Changeset 208690 in webkit

Timestamp:

Nov 14, 2016, 10:04:06 AM (9 years ago)

Author:

mark.lam@apple.com

Message:

Add debugging facility to limit the max single allocation size.
​https://bugs.webkit.org/show_bug.cgi?id=164681

Reviewed by Keith Miller.

Source/JavaScriptCore:

Added JSC option to set FastMalloc's maxSingleAllocationSize for testing purposes.
This option is only available on Debug builds.

• runtime/Options.cpp:

(JSC::Options::isAvailable):
(JSC::recomputeDependentOptions):

• runtime/Options.h:

Source/WTF:

This is useful for simulating memory allocation failures on resource constraint
devices for testing purposes.

This facility is only conditionally compiled in on debug builds. It does not
have any burden on release builds at all. When in use, the max single allocation
size limit applies to individual allocations. For malloc (and similar), the
allocation will crash in FastMalloc if the requested size exceeds the set max
single allocation size. For tryMalloc (and similar), the allocation returns
nullptr if the requested size exceeds the set max single allocation size. The
max single allocation size is set to std::numeric_limit<size_t>::max() by default
(i.e. when not set and no limit is in effect).

Also fixed non-bmalloc versions of fastAlignedMalloc() to crash when allocation
fails.

• wtf/FastMalloc.cpp:

(WTF::fastSetMaxSingleAllocationSize):
(WTF::fastAlignedMalloc):
(WTF::tryFastAlignedMalloc):
(WTF::tryFastMalloc):
(WTF::fastMalloc):
(WTF::tryFastCalloc):
(WTF::fastCalloc):
(WTF::fastRealloc):

• wtf/FastMalloc.h:

Location:

trunk/Source

Files:

• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/runtime/Options.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/Options.h (modified) (1 diff)
• WTF/ChangeLog (modified) (1 diff)
• WTF/wtf/FastMalloc.cpp (modified) (15 diffs)
• WTF/wtf/FastMalloc.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2016-11-13  Mark Lam  <mark.lam@apple.com>
+
+        Add debugging facility to limit the max single allocation size.
+        https://bugs.webkit.org/show_bug.cgi?id=164681
+
+        Reviewed by Keith Miller.
+
+        Added JSC option to set FastMalloc's maxSingleAllocationSize for testing purposes.
+        This option is only available on Debug builds.
+
+        * runtime/Options.cpp:
+        (JSC::Options::isAvailable):
+        (JSC::recomputeDependentOptions):
+        * runtime/Options.h:
+
 2016-11-12  Joseph Pecoraro  <pecoraro@apple.com>
 

trunk/Source/JavaScriptCore/runtime/Options.cpp

@@ -137 +137 @@
         return true;
 #endif
+#if !defined(NDEBUG)
+    if (id == maxSingleAllocationSizeID)
+        return true;
+#endif
     return false;
 }
@@ -396 +400 @@
 #if ENABLE(LLINT_STATS)
     LLInt::Data::loadStats();
+#endif
+#if !defined(NDEBUG)
+    if (Options::maxSingleAllocationSize())
+        fastSetMaxSingleAllocationSize(Options::maxSingleAllocationSize());
+    else
+        fastSetMaxSingleAllocationSize(std::numeric_limits<size_t>::max());
 #endif
 }

trunk/Source/JavaScriptCore/runtime/Options.h

@@ -324 +324 @@
     v(bool, useImmortalObjects, false, Normal, "debugging option to keep all objects alive forever") \
     v(bool, dumpObjectStatistics, false, Normal, nullptr) \
+    v(unsigned, maxSingleAllocationSize, 0, Configurable, "debugging option to limit individual allocations to a max size (0 = limit not set, N = limit size in bytes)") \
     \
     v(gcLogLevel, logGC, GCLogging::None, Normal, "debugging option to log GC activity (0 = None, 1 = Basic, 2 = Verbose)") \

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2016-11-13  Mark Lam  <mark.lam@apple.com>
+
+        Add debugging facility to limit the max single allocation size.
+        https://bugs.webkit.org/show_bug.cgi?id=164681
+
+        Reviewed by Keith Miller.
+
+        This is useful for simulating memory allocation failures on resource constraint
+        devices for testing purposes.
+
+        This facility is only conditionally compiled in on debug builds.  It does not
+        have any burden on release builds at all.  When in use, the max single allocation
+        size limit applies to individual allocations.  For malloc (and similar), the
+        allocation will crash in FastMalloc if the requested size exceeds the set max
+        single allocation size.  For tryMalloc (and similar), the allocation returns
+        nullptr if the requested size exceeds the set max single allocation size.  The
+        max single allocation size is set to std::numeric_limit<size_t>::max() by default
+        (i.e. when not set and no limit is in effect).
+
+        Also fixed non-bmalloc versions of fastAlignedMalloc() to crash when allocation
+        fails.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::fastSetMaxSingleAllocationSize):
+        (WTF::fastAlignedMalloc):
+        (WTF::tryFastAlignedMalloc):
+        (WTF::tryFastMalloc):
+        (WTF::fastMalloc):
+        (WTF::tryFastCalloc):
+        (WTF::fastCalloc):
+        (WTF::fastRealloc):
+        * wtf/FastMalloc.h:
+
 2016-11-13  JF Bastien  <jfbastien@apple.com>
 

trunk/Source/WTF/wtf/FastMalloc.cpp

@@ -47 +47 @@
 namespace WTF {
 
+#if !defined(NDEBUG)
+namespace {
+size_t maxSingleAllocationSize = std::numeric_limits<size_t>::max();
+};
+
+void fastSetMaxSingleAllocationSize(size_t size)
+{
+    maxSingleAllocationSize = size;
+}
+
+#define ASSERT_IS_WITHIN_LIMIT(size) do { \
+        size_t size__ = (size); \
+        ASSERT_WITH_MESSAGE((size__) <= maxSingleAllocationSize, "Requested size (%zu) exceeds max single allocation size set for testing (%zu)", (size__), maxSingleAllocationSize); \
+    } while (false)
+
+#define FAIL_IF_EXCEEDS_LIMIT(size) do { \
+        if (UNLIKELY((size) > maxSingleAllocationSize)) \
+            return nullptr; \
+    } while (false)
+
+#else // !defined(NDEBUG)
+
+#define ASSERT_IS_WITHIN_LIMIT(size)
+#define FAIL_IF_EXCEEDS_LIMIT(size)
+
+#endif // !defined(NDEBUG)
+
 void* fastZeroedMalloc(size_t n) 
 {
@@ -99 +126 @@
 void* fastAlignedMalloc(size_t alignment, size_t size) 
 {
+    ASSERT_IS_WITHIN_LIMIT(size);
+    void* p = _aligned_malloc(size, alignment);
+    if (UNLIKELY(!p))
+        CRASH();
+    return p;
+}
+
+void* tryFastAlignedMalloc(size_t alignment, size_t size) 
+{
+    FAIL_IF_EXCEEDS_LIMIT(size);
     return _aligned_malloc(size, alignment);
 }
 
+void fastAlignedFree(void* p) 
+{
+    _aligned_free(p);
+}
+
+#else
+
+void* fastAlignedMalloc(size_t alignment, size_t size) 
+{
+    ASSERT_IS_WITHIN_LIMIT(size);
+    void* p = nullptr;
+    posix_memalign(&p, alignment, size);
+    if (UNLIKELY(!p))
+        CRASH();
+    return p;
+}
+
 void* tryFastAlignedMalloc(size_t alignment, size_t size) 
 {
-    return _aligned_malloc(size, alignment);
-}
-
-void fastAlignedFree(void* p) 
-{
-    _aligned_free(p);
-}
-
-#else
-
-void* fastAlignedMalloc(size_t alignment, size_t size) 
-{
+    FAIL_IF_EXCEEDS_LIMIT(size);
     void* p = nullptr;
     posix_memalign(&p, alignment, size);
@@ -121 +164 @@
 }
 
-void* tryFastAlignedMalloc(size_t alignment, size_t size) 
-{
-    void* p = nullptr;
-    posix_memalign(&p, alignment, size);
-    return p;
-}
-
 void fastAlignedFree(void* p) 
 {
@@ -137 +173 @@
 TryMallocReturnValue tryFastMalloc(size_t n) 
 {
+    FAIL_IF_EXCEEDS_LIMIT(n);
     return malloc(n);
 }
@@ -142 +179 @@
 void* fastMalloc(size_t n) 
 {
+    ASSERT_IS_WITHIN_LIMIT(n);
     void* result = malloc(n);
     if (!result)
@@ -151 +189 @@
 TryMallocReturnValue tryFastCalloc(size_t n_elements, size_t element_size)
 {
+    FAIL_IF_EXCEEDS_LIMIT(n_elements * element_size);
     return calloc(n_elements, element_size);
 }
@@ -156 +195 @@
 void* fastCalloc(size_t n_elements, size_t element_size)
 {
+    ASSERT_IS_WITHIN_LIMIT(n_elements * element_size);
     void* result = calloc(n_elements, element_size);
     if (!result)
@@ -170 +210 @@
 void* fastRealloc(void* p, size_t n)
 {
+    ASSERT_IS_WITHIN_LIMIT(n);
     void* result = realloc(p, n);
     if (!result)
@@ -212 +253 @@
 void* fastMalloc(size_t size)
 {
+    ASSERT_IS_WITHIN_LIMIT(size);
     return bmalloc::api::malloc(size);
 }
@@ -217 +259 @@
 void* fastCalloc(size_t numElements, size_t elementSize)
 {
+    ASSERT_IS_WITHIN_LIMIT(numElements * elementSize);
     Checked<size_t> checkedSize = elementSize;
     checkedSize *= numElements;
@@ -227 +270 @@
 void* fastRealloc(void* object, size_t size)
 {
+    ASSERT_IS_WITHIN_LIMIT(size);
     return bmalloc::api::realloc(object, size);
 }
@@ -250 +294 @@
 void* fastAlignedMalloc(size_t alignment, size_t size) 
 {
+    ASSERT_IS_WITHIN_LIMIT(size);
     return bmalloc::api::memalign(alignment, size);
 }
@@ -255 +300 @@
 void* tryFastAlignedMalloc(size_t alignment, size_t size) 
 {
+    FAIL_IF_EXCEEDS_LIMIT(size);
     return bmalloc::api::tryMemalign(alignment, size);
 }
@@ -265 +311 @@
 TryMallocReturnValue tryFastMalloc(size_t size)
 {
+    FAIL_IF_EXCEEDS_LIMIT(size);
     return bmalloc::api::tryMalloc(size);
 }
@@ -270 +317 @@
 TryMallocReturnValue tryFastCalloc(size_t numElements, size_t elementSize)
 {
+    FAIL_IF_EXCEEDS_LIMIT(numElements * elementSize);
     Checked<size_t, RecordOverflow> checkedSize = elementSize;
     checkedSize *= numElements;

trunk/Source/WTF/wtf/FastMalloc.h

@@ -27 +27 @@
 
 namespace WTF {
+
+#if !defined(NDEBUG)
+void fastSetMaxSingleAllocationSize(size_t);
+#endif
 
 class TryMallocReturnValue {
@@ -103 +107 @@
 } // namespace WTF
 
+#if !defined(NDEBUG)
+using WTF::fastSetMaxSingleAllocationSize;
+#endif
+
 using WTF::isFastMallocEnabled;
 using WTF::fastCalloc;