PartitionAlloc: Distinguish OOMs where a lot of super pages are not committed

Source/wtf/PartitionAlloc.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 96 matching lines @@
         PartitionRootBase::gInitialized = true;
         // We mark the seed page as free to make sure it is skipped by our
         // logic to find a new active page.
         PartitionRootBase::gPagedBucket.activePagesHead = &PartitionRootGeneric::gSeedPage;
     }
     spinLockUnlock(&PartitionRootBase::gInitializedLock);
 
     root->initialized = true;
     root->totalSizeOfCommittedPages = 0;
     root->totalSizeOfSuperPages = 0;
+    root->totalSizeOfDirectMappedPages = 0;
     root->nextSuperPage = 0;
     root->nextPartitionPage = 0;
     root->nextPartitionPageEnd = 0;
     root->firstExtent = 0;
     root->currentExtent = 0;
 
     memset(&root->globalEmptyPageRing, '\0', sizeof(root->globalEmptyPageRing));
     root->globalEmptyPageRingIndex = 0;
 
     // This is a "magic" value so we can test if a root pointer is valid.
@@ skipping 162 matching lines @@
     size_t i;
     for (i = 0; i < kGenericNumBucketedOrders * kGenericNumBucketsPerOrder; ++i) {
         PartitionBucket* bucket = &root->buckets[i];
         if (!partitionAllocShutdownBucket(bucket))
             noLeaks = false;
     }
     partitionAllocBaseShutdown(root);
     return noLeaks;
 }
 
-static NEVER_INLINE void partitionOutOfMemory()
+#if !CPU(64BIT)

[hiroshige, 2014/11/13 06:26:31]

Use CPU(64BIT) instead of CPU(32BIT), beause
https://codereview.chromium.org/712303003/ was reverted, and
CPU(32BIT) is proposed to be removed in
https://codereview.chromium.org/717263005/.

+static NEVER_INLINE void partitionOutOfMemoryWithLotsOfUncommitedPages()
 {
+#if OS(WIN)
+    // Crash at a special address (0x9b)
+    // to be easily distinguished on crash reports.
+    // This is because crash stack traces are inaccurate on Windows and
+    // partitionOutOfMemoryWithLotsOfUncommitedPages might be not included
+    // in the stack traces.
+    reinterpret_cast<void(*)()>(0x9b)();
+#endif
+
+    // On non-Windows environment, IMMEDIATE_CRASH is sufficient
+    // because partitionOutOfMemoryWithLotsOfUncommitedPages will appear
+    // in crash stack traces.
+    IMMEDIATE_CRASH();
+}
+#endif
+
+static NEVER_INLINE void partitionOutOfMemory(const PartitionRootBase* root)
+{
+#if !CPU(64BIT)
+    // Check whether this OOM is due to a lot of super pages that are allocated
+    // but not committed, probably due to http://crbug.com/421387.
+    if (root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages - root->totalSizeOfCommittedPages > kReasonableSizeOfUnusedPages) {
+        partitionOutOfMemoryWithLotsOfUncommitedPages();
+    }
+#endif
     IMMEDIATE_CRASH();
 }
 
 static ALWAYS_INLINE void partitionDecommitSystemPages(PartitionRootBase* root, void* addr, size_t len)
 {
     decommitSystemPages(addr, len);
-    ASSERT(root->totalSizeOfCommittedPages > len);
+    ASSERT(root->totalSizeOfCommittedPages >= len);
     root->totalSizeOfCommittedPages -= len;
 }
 
 static ALWAYS_INLINE void partitionRecommitSystemPages(PartitionRootBase* root, void* addr, size_t len)
 {
     recommitSystemPages(addr, len);
     root->totalSizeOfCommittedPages += len;
+    ASSERT(root->totalSizeOfCommittedPages <= root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages);
 }
 
 static ALWAYS_INLINE void* partitionAllocPartitionPages(PartitionRootBase* root, int flags, uint16_t numPartitionPages)
 {
     ASSERT(!(reinterpret_cast<uintptr_t>(root->nextPartitionPage) % kPartitionPageSize));
     ASSERT(!(reinterpret_cast<uintptr_t>(root->nextPartitionPageEnd) % kPartitionPageSize));
     RELEASE_ASSERT(numPartitionPages <= kNumPartitionPagesPerSuperPage);
     size_t totalSize = kPartitionPageSize * numPartitionPages;
     size_t numPartitionPagesLeft = (root->nextPartitionPageEnd - root->nextPartitionPage) >> kPartitionPageShift;
     if (LIKELY(numPartitionPagesLeft >= numPartitionPages)) {
         // In this case, we can still hand out pages from the current super page
         // allocation.
         char* ret = root->nextPartitionPage;
         root->nextPartitionPage += totalSize;
         root->totalSizeOfCommittedPages += totalSize;
+        ASSERT(root->totalSizeOfCommittedPages <= root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages);
         return ret;
     }
 
     // Need a new super page.
     char* requestedAddress = root->nextSuperPage;
     char* superPage = reinterpret_cast<char*>(allocPages(requestedAddress, kSuperPageSize, kSuperPageSize));
     if (UNLIKELY(!superPage))
         return 0;
 
     root->totalSizeOfSuperPages += kSuperPageSize;
     root->totalSizeOfCommittedPages += totalSize;
+    ASSERT(root->totalSizeOfCommittedPages <= root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages);
 
     root->nextSuperPage = superPage + kSuperPageSize;
     char* ret = superPage + kPartitionPageSize;
     root->nextPartitionPage = ret + totalSize;
     root->nextPartitionPageEnd = root->nextSuperPage - kPartitionPageSize;
     // Make the first partition page in the super page a guard page, but leave a
     // hole in the middle.
     // This is where we put page metadata and also a tiny amount of extent
     // metadata.
     setSystemPagesInaccessible(superPage, kSystemPageSize);
@@ skipping 210 matching lines @@
     // a bunch of system pages more than "size":
     // - The first few system pages are the partition page in which the super
     // page metadata is stored. We fault just one system page out of a partition
     // page sized clump.
     // - We add a trailing guard page.
     size_t mapSize = size + kPartitionPageSize + kSystemPageSize;
     // Round up to the allocation granularity.
     mapSize += kPageAllocationGranularityOffsetMask;
     mapSize &= kPageAllocationGranularityBaseMask;
 
-    root->totalSizeOfCommittedPages += size + kSystemPageSize;
+    size_t committedPageSize = size + kSystemPageSize;
+    root->totalSizeOfCommittedPages += committedPageSize;
+    root->totalSizeOfDirectMappedPages += committedPageSize;
+    ASSERT(root->totalSizeOfCommittedPages <= root->totalSizeOfSuperPages + root->totalSizeOfDirectMappedPages);
 
     // TODO: we may want to let the operating system place these allocations
     // where it pleases. On 32-bit, this might limit address space
     // fragmentation and on 64-bit, this might have useful savings for TLB
     // and page table overhead.
     // TODO: if upsizing realloc()s are common on large sizes, we could
     // consider over-allocating address space on 64-bit, "just in case".
     // TODO: consider pre-populating page tables (e.g. MAP_POPULATE on Linux,
     // MADV_WILLNEED on POSIX).
     // TODO: these pages will be zero-filled. Consider internalizing an
@@ skipping 35 matching lines @@
 
 static ALWAYS_INLINE void partitionDirectUnmap(PartitionPage* page)
 {
     size_t unmapSize = partitionPageToDirectMapExtent(page)->mapSize;
 
     // Add on the size of the trailing guard page and preceeding partition
     // page.
     unmapSize += kPartitionPageSize + kSystemPageSize;
 
     PartitionRootBase* root = partitionPageToRoot(page);
-    root->totalSizeOfCommittedPages -= page->bucket->slotSize + kSystemPageSize;
+    size_t uncommittedPageSize = page->bucket->slotSize + kSystemPageSize;
+    ASSERT(root->totalSizeOfCommittedPages >= uncommittedPageSize);
+    root->totalSizeOfCommittedPages -= uncommittedPageSize;
+    ASSERT(root->totalSizeOfDirectMappedPages >= uncommittedPageSize);
+    root->totalSizeOfDirectMappedPages -= uncommittedPageSize;
 
     ASSERT(!(unmapSize & kPageAllocationGranularityOffsetMask));
 
     char* ptr = reinterpret_cast<char*>(partitionPageToPointer(page));
     // Account for the mapping starting a partition page before the actual
     // allocation address.
     ptr -= kPartitionPageSize;
 
     freePages(ptr, unmapSize);
 }
@@ skipping 64 matching lines @@
     return partitionPageAllocAndFillFreelist(newPage);
 
 partitionAllocSlowPathFailed:
     if (returnNull) {
         // If we get here, we will set the active page to null, which is an
         // invalid state. To support continued use of this bucket, we need to
         // restore a valid state, by setting the active page to the seed page.
         bucket->activePagesHead = &PartitionRootGeneric::gSeedPage;
         return nullptr;
     }
-    partitionOutOfMemory();
+    partitionOutOfMemory(root);
     return nullptr;
 }
 
 static ALWAYS_INLINE void partitionFreePage(PartitionRootBase* root, PartitionPage* page)
 {
     ASSERT(page->freelistHead);
     ASSERT(!page->numAllocatedSlots);
     partitionUnusePage(root, page);
     // We actually leave the freed page in the active list. We'll sweep it on
     // to the free page list when we next walk the active page list. Pulling
@@ skipping 260 matching lines @@
     printf("total live: %zu bytes\n", totalLive);
     printf("total resident: %zu bytes\n", totalResident);
     printf("total freeable: %zu bytes\n", totalFreeable);
     fflush(stdout);
 }
 
 #endif // !NDEBUG
 
 } // namespace WTF