summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoravi@chromium.org <avi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-17 13:51:52 +0000
committeravi@chromium.org <avi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-17 13:51:52 +0000
commit73a964f0facc033d3ff6d08616f06d16850b37c2 (patch)
tree68eed96fda585e9d603f6c27351dad9767ed64ac
parent25f1cae9d3c9e2fb29ea0546ca8adda710818bd3 (diff)
downloadchromium_src-73a964f0facc033d3ff6d08616f06d16850b37c2.zip
chromium_src-73a964f0facc033d3ff6d08616f06d16850b37c2.tar.gz
chromium_src-73a964f0facc033d3ff6d08616f06d16850b37c2.tar.bz2
Die on an OOM situation in many more cases.
BUG=http://crbug.com/12673 TEST=run out of memory and die Review URL: http://codereview.chromium.org/875004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41834 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--base/base.gyp2
-rw-r--r--base/process_util_mac.mm152
-rw-r--r--base/process_util_unittest.cc46
-rw-r--r--base/process_util_unittest_mac.h26
-rw-r--r--base/process_util_unittest_mac.mm45
5 files changed, 251 insertions, 20 deletions
diff --git a/base/base.gyp b/base/base.gyp
index aae38b7..802147e 100644
--- a/base/base.gyp
+++ b/base/base.gyp
@@ -94,6 +94,8 @@
'pickle_unittest.cc',
'pr_time_unittest.cc',
'process_util_unittest.cc',
+ 'process_util_unittest_mac.h',
+ 'process_util_unittest_mac.mm',
'rand_util_unittest.cc',
'ref_counted_unittest.cc',
'scoped_bstr_win_unittest.cc',
diff --git a/base/process_util_mac.mm b/base/process_util_mac.mm
index faae5bf..47cb1d4 100644
--- a/base/process_util_mac.mm
+++ b/base/process_util_mac.mm
@@ -11,12 +11,14 @@
#include <mach/mach_init.h>
#include <mach/task.h>
#include <malloc/malloc.h>
+#import <objc/runtime.h>
#include <spawn.h>
#include <sys/mman.h>
#include <sys/sysctl.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <new>
#include <string>
#include "base/debug_util.h"
@@ -355,6 +357,10 @@ size_t GetSystemCommitCharge() {
namespace {
+bool g_oom_killer_enabled;
+
+// === C malloc/calloc/valloc/realloc ===
+
typedef void* (*malloc_type)(struct _malloc_zone_t* zone,
size_t size);
typedef void* (*calloc_type)(struct _malloc_zone_t* zone,
@@ -405,25 +411,94 @@ void* oom_killer_realloc(struct _malloc_zone_t* zone,
return result;
}
+// === C++ operator new ===
+
+void oom_killer_new() {
+ DebugUtil::BreakDebugger();
+}
+
+// === Core Foundation CFAllocators ===
+
+// This is the real structure of a CFAllocatorRef behind the scenes. See
+// http://opensource.apple.com/source/CF/CF-550/CFBase.c for details.
+struct ChromeCFAllocator {
+ _malloc_zone_t fake_malloc_zone;
+ void* allocator;
+ CFAllocatorContext context;
+};
+typedef ChromeCFAllocator* ChromeCFAllocatorRef;
+
+CFAllocatorAllocateCallBack g_old_cfallocator_system_default;
+CFAllocatorAllocateCallBack g_old_cfallocator_malloc;
+CFAllocatorAllocateCallBack g_old_cfallocator_malloc_zone;
+
+void* oom_killer_cfallocator_system_default(CFIndex alloc_size,
+ CFOptionFlags hint,
+ void* info) {
+ void* result = g_old_cfallocator_system_default(alloc_size, hint, info);
+ if (!result)
+ DebugUtil::BreakDebugger();
+ return result;
+}
+
+void* oom_killer_cfallocator_malloc(CFIndex alloc_size,
+ CFOptionFlags hint,
+ void* info) {
+ void* result = g_old_cfallocator_malloc(alloc_size, hint, info);
+ if (!result)
+ DebugUtil::BreakDebugger();
+ return result;
+}
+
+void* oom_killer_cfallocator_malloc_zone(CFIndex alloc_size,
+ CFOptionFlags hint,
+ void* info) {
+ void* result = g_old_cfallocator_malloc_zone(alloc_size, hint, info);
+ if (!result)
+ DebugUtil::BreakDebugger();
+ return result;
+}
+
} // namespace
+} // namespace base
+
+// === Cocoa NSObject allocation ===
+
+@interface NSObject (ChromeOOMKiller)
++ (id)OOMKiller_allocWithZone:(NSZone *)zone;
+@end
+
+@implementation NSObject (ChromeOOMKiller)
+
++ (id)OOMKiller_allocWithZone:(NSZone *)zone {
+ id result = [self OOMKiller_allocWithZone:zone];
+ if (!result)
+ DebugUtil::BreakDebugger();
+ return result;
+}
+
+@end
+
+namespace base {
+
void EnableTerminationOnOutOfMemory() {
- CHECK(!g_old_malloc && !g_old_calloc && !g_old_valloc && !g_old_realloc)
- << "EnableTerminationOnOutOfMemory() called twice!";
-
- // This approach is sub-optimal:
- // - Requests for amounts of memory larger than MALLOC_ABSOLUTE_MAX_SIZE
- // (currently SIZE_T_MAX - (2 * PAGE_SIZE)) will still fail with a NULL
- // rather than dying (see
- // http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c for
- // details).
- // - It is unclear whether allocations via the C++ operator new() are affected
- // by this (although it is likely).
- // - This does not affect allocations from non-default zones.
- // - It is unclear whether allocations from CoreFoundation's
- // kCFAllocatorDefault or +[NSObject alloc] are affected by this.
- // Nevertheless this is better than nothing for now.
- // TODO(avi):Do better. http://crbug.com/12673
+ if (g_oom_killer_enabled)
+ return;
+
+ g_oom_killer_enabled = true;
+
+ // === C malloc/calloc/valloc/realloc ===
+
+ // This approach is not perfect, as requests for amounts of memory larger than
+ // MALLOC_ABSOLUTE_MAX_SIZE (currently SIZE_T_MAX - (2 * PAGE_SIZE)) will
+ // still fail with a NULL rather than dying (see
+ // http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c for details).
+ // Unfortunately, it's the best we can do. Also note that this does not affect
+ // allocations from non-default zones.
+
+ DCHECK(!g_old_malloc && !g_old_calloc && !g_old_valloc && !g_old_realloc)
+ << "Old allocators unexpectedly non-null";
int32 major;
int32 minor;
@@ -459,6 +534,51 @@ void EnableTerminationOnOutOfMemory() {
if (zone_allocators_protected) {
mprotect(reinterpret_cast<void*>(page_start), len, PROT_READ);
}
+
+ // === C++ operator new ===
+
+ // Yes, operator new does call through to malloc, but this will catch failures
+ // that our imperfect handling of malloc cannot.
+
+ std::set_new_handler(oom_killer_new);
+
+ // === Core Foundation CFAllocators ===
+
+ // This will not catch allocation done by custom allocators, but will catch
+ // all allocation done by system-provided ones.
+
+ DCHECK(!g_old_cfallocator_system_default && !g_old_cfallocator_malloc &&
+ !g_old_cfallocator_malloc_zone)
+ << "Old allocators unexpectedly non-null";
+
+ ChromeCFAllocatorRef allocator = const_cast<ChromeCFAllocatorRef>(
+ reinterpret_cast<const ChromeCFAllocator*>(kCFAllocatorSystemDefault));
+ g_old_cfallocator_system_default = allocator->context.allocate;
+ allocator->context.allocate = oom_killer_cfallocator_system_default;
+
+ allocator = const_cast<ChromeCFAllocatorRef>(
+ reinterpret_cast<const ChromeCFAllocator*>(kCFAllocatorMalloc));
+ g_old_cfallocator_malloc = allocator->context.allocate;
+ allocator->context.allocate = oom_killer_cfallocator_malloc;
+
+ allocator = const_cast<ChromeCFAllocatorRef>(
+ reinterpret_cast<const ChromeCFAllocator*>(kCFAllocatorMallocZone));
+ g_old_cfallocator_malloc_zone = allocator->context.allocate;
+ allocator->context.allocate = oom_killer_cfallocator_malloc_zone;
+
+ // === Cocoa NSObject allocation ===
+
+ // Note that both +[NSObject new] and +[NSObject alloc] call through to
+ // +[NSObject allocWithZone:].
+
+ Class nsobject_class = [NSObject class];
+ Method m1 = class_getClassMethod(nsobject_class,
+ @selector(allocWithZone:));
+ CHECK(m1);
+ Method m2 = class_getClassMethod(nsobject_class,
+ @selector(OOMKiller_allocWithZone:));
+ CHECK(m2);
+ method_exchangeImplementations(m1, m2);
}
} // namespace base
diff --git a/base/process_util_unittest.cc b/base/process_util_unittest.cc
index 7b9a7af..296aaa9 100644
--- a/base/process_util_unittest.cc
+++ b/base/process_util_unittest.cc
@@ -29,6 +29,9 @@
#if defined(OS_WIN)
#include <windows.h>
#endif
+#if defined(OS_MACOSX)
+#include "base/process_util_unittest_mac.h"
+#endif
namespace base {
@@ -506,8 +509,8 @@ TEST_F(ProcessUtilTest, ParseProcStatCPU) {
#endif // defined(OS_POSIX)
-// TODO(vandebo) make this work on Windows and Mac too.
-#if defined(OS_LINUX)
+// TODO(vandebo) make this work on Windows too.
+#if !defined(OS_WIN)
#if defined(USE_TCMALLOC)
extern "C" {
@@ -521,7 +524,8 @@ class OutOfMemoryTest : public testing::Test {
: value_(NULL),
// Make test size as large as possible minus a few pages so
// that alignment or other rounding doesn't make it wrap.
- test_size_(std::numeric_limits<std::size_t>::max() - 8192) {
+ test_size_(std::numeric_limits<std::size_t>::max() - 12 * 1024),
+ signed_test_size_(std::numeric_limits<ssize_t>::max()) {
}
virtual void SetUp() {
@@ -539,9 +543,14 @@ class OutOfMemoryTest : public testing::Test {
void* value_;
size_t test_size_;
+ ssize_t signed_test_size_;
};
TEST_F(OutOfMemoryTest, New) {
+ ASSERT_DEATH(value_ = operator new(test_size_), "");
+}
+
+TEST_F(OutOfMemoryTest, NewArray) {
ASSERT_DEATH(value_ = new char[test_size_], "");
}
@@ -561,6 +570,7 @@ TEST_F(OutOfMemoryTest, Valloc) {
ASSERT_DEATH(value_ = valloc(test_size_), "");
}
+#if defined(OS_LINUX)
TEST_F(OutOfMemoryTest, Pvalloc) {
ASSERT_DEATH(value_ = pvalloc(test_size_), "");
}
@@ -585,7 +595,35 @@ TEST_F(OutOfMemoryTest, Posix_memalign) {
// value, since we're asserting death.
ASSERT_DEATH(EXPECT_EQ(ENOMEM, posix_memalign(&value_, 8, test_size_)), "");
}
+#endif // OS_LINUX
+
+#if defined(OS_MACOSX)
+
+// Since these allocation functions take a signed size, it's possible that
+// calling them just once won't be enough to exhaust memory.
+
+TEST_F(OutOfMemoryTest, CFAllocatorSystemDefault) {
+ ASSERT_DEATH(while ((value_ =
+ AllocateViaCFAllocatorSystemDefault(signed_test_size_))) {}, "");
+}
+
+TEST_F(OutOfMemoryTest, CFAllocatorMalloc) {
+ ASSERT_DEATH(while ((value_ =
+ AllocateViaCFAllocatorMalloc(signed_test_size_))) {}, "");
+}
+
+TEST_F(OutOfMemoryTest, CFAllocatorMallocZone) {
+ ASSERT_DEATH(while ((value_ =
+ AllocateViaCFAllocatorMallocZone(signed_test_size_))) {}, "");
+}
+
+TEST_F(OutOfMemoryTest, PsychoticallyBigObjCObject) {
+ ASSERT_DEATH(while ((value_ =
+ AllocatePsychoticallyBigObjCObject())) {}, "");
+}
+
+#endif // OS_MACOSX
-#endif // defined(OS_LINUX)
+#endif // !defined(OS_WIN)
} // namespace base
diff --git a/base/process_util_unittest_mac.h b/base/process_util_unittest_mac.h
new file mode 100644
index 0000000..8402e85
--- /dev/null
+++ b/base/process_util_unittest_mac.h
@@ -0,0 +1,26 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This file contains helpers for the process_util_unittest to allow it to fully
+// test the Mac code.
+
+#ifndef BASE_PROCESS_UTIL_UNITTEST_MAC_H_
+#define BASE_PROCESS_UTIL_UNITTEST_MAC_H_
+
+#include "base/basictypes.h"
+
+namespace base {
+
+// Allocates memory via system allocators. Alas, they take a _signed_ size for
+// allocation.
+void* AllocateViaCFAllocatorSystemDefault(int32 size);
+void* AllocateViaCFAllocatorMalloc(int32 size);
+void* AllocateViaCFAllocatorMallocZone(int32 size);
+
+// Allocates a huge Objective C object.
+void* AllocatePsychoticallyBigObjCObject();
+
+} // namespace base
+
+#endif // BASE_PROCESS_UTIL_UNITTEST_MAC_H_
diff --git a/base/process_util_unittest_mac.mm b/base/process_util_unittest_mac.mm
new file mode 100644
index 0000000..015227a
--- /dev/null
+++ b/base/process_util_unittest_mac.mm
@@ -0,0 +1,45 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/process_util_unittest_mac.h"
+
+#import <Cocoa/Cocoa.h>
+
+@interface PsychoticallyBigObjCObject : NSObject
+{
+#if __LP64__
+ // On 64 bits, Objective C objects have no size limit that I can find.
+ int tooBigToCount_[0xF000000000000000U / sizeof(int)];
+#else
+ // On 32 bits, Objective C objects must be < 2G in size.
+ int justUnder2Gigs_[(2U * 1024 * 1024 * 1024 - 1) / sizeof(int)];
+#endif
+}
+
+@end
+
+@implementation PsychoticallyBigObjCObject
+
+@end
+
+
+namespace base {
+
+void* AllocateViaCFAllocatorSystemDefault(int32 size) {
+ return CFAllocatorAllocate(kCFAllocatorSystemDefault, size, 0);
+}
+
+void* AllocateViaCFAllocatorMalloc(int32 size) {
+ return CFAllocatorAllocate(kCFAllocatorMalloc, size, 0);
+}
+
+void* AllocateViaCFAllocatorMallocZone(int32 size) {
+ return CFAllocatorAllocate(kCFAllocatorMallocZone, size, 0);
+}
+
+void* AllocatePsychoticallyBigObjCObject() {
+ return [[PsychoticallyBigObjCObject alloc] init];
+}
+
+} // namespace base