Page MenuHomePhabricator

Report fatal error in the case of out of memory

Authored by sepavloff on Feb 7 2018, 2:28 AM.



Analysis of fails in the case of out of memory errors can be tricky on
Windows. Such error emerges at the point where memory allocation function
fails, but manifests itself when null pointer is used. These two points
may be distant from each other. Besides, next runs may not exhibit
allocation error.

Usual programming practice does not require checking result of 'operator
new' because it throws 'std::bad_alloc' in the case of allocation error.
However, LLVM is usually built with exceptions turned off, so 'new' can
return null pointer. This change installs custom new handler, which causes
fatal error in the case of out of memory. The handler is installed
automatically prior to call to 'main' during construction of a static
object defined in 'lib/Support/ErrorHandling.cpp'. If the application does
not use this file, the handler may be installed manually by a call to
'llvm::install_out_of_memory_new_handler', declared in

There are calls to C allocation functions, malloc, calloc and realloc.
They are used for interoperability with C code, when allocated object has
variable size and when it is necessary to avoid call of constructors. In
many calls the result is not checked against null pointer. To simplify
checks, new functions are defined in the namespace 'llvm' with the
same names as these C function. These functions produce fatal error if
allocation fails. User should use 'llvm::malloc' instead of 'std::malloc'
in order to use the safe variant. This change replaces 'std::malloc'
in the cases when the result of allocation function is not checked against
null pointer.

Finally, there are plain C code, that uses malloc and similar functions. If
the result is not checked, assert statements are added.

Diff Detail


Event Timeline

sepavloff created this revision.Feb 7 2018, 2:28 AM
rnk accepted this revision.Feb 12 2018, 3:23 PM


This revision is now accepted and ready to land.Feb 12 2018, 3:23 PM
This revision was automatically updated to reflect the committed changes.

The idea to have the same names (malloc etc) in the namespace llvm and in the global namespace leads to a fragile solution. There are several case in projects other than llvm/clang which do not compile due to ambiguities between the two declarations.
As a solution, functions llvm::malloc and others can be renamed to llvm::safe_malloc etc. Such names are descriptive, and are not used in standard headers yet.

MaskRay added inline comments.

The static initializer may not be a good idea. Sent out D64505 to remove it.

Herald added a project: Restricted Project. · View Herald Transcript