PartitionAlloc: Leave bucket in valid state when allocation fails

Source/wtf/PartitionAllocTest.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 14 matching lines @@
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "config.h"
 #include "wtf/PartitionAlloc.h"
 
 #include "wtf/BitwiseOperations.h"
+#include "wtf/CPU.h"
 #include "wtf/OwnPtr.h"
 #include "wtf/PassOwnPtr.h"
 #include <gtest/gtest.h>
 #include <stdlib.h>
 #include <string.h>
 
 #if OS(POSIX)
 #include <sys/mman.h>
+#include <sys/resource.h>
+#include <sys/time.h>
 
 #ifndef MAP_ANONYMOUS
 #define MAP_ANONYMOUS MAP_ANON
 #endif
 #endif // OS(POSIX)
 
 #if !defined(MEMORY_TOOL_REPLACES_ALLOCATOR)
 
 namespace {
 
@@ skipping 25 matching lines @@
     // bitrotted because no test calls it.
     partitionDumpStats(*allocator.root());
 #endif
 
     // We expect no leaks in the general case. We have a test for leak
     // detection.
     EXPECT_TRUE(allocator.shutdown());
     EXPECT_TRUE(genericAllocator.shutdown());
 }
 
+static bool SetAddressSpaceLimit()
+{
+#if !CPU(64BIT)
+    // 32 bits => address space is limited already.
+    return true;
+#elif OS(POSIX)
+    const size_t kAddressSpaceLimit = static_cast<size_t>(4096) * 1024 * 1024;
+    struct rlimit limit;
+    if (getrlimit(RLIMIT_AS, &limit) != 0)
+        return false;
+    if (limit.rlim_cur == RLIM_INFINITY || limit.rlim_cur > kAddressSpaceLimit) {
+        limit.rlim_cur = kAddressSpaceLimit;
+        if (setrlimit(RLIMIT_AS, &limit) != 0)
+            return false;
+    }
+    return true;
+#else
+    return false;

[Nico, 2015/08/08 19:46:50]

cevans: I found this pretty confusing – DoReturnNullTest() is only defined if
!CPU(64BIT) || OS(POSIX), but then SetAddressSpaceLimit always returns false on
OS X, and as a consequence RepeatedReturnNull is then disabled on OS X. Are
there plans for getting this passing on OS X? If not, should

#if !CPU(64BIT) || OS(POSIX)

just be changed to

#if !CPU(64BIT) || (OS(POSIX) && !OS(MACOSX))

above DoReturnNullTest()?

+#endif
+}
+
+static bool ClearAddressSpaceLimit()
+{
+#if !CPU(64BIT)
+    return true;
+#elif OS(POSIX)
+    struct rlimit limit;
+    if (getrlimit(RLIMIT_AS, &limit) != 0)
+        return false;
+    limit.rlim_cur = limit.rlim_max;
+    if (setrlimit(RLIMIT_AS, &limit) != 0)
+        return false;
+    return true;
+#else
+    return false;
+#endif
+}
+
 static WTF::PartitionPage* GetFullPage(size_t size)
 {
     size_t realSize = size + kExtraAllocSize;
     size_t bucketIdx = realSize >> WTF::kBucketShift;
     WTF::PartitionBucket* bucket = &allocator.root()->buckets()[bucketIdx];
     size_t numSlots = (bucket->numSystemPagesPerSlotSpan * WTF::kSystemPageSize) / realSize;
     void* first = 0;
     void* last = 0;
     size_t i;
     for (i = 0; i < numSlots; ++i) {
@@ skipping 992 matching lines @@
     ptr = partitionAllocGeneric(genericAllocator.root(), size);
     EXPECT_TRUE(ptr);
     partitionFreeGeneric(genericAllocator.root(), ptr);
 
     EXPECT_TRUE(bucket->activePagesHead);
     EXPECT_TRUE(bucket->freePagesHead);
 
     TestShutdown();
 }
 
+#if !CPU(64BIT) || OS(POSIX)
+
+// Tests that if an allocation fails in "return null" mode, repeating it doesn't
+// crash, and still returns null. The test tries to allocate 6 GB of memory in
+// 512 kB blocks. On 64-bit POSIX systems, the address space is limited to 4 GB
+// using setrlimit() first.
+TEST(PartitionAllocTest, RepeatedReturnNull)
+{
+    TestSetup();
+
+    EXPECT_TRUE(SetAddressSpaceLimit());
+
+    // 512 kB x 12288 == 6 GB
+    const size_t blockSize = 512 * 1024;
+    const int numAllocations = 12288;
+
+    void* ptrs[numAllocations];
+    int i;
+
+    for (i = 0; i < numAllocations; ++i) {
+        ptrs[i] = partitionAllocGenericFlags(genericAllocator.root(), WTF::PartitionAllocReturnNull, blockSize);
+        if (!ptrs[i]) {
+            ptrs[i] = partitionAllocGenericFlags(genericAllocator.root(), WTF::PartitionAllocReturnNull, blockSize);
+            EXPECT_FALSE(ptrs[i]);
+            break;
+        }
+    }
+
+    // We shouldn't succeed in allocating all 6 GB of memory. If we do, then
+    // we're not actually testing anything here.
+    EXPECT_LT(i, numAllocations);
+
+    // Free, reallocate and free again each block we allocated. We do this to
+    // check that freeing memory also works correctly after a failed allocation.
+    for (--i; i >= 0; --i) {
+        partitionFreeGeneric(genericAllocator.root(), ptrs[i]);
+        ptrs[i] = partitionAllocGenericFlags(genericAllocator.root(), WTF::PartitionAllocReturnNull, blockSize);
+        EXPECT_TRUE(ptrs[i]);
+        partitionFreeGeneric(genericAllocator.root(), ptrs[i]);
+    }
+
+    EXPECT_TRUE(ClearAddressSpaceLimit());
+
+    TestShutdown();
+}
+
+#endif // !CPU(64BIT) || OS(POSIX)
+
 #if !OS(ANDROID)
 
 // Make sure that malloc(-1) dies.
 // In the past, we had an integer overflow that would alias malloc(-1) to
 // malloc(0), which is not good.
 TEST(PartitionAllocDeathTest, LargeAllocs)
 {
     TestSetup();
     // Largest alloc.
     EXPECT_DEATH(partitionAllocGeneric(genericAllocator.root(), static_cast<size_t>(-1)), "");
@@ skipping 79 matching lines @@
     EXPECT_EQ(32u, WTF::countLeadingZerosSizet(0u));
     EXPECT_EQ(31u, WTF::countLeadingZerosSizet(1u));
     EXPECT_EQ(1u, WTF::countLeadingZerosSizet(1u << 30));
     EXPECT_EQ(0u, WTF::countLeadingZerosSizet(1u << 31));
 #endif
 }
 
 } // namespace
 
 #endif // !defined(MEMORY_TOOL_REPLACES_ALLOCATOR)