Improve exception handling in memory.grow

[gumb0]

No description provided.

[codecov]

Codecov Report

Merging #737 (3864569) into master (25205ab) will decrease coverage by 0.09%.
The diff coverage is 50.00%.

@@            Coverage Diff             @@
##           master     #737      +/-   ##
==========================================
- Coverage   99.35%   99.26%   -0.10%     
==========================================
  Files          73       73              
  Lines       11388    11398      +10     
==========================================
- Hits        11315    11314       -1     
- Misses         73       84      +11     

Flag	Coverage Δ
rust	99.85% <ø> (ø)
spectests	90.68% <50.00%> (-0.41%)	⬇️
unittests	99.22% <50.00%> (-0.11%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
lib/fizzy/execute.cpp	98.70% <50.00%> (-1.30%)	⬇️

[gumb0]

Doesn't look possible to cover it, for me std::string::max_size() returns 2^62-1 bytes (2^46 pages), we can't allocate more than that with wasm.

[chfast]

I don't think this is worth having considering max_size() is not very useful.
It may be just better to add a unit test that checks if wasm memory max size is not smaller than std::string::max_size().
Alternatively, you can catch std::exception here.

[chfast]

On 32-bit build the value is 2^31-1.

[chfast]

Add a comment that std::bad_alloc and std::legth_error are expected.

[chfast]

The ... catches everything so it guarantees noexcept outside. The std::exception does not, so there will be another compiler generated check ending in std::terminate or something.

So my final call is to use ... and also add an assert that the exception is one of the two expected types.

Although, checking the exception type may be tricky. Probably a helper is needed as presented in https://en.cppreference.com/w/cpp/error/rethrow_exception

[gumb0]

Well then in the helper catch std::length_error will still be not covered, it's simpler then to have here catch (bad_alloc) + catch (length_error) + catch (...) { assert(false); } .

[gumb0]

Well then in the helper catch std::length_error will still be not covered, it's simpler then to have here catch (bad_alloc) + catch (length_error) + catch (...) { assert(false); } .

But yeah execute will be smaller if extra catches go into helper, and helper will should be omitted in release build...

[axic]

Nice! Perhaps you want to add a comment here explaining our use case.

[gumb0]

Added a comment.

[axic]

Should this use std::bad_alloc or std::length_error ?

[chfast]

The bad_alloc is better but not perfect fit out of these two.

[chfast]

Actually, here I'd see another refactoring: do not use throw.

uint32_t ret = (new_pages <= instance.memory_pages_limit) ? static_cast<uint32_t>(cur_pages) : static_cast<uint32_t>(-1);
try {
  memory->resize(new_pages * PageSize);
} catch (...) { ... }

[gumb0]

It shouldn't go to resize though, if it's over the limit.
I can make a version with if, but it looks somewhat uglier.

[gumb0]

The bad_alloc is better but not perfect fit out of these two.

Why it it better and what's the "fit" here? I'd say requirement for memory.grow to fail in case requested size is out of bounds is similar to requirement for basic_string to throw length_error in case count > max_size().
bad_alloc represents failure of some lower level allocation mechanism.

But I think in practice it doesn't matter and I'm fine with either.

[chfast]

Not very beautiful, but I think this is fine.

It is rather visible that some Memory abstraction type would be nice. This can be done together with "guarded pages" later.

There is also an issue on 32-bit architectures where string/bytes can only allocate up to 2GB of memory.

[axic]

Hmm, wondering if the following would be more readable:

uint32_t ret = static_cast<uint32_t>(-1);
if (new_pages <= instance.memory_pages_limit)
{
  try
  {
    memory->resize(new_pages * PageSize);
    ret = static_cast<uint32_t>(cur_pages);
  }
  catch (...)
  {
    assert(is_resize_exception(std::current_exception()));
  }
}

[chfast]

It looks fine, I don't mind.

The best is to wrap this into uint32_t Memory::grow(something);. Then you eliminate ret housekeeping.

[gumb0]

I can move it into a simple helper for now.

[axic]

At this point could just use the stack pointer and no pop/push is needed 🙊

[axic]

If we are going with this helper, please document it. What is important to document that it returns page count prior to expansion.

[axic]

I wonder how this affects benchmarks as it could mean quite a different binary layout 🙊