Recommit r282692: [libc++abi] Use fallback_malloc to allocate __cxa_eh_globals in case of dynamic memory exhaustion.

Throwing an exception for the first time may lead to call calloc to
allocate memory for __cxa_eh_globals. If the memory pool is exhausted
at that moment, it results in abnormal termination of the program.

This patch addresses the issue by using fallback_malloc in that case.

In this revision, some restrictions were added into the test to not
run it in unsuitable environments.

Differential Revision: https://reviews.llvm.org/D17815

llvm-svn: 283531

libcxxabi/src/CMakeLists.txt

@@ -12,6 +12,7 @@ set(LIBCXXABI_SOURCES
   cxa_vector.cpp
   cxa_virtual.cpp
   exception.cpp
+  fallback_malloc.cpp
   private_typeinfo.cpp
   stdexcept.cpp
   typeinfo.cpp

libcxxabi/src/cxa_exception.cpp

@@ -15,13 +15,10 @@
 #include "cxxabi.h"
 
 #include <exception>        // for std::terminate
-#include <cstdlib>          // for malloc, free
 #include <cstring>          // for memset
-#ifndef _LIBCXXABI_HAS_NO_THREADS
-#  include <pthread.h>      // for fallback_malloc.ipp's mutexes
-#endif
 #include "cxa_exception.hpp"
 #include "cxa_handlers.hpp"
+#include "fallback_malloc.h"
 
 // +---------------------------+-----------------------------+---------------+
 // | __cxa_exception           | _Unwind_Exception CLNGC++\0 | thrown object |
@@ -104,20 +101,6 @@ static inline  int decrementHandlerCount(__cxa_exception *exception) {
     return --exception->handlerCount;
 }
 
-#include "fallback_malloc.ipp"
-
-//  Allocate some memory from _somewhere_
-static void *do_malloc(size_t size) {
-    void *ptr = std::malloc(size);
-    if (NULL == ptr) // if malloc fails, fall back to emergency stash
-        ptr = fallback_malloc(size);
-    return ptr;
-}
-
-static void do_free(void *ptr) {
-    is_fallback_ptr(ptr) ? fallback_free(ptr) : std::free(ptr);
-}
-
 /*
     If reason isn't _URC_FOREIGN_EXCEPTION_CAUGHT, then the terminateHandler
     stored in exc is called.  Otherwise the exceptionDestructor stored in 
@@ -158,7 +141,8 @@ extern "C" {
 //  user's exception object.
 _LIBCXXABI_FUNC_VIS void *__cxa_allocate_exception(size_t thrown_size) throw() {
     size_t actual_size = cxa_exception_size_from_exception_thrown_size(thrown_size);
-    __cxa_exception* exception_header = static_cast<__cxa_exception*>(do_malloc(actual_size));
+    __cxa_exception *exception_header =
+        static_cast<__cxa_exception *>(__malloc_with_fallback(actual_size));
     if (NULL == exception_header)
         std::terminate();
     std::memset(exception_header, 0, actual_size);
@@ -168,7 +152,7 @@ _LIBCXXABI_FUNC_VIS void *__cxa_allocate_exception(size_t thrown_size) throw() {
 
 //  Free a __cxa_exception object allocated with __cxa_allocate_exception.
 _LIBCXXABI_FUNC_VIS void __cxa_free_exception(void *thrown_object) throw() {
-    do_free(cxa_exception_from_thrown_object(thrown_object));
+    __free_with_fallback(cxa_exception_from_thrown_object(thrown_object));
 }
 
 
@@ -177,7 +161,7 @@ _LIBCXXABI_FUNC_VIS void __cxa_free_exception(void *thrown_object) throw() {
 //  Otherwise, it will work like __cxa_allocate_exception.
 void * __cxa_allocate_dependent_exception () {
     size_t actual_size = sizeof(__cxa_dependent_exception);
-    void *ptr = do_malloc(actual_size);
+    void *ptr = __malloc_with_fallback(actual_size);
     if (NULL == ptr)
         std::terminate();
     std::memset(ptr, 0, actual_size);
@@ -188,7 +172,7 @@ void * __cxa_allocate_dependent_exception () {
 //  This function shall free a dependent_exception.
 //  It does not affect the reference count of the primary exception.
 void __cxa_free_dependent_exception (void * dependent_exception) {
-    do_free(dependent_exception);
+    __free_with_fallback(dependent_exception);
 }
 
 

libcxxabi/src/cxa_exception_storage.cpp

@@ -45,8 +45,8 @@ extern "C" {
 #else
 
 #include <pthread.h>
-#include <cstdlib>          // for calloc, free
 #include "abort_message.h"
+#include "fallback_malloc.h"
 
 //  In general, we treat all pthread errors as fatal.
 //  We cannot call std::terminate() because that will in turn
@@ -58,7 +58,7 @@ namespace {
     pthread_once_t flag_ = PTHREAD_ONCE_INIT;
 
     void destruct_ (void *p) {
-        std::free ( p );
+        __free_with_fallback ( p );
         if ( 0 != ::pthread_setspecific ( key_, NULL ) ) 
             abort_message("cannot zero out thread value for __cxa_get_globals()");
         }
@@ -77,7 +77,7 @@ extern "C" {
     //  If this is the first time we've been asked for these globals, create them
         if ( NULL == retVal ) {
             retVal = static_cast<__cxa_eh_globals*>
-                        (std::calloc (1, sizeof (__cxa_eh_globals)));
+                        (__calloc_with_fallback (1, sizeof (__cxa_eh_globals)));
             if ( NULL == retVal )
                 abort_message("cannot allocate __cxa_eh_globals");
             if ( 0 != pthread_setspecific ( key_, retVal ) )

libcxxabi/src/fallback_malloc.cpp

@@ -1,19 +1,24 @@
-//===------------------------ fallback_malloc.ipp -------------------------===//
+//===------------------------ fallback_malloc.cpp -------------------------===//
 //
 //                     The LLVM Compiler Infrastructure
 //
 // This file is dual licensed under the MIT and the University of Illinois Open
 // Source Licenses. See LICENSE.TXT for details.
 //
-//  
-//  This file implements the "Exception Handling APIs"
-//  http://mentorembedded.github.io/cxx-abi/abi-eh.html
-//  
 //===----------------------------------------------------------------------===//
 
+#include "fallback_malloc.h"
+
 #include "config.h"
 
-//  A small, simple heap manager based (loosely) on 
+#include <cstdlib> // for malloc, calloc, free
+#include <cstring> // for memset
+
+#ifndef _LIBCXXABI_HAS_NO_THREADS
+#include <pthread.h> // for mutexes
+#endif
+
+//  A small, simple heap manager based (loosely) on
 //  the startup heap manager from FreeBSD, optimized for space.
 //
 //  Manages a fixed-size memory pool, supports malloc and free only.
@@ -49,9 +54,9 @@ private:
 #endif
     };
 
-        
-#define HEAP_SIZE   512
-char heap [ HEAP_SIZE ];
+
+static const size_t HEAP_SIZE = 512;
+char heap [ HEAP_SIZE ] __attribute__((aligned));
 
 typedef unsigned short heap_offset;
 typedef unsigned short heap_size;
@@ -69,13 +74,13 @@ heap_node *node_from_offset ( const heap_offset offset )
 
 heap_offset offset_from_node ( const heap_node *ptr )
     { return static_cast<heap_offset>(static_cast<size_t>(reinterpret_cast<const char *>(ptr) - heap)  / sizeof (heap_node)); }
- 
+
 void init_heap () {
     freelist = (heap_node *) heap;
     freelist->next_node = offset_from_node ( list_end );
     freelist->len = HEAP_SIZE / sizeof (heap_node);
     }
-    
+
 //  How big a chunk we allocate
 size_t alloc_size (size_t len)
     { return (len + sizeof(heap_node) - 1) / sizeof(heap_node) + 1; }
@@ -87,12 +92,12 @@ void *fallback_malloc(size_t len) {
     heap_node *p, *prev;
     const size_t nelems = alloc_size ( len );
     mutexor mtx ( &heap_mutex );
-    
+
     if ( NULL == freelist )
         init_heap ();
 
 //  Walk the free list, looking for a "big enough" chunk
-    for (p = freelist, prev = 0; 
+    for (p = freelist, prev = 0;
             p && p != list_end;     prev = p, p = node_from_offset ( p->next_node)) {
 
         if (p->len > nelems) {  //  chunk is larger, shorten, and return the tail
@@ -104,7 +109,7 @@ void *fallback_malloc(size_t len) {
             q->len = static_cast<heap_size>(nelems);
             return (void *) (q + 1);
         }
-        
+
         if (p->len == nelems) { // exact size match
             if (prev == 0)
                 freelist = node_from_offset(p->next_node);
@@ -130,7 +135,7 @@ void fallback_free (void *ptr) {
         std::cout << "Freeing item at " << offset_from_node ( cp ) << " of size " << cp->len << std::endl;
 #endif
 
-    for (p = freelist, prev = 0; 
+    for (p = freelist, prev = 0;
             p && p != list_end;     prev = p, p = node_from_offset (p->next_node)) {
 #ifdef DEBUG_FALLBACK_MALLOC
         std::cout << "  p, cp, after (p), after(cp) "
@@ -174,10 +179,10 @@ size_t print_free_list () {
     heap_size total_free = 0;
     if ( NULL == freelist )
         init_heap ();
-    
-    for (p = freelist, prev = 0; 
+
+    for (p = freelist, prev = 0;
             p && p != list_end;     prev = p, p = node_from_offset (p->next_node)) {
-        std::cout << ( prev == 0 ? "" : "  ")  << "Offset: " << offset_from_node ( p ) 
+        std::cout << ( prev == 0 ? "" : "  ")  << "Offset: " << offset_from_node ( p )
                 << "\tsize: " << p->len << " Next: " << p->next_node << std::endl;
         total_free += p->len;
         }
@@ -186,3 +191,36 @@ size_t print_free_list () {
     }
 #endif
 }  // end unnamed namespace
+
+namespace __cxxabiv1 {
+
+#pragma GCC visibility push(hidden)
+
+void * __malloc_with_fallback(size_t size) {
+    void *ptr = std::malloc(size);
+    if (NULL == ptr) // if malloc fails, fall back to emergency stash
+        ptr = fallback_malloc(size);
+    return ptr;
+}
+
+void * __calloc_with_fallback(size_t count, size_t size) {
+    void *ptr = std::calloc(count, size);
+    if (NULL != ptr)
+        return ptr;
+    // if calloc fails, fall back to emergency stash
+    ptr = fallback_malloc(size * count);
+    if (NULL != ptr)
+        std::memset(ptr, 0, size * count);
+    return ptr;
+}
+
+void __free_with_fallback(void *ptr) {
+    if (is_fallback_ptr(ptr))
+        fallback_free(ptr);
+    else
+        std::free(ptr);
+}
+
+#pragma GCC visibility pop
+
+} // namespace __cxxabiv1

libcxxabi/src/fallback_malloc.h

@@ -0,0 +1,31 @@
+//===------------------------- fallback_malloc.h --------------------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is dual licensed under the MIT and the University of Illinois Open
+// Source Licenses. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef _FALLBACK_MALLOC_H
+#define _FALLBACK_MALLOC_H
+
+#include <cstddef> // for size_t
+
+namespace __cxxabiv1 {
+
+#pragma GCC visibility push(hidden)
+
+// Allocate some memory from _somewhere_
+void * __malloc_with_fallback(size_t size);
+
+// Allocate and zero-initialize memory from _somewhere_
+void * __calloc_with_fallback(size_t count, size_t size);
+
+void __free_with_fallback(void *ptr);
+
+#pragma GCC visibility pop
+
+} // namespace __cxxabiv1
+
+#endif

libcxxabi/test/test_exception_storage_nodynmem.pass.cpp

@@ -0,0 +1,40 @@
+//===--------------- test_exception_storage_nodynmem.cpp ------------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is dual licensed under the MIT and the University of Illinois Open
+// Source Licenses. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+// UNSUPPORTED: libcxxabi-no-exceptions
+
+// cxa_exception_storage does not use dynamic memory in the single thread mode.
+// UNSUPPORTED: libcpp-has-no-threads
+
+// Our overwritten calloc() is not compatible with these sanitizers.
+// UNSUPPORTED: msan, tsan
+
+#include <assert.h>
+#include <cstdlib>
+
+static bool OverwrittenCallocCalled = false;
+
+// Override calloc to simulate exhaustion of dynamic memory
+void *calloc(size_t, size_t) {
+    OverwrittenCallocCalled = true;
+    return 0;
+}
+
+int main(int argc, char *argv[]) {
+    // Run the test a couple of times
+    // to ensure that fallback memory doesn't leak.
+    for (int I = 0; I < 1000; ++I)
+        try {
+            throw 42;
+        } catch (...) {
+        }
+
+    assert(OverwrittenCallocCalled);
+    return 0;
+}

libcxxabi/test/test_fallback_malloc.pass.cpp

@@ -16,7 +16,7 @@ typedef std::deque<void *> container;
 
 // #define  DEBUG_FALLBACK_MALLOC
 #define INSTRUMENT_FALLBACK_MALLOC
-#include "../src/fallback_malloc.ipp"
+#include "../src/fallback_malloc.cpp"
 
 container alloc_series ( size_t sz ) {
     container ptrs;