PartitionAlloc: Distinguish OOMs where a lot of super pages are not committed

Source/wtf/PartitionAlloc.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 96 matching lines @@
         PartitionRootBase::gInitialized = true;
         // We mark the seed page as free to make sure it is skipped by our
         // logic to find a new active page.
         PartitionRootBase::gPagedBucket.activePagesHead = &PartitionRootGeneric::gSeedPage;
     }
     spinLockUnlock(&PartitionRootBase::gInitializedLock);
 
     root->initialized = true;
     root->totalSizeOfCommittedPages = 0;
     root->totalSizeOfSuperPages = 0;
+    root->totalSizeOfDirectMappedPages = 0;
     root->nextSuperPage = 0;
     root->nextPartitionPage = 0;
     root->nextPartitionPageEnd = 0;
     root->firstExtent = 0;
     root->currentExtent = 0;
 
     memset(&root->globalEmptyPageRing, '\0', sizeof(root->globalEmptyPageRing));
     root->globalEmptyPageRingIndex = 0;
 
     // This is a "magic" value so we can test if a root pointer is valid.
@@ skipping 162 matching lines @@
     size_t i;
     for (i = 0; i < kGenericNumBucketedOrders * kGenericNumBucketsPerOrder; ++i) {
         PartitionBucket* bucket = &root->buckets[i];
         if (!partitionAllocShutdownBucket(bucket))
             noLeaks = false;
     }
     partitionAllocBaseShutdown(root);
     return noLeaks;
 }
 
-static NEVER_INLINE void partitionOutOfMemory()
+

[Chris Evans, 2014/11/08 07:04:43]

Nit: Remove extra newline?

[hiroshige, 2014/11/11 09:41:30]

Done.

+static NEVER_INLINE void partitionOutOfMemoryWithLotsOfUncommitedPages()
 {
+    // Crash at a special address (0x9b)
+    // to be easily distinguished on crash reports.
+    IMMEDIATE_CRASH_WITH_FLAG(0x9b);

[Chris Evans, 2014/11/08 07:04:43]

Do we think this strange quirk of Windows (missing frames in stack trace) is
worth adding a brand new macro for?

I'd be happy with
#if OS(WIN)
.. do the magic bad dereference ..
#endif
IMMEDIATE_CRASH()

Also: does the "missing frames" problem affect 64-bit Windows? If not, we can
narrow the special hack to just Windows and just 32-bit which would be nice.

[hiroshige, 2014/11/11 09:41:30]

Done.
I withdraw the macro because I feel its current implementation (crashing at
magic number address) is somehow ugly and not ready for use in general.
I think so, because there are no crashes which includes partitionFull or
partitionOutOfMemory in stack traces on Win64.
(and there are such crashes on amd64 Linux and Mac)

+}
+
+static NEVER_INLINE void partitionOutOfMemory(const PartitionRootBase* root)
+{
+    ASSERT(root->totalSizeOfCommittedPages <= root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages);

[Chris Evans, 2014/11/08 07:04:44]

Nit: for clarity, maybe we only need to ASSERT() directly after modifying one of
these values.

[hiroshige, 2014/11/11 09:41:30]

Done.

+    if (root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages - root->totalSizeOfCommittedPages > kReasonableSizeOfUnusedPages) {

[Chris Evans, 2014/11/08 07:04:44]

I still don't think this test has much value in 64-bit. Even if we do have 1GB
of uncommitted pages on 64-bit, I think this has zero correlation with running
out of virtual address space. A 64-bit address space is enormous, even on ARM64.

[hiroshige, 2014/11/11 09:41:30]

OK, I added #if CPU(32_BIT) to limit this to 32-bit only.

+        // OOMs where a lot of super pages are allocated but not committed,
+        // probably due to http://crbug.com/421387.
+        partitionOutOfMemoryWithLotsOfUncommitedPages();
+    }
+    // Ordinary OOMs (where super pages are consumed and mostly committed).
     IMMEDIATE_CRASH();
 }
 
 static ALWAYS_INLINE void partitionDecommitSystemPages(PartitionRootBase* root, void* addr, size_t len)
 {
     decommitSystemPages(addr, len);
-    ASSERT(root->totalSizeOfCommittedPages > len);
+    ASSERT(root->totalSizeOfCommittedPages >= len);
     root->totalSizeOfCommittedPages -= len;
 }
 
 static ALWAYS_INLINE void partitionRecommitSystemPages(PartitionRootBase* root, void* addr, size_t len)
 {
     recommitSystemPages(addr, len);
     root->totalSizeOfCommittedPages += len;
+    ASSERT(root->totalSizeOfCommittedPages <= root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages);
 }
 
 static ALWAYS_INLINE void* partitionAllocPartitionPages(PartitionRootBase* root, int flags, uint16_t numPartitionPages)
 {
     ASSERT(!(reinterpret_cast<uintptr_t>(root->nextPartitionPage) % kPartitionPageSize));
     ASSERT(!(reinterpret_cast<uintptr_t>(root->nextPartitionPageEnd) % kPartitionPageSize));
     RELEASE_ASSERT(numPartitionPages <= kNumPartitionPagesPerSuperPage);
     size_t totalSize = kPartitionPageSize * numPartitionPages;
-    root->totalSizeOfCommittedPages += totalSize;

[Chris Evans, 2014/11/08 07:07:15]

Whoa, the changes in this file look like an important bugfix: the accounting is
wrong if we subsequently fail the allocation.

Feel free to extract out the changes in this function (minus the new ASSERTs)
and TBR it to me.

[hiroshige, 2014/11/11 09:41:30]

Done.

     size_t numPartitionPagesLeft = (root->nextPartitionPageEnd - root->nextPartitionPage) >> kPartitionPageShift;
     if (LIKELY(numPartitionPagesLeft >= numPartitionPages)) {
         // In this case, we can still hand out pages from the current super page
         // allocation.
         char* ret = root->nextPartitionPage;
         root->nextPartitionPage += totalSize;
+        root->totalSizeOfCommittedPages += totalSize;
+        ASSERT(root->totalSizeOfCommittedPages <= root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages);
         return ret;
     }
 
     // Need a new super page.
-    root->totalSizeOfSuperPages += kSuperPageSize;
     char* requestedAddress = root->nextSuperPage;
     char* superPage = reinterpret_cast<char*>(allocPages(requestedAddress, kSuperPageSize, kSuperPageSize));
     if (UNLIKELY(!superPage))
         return 0;
+
+    root->totalSizeOfSuperPages += kSuperPageSize;
+    root->totalSizeOfCommittedPages += totalSize;
+    ASSERT(root->totalSizeOfCommittedPages <= root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages);
+
     root->nextSuperPage = superPage + kSuperPageSize;
     char* ret = superPage + kPartitionPageSize;
     root->nextPartitionPage = ret + totalSize;
     root->nextPartitionPageEnd = root->nextSuperPage - kPartitionPageSize;
     // Make the first partition page in the super page a guard page, but leave a
     // hole in the middle.
     // This is where we put page metadata and also a tiny amount of extent
     // metadata.
     setSystemPagesInaccessible(superPage, kSystemPageSize);
     setSystemPagesInaccessible(superPage + (kSystemPageSize * 2), kPartitionPageSize - (kSystemPageSize * 2));
@@ skipping 209 matching lines @@
     // a bunch of system pages more than "size":
     // - The first few system pages are the partition page in which the super
     // page metadata is stored. We fault just one system page out of a partition
     // page sized clump.
     // - We add a trailing guard page.
     size_t mapSize = size + kPartitionPageSize + kSystemPageSize;
     // Round up to the allocation granularity.
     mapSize += kPageAllocationGranularityOffsetMask;
     mapSize &= kPageAllocationGranularityBaseMask;
 
     root->totalSizeOfCommittedPages += size + kSystemPageSize;

[Chris Evans, 2014/11/08 07:04:44]

Nit: calculate "size + kSystemPageSize" into a separate variable to avoid
repetition?

[hiroshige, 2014/11/11 09:41:30]

Done.

+    root->totalSizeOfDirectMappedPages += size + kSystemPageSize;
+    ASSERT(root->totalSizeOfCommittedPages <= root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages);
 
     // TODO: we may want to let the operating system place these allocations
     // where it pleases. On 32-bit, this might limit address space
     // fragmentation and on 64-bit, this might have useful savings for TLB
     // and page table overhead.
     // TODO: if upsizing realloc()s are common on large sizes, we could
     // consider over-allocating address space on 64-bit, "just in case".
     // TODO: consider pre-populating page tables (e.g. MAP_POPULATE on Linux,
     // MADV_WILLNEED on POSIX).
     // TODO: these pages will be zero-filled. Consider internalizing an
@@ skipping 34 matching lines @@
 }
 
 static ALWAYS_INLINE void partitionDirectUnmap(PartitionPage* page)
 {
     size_t unmapSize = partitionPageToDirectMapExtent(page)->mapSize;
 
     // Add on the size of the trailing guard page and preceeding partition
     // page.
     unmapSize += kPartitionPageSize + kSystemPageSize;
 
     PartitionRootBase* root = partitionPageToRoot(page);

[Chris Evans, 2014/11/08 07:04:44]

Nit: calculate "page->bucket->slotSize + kSystemPageSize" into a separate
variable to avoid repetition?

[hiroshige, 2014/11/11 09:41:29]

Done.

+    ASSERT(root->totalSizeOfCommittedPages >= page->bucket->slotSize + kSystemPageSize);
     root->totalSizeOfCommittedPages -= page->bucket->slotSize + kSystemPageSize;
+    ASSERT(root->totalSizeOfDirectMappedPages >= page->bucket->slotSize + kSystemPageSize);
+    root->totalSizeOfDirectMappedPages -= page->bucket->slotSize + kSystemPageSize;
 
     ASSERT(!(unmapSize & kPageAllocationGranularityOffsetMask));
 
     char* ptr = reinterpret_cast<char*>(partitionPageToPointer(page));
     // Account for the mapping starting a partition page before the actual
     // allocation address.
     ptr -= kPartitionPageSize;
 
     freePages(ptr, unmapSize);
 }
@@ skipping 59 matching lines @@
         newPage = partitionPointerToPageNoAlignmentCheck(rawNewPage);
     }
 
     partitionPageReset(newPage, bucket);
     bucket->activePagesHead = newPage;
     return partitionPageAllocAndFillFreelist(newPage);
 
 partitionAllocSlowPathFailed:
     if (returnNull)
         return nullptr;
-    partitionOutOfMemory();
+    partitionOutOfMemory(root);
     return nullptr;
 }
 
 static ALWAYS_INLINE void partitionFreePage(PartitionRootBase* root, PartitionPage* page)
 {
     ASSERT(page->freelistHead);
     ASSERT(!page->numAllocatedSlots);
     partitionUnusePage(root, page);
     // We actually leave the freed page in the active list. We'll sweep it on
     // to the free page list when we next walk the active page list. Pulling
@@ skipping 258 matching lines @@
     printf("total live: %zu bytes\n", totalLive);
     printf("total resident: %zu bytes\n", totalResident);
     printf("total freeable: %zu bytes\n", totalFreeable);
     fflush(stdout);
 }
 
 #endif // !NDEBUG
 
 } // namespace WTF