+const char kMemoryAblationFeatureSizeParam[] = "Size";
+
+constexpr size_t kMemoryAblationDelaySeconds = 5;
+
+MemoryAblationExperiment::MemoryAblationExperiment()
+    : memory_(nullptr, &free) {}
+
+MemoryAblationExperiment::~MemoryAblationExperiment() {}
+
+MemoryAblationExperiment* MemoryAblationExperiment::GetInstance() {
+  static auto* instance = new MemoryAblationExperiment();
+  return instance;
+}
+
+void MemoryAblationExperiment::MaybeStart(
+    scoped_refptr<base::SequencedTaskRunner> task_runner) {
+  int size = base::GetFieldTrialParamByFeatureAsInt(
+      kMemoryAblationFeature, kMemoryAblationFeatureSizeParam,
+      0 /* default value */);
+  if (size > 0) {
+    GetInstance()->Start(task_runner, size);
+  }
+}
+
+void MemoryAblationExperiment::Start(
+    scoped_refptr<base::SequencedTaskRunner> task_runner,
+    size_t memory_size) {
+  task_runner->PostDelayedTask(
+      FROM_HERE,
+      base::Bind(&MemoryAblationExperiment::AllocateMemory,
+                 base::Unretained(this), memory_size),
+      base::TimeDelta::FromSeconds(kMemoryAblationDelaySeconds));
+}
+
+void MemoryAblationExperiment::AllocateMemory(size_t size) {
+  memory_size_ = size;
+  memory_.reset(static_cast<uint8_t*>(malloc(size)));
+  TouchMemory();
+}
+
+void MemoryAblationExperiment::TouchMemory() {
+  if (memory_) {
+    size_t page_size = base::GetPageSize();
+    for (size_t i = 0; i < memory_size_; i += page_size) {
+      memory_[i]++;

[Primiano Tucci (use gerrit), 2017/04/10 18:05:04]

two things here:
1. touching uninitialized memory is undefined behavior. clang is very aggressive
on undefined behavior and I've seen it allowing to just insert deliberate
crashes even on things that shouln't crash in any case.
See crbug.com/681218 where wfh was doing something very similar to this and
ended up with clang generating a crash instead.

2. Nothing is doing anything with memory_, which allows the compiler to just
omit this loop completely (if didn't emit a trap as above).

What I would do here instead is:
1. Just write without reading, i.e. memory[i] = static_cast<uint8_t>(i).
if you want to be really paranoid, cast it to volatile uint8_t*, that should
make the compiler even less conservative.
2. Add a call to base::debug::Alias(memory_), which will stop the compiler form
making escape analysis on this pointer

[DmitrySkiba, 2017/04/10 19:31:00]

Yup, definitely UB. Fixed.

+    }
+  }
+}