genmc,tests: Throw when GenMC runs out of memory

michaliskok · michaliskok · commit 8568c89afa02 · 2025-11-29T13:21:55.000+01:00
GenMC can currently allocate up to 4GB per thread. If it cannot
allocated any more memory, it will return nullptr.

This commit adds a test in Miri that ensures we gracefully throw
if this ever happens.
diff --git a/src/concurrency/genmc/mod.rs b/src/concurrency/genmc/mod.rs
@@ -592,9 +592,11 @@ impl GenmcCtx {
             genmc_size,
             alignment.bytes(),
         );
+        if chosen_address == 0 {
+            throw_exhaust!(AddressSpaceFull);
+        }
 
-        // Non-global addresses should not be in the global address space or null.
-        assert_ne!(0, chosen_address, "GenMC malloc returned nullptr.");
+        // Non-global addresses should not be in the global address space.
         assert_eq!(0, chosen_address & GENMC_GLOBAL_ADDRESSES_MASK);
         // Sanity check the address alignment:
         assert!(
diff --git a/tests/genmc/fail/simple/alloc_large.multiple.stderr b/tests/genmc/fail/simple/alloc_large.multiple.stderr
@@ -0,0 +1,25 @@
+Running GenMC Verification...
+error: resource exhaustion: there are no more free addresses in the address space
+  --> RUSTLIB/alloc/src/raw_vec/mod.rs:LL:CC
+   |
+LL |             AllocInit::Uninitialized => alloc.allocate(layout),
+   |                                         ^^^^^^^^^^^^^^^^^^^^^^ resource exhaustion occurred here
+   |
+   = note: BACKTRACE:
+   = note: inside `alloc::raw_vec::RawVecInner::try_allocate_in` at RUSTLIB/alloc/src/raw_vec/mod.rs:LL:CC
+   = note: inside `alloc::raw_vec::RawVecInner::with_capacity_in` at RUSTLIB/alloc/src/raw_vec/mod.rs:LL:CC
+   = note: inside `alloc::raw_vec::RawVec::<u8>::with_capacity_in` at RUSTLIB/alloc/src/raw_vec/mod.rs:LL:CC
+   = note: inside `std::vec::Vec::<u8>::with_capacity_in` at RUSTLIB/alloc/src/vec/mod.rs:LL:CC
+   = note: inside `std::vec::Vec::<u8>::with_capacity` at RUSTLIB/alloc/src/vec/mod.rs:LL:CC
+note: inside `miri_start`
+  --> tests/genmc/fail/simple/alloc_large.rs:LL:CC
+   |
+LL |             let _v = Vec::<u8>::with_capacity(1024 * 1024 * 1024);
+   |                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+note: add `-Zmiri-genmc-print-genmc-output` to MIRIFLAGS to see the detailed GenMC error report
+
+error: aborting due to 1 previous error
+
diff --git a/tests/genmc/fail/simple/alloc_large.rs b/tests/genmc/fail/simple/alloc_large.rs
@@ -0,0 +1,24 @@
+//@revisions: single multiple
+//@compile-flags: -Zmiri-genmc -Zmiri-disable-stacked-borrows
+//@error-in-other-file: resource exhaustion
+
+// Ensure that we emit a proper error if GenMC fails to fulfill an allocation.
+// Two variants: one for a single large allocation, one for multiple ones
+// that are individually below the limit, but together are too big.
+
+#![no_main]
+
+#[path = "../../../utils/genmc.rs"]
+mod genmc;
+
+#[unsafe(no_mangle)]
+fn miri_start(_argc: isize, _argv: *const *const u8) -> isize {
+    if cfg!(multiple) {
+        for _i in 1..8 {
+            let _v = Vec::<u8>::with_capacity(1024 * 1024 * 1024);
+        }
+    } else {
+        let _v = Vec::<u8>::with_capacity(8 * 1024 * 1024 * 1024);
+    }
+    0
+}
diff --git a/tests/genmc/fail/simple/alloc_large.single.stderr b/tests/genmc/fail/simple/alloc_large.single.stderr
@@ -0,0 +1,25 @@
+Running GenMC Verification...
+error: resource exhaustion: there are no more free addresses in the address space
+  --> RUSTLIB/alloc/src/raw_vec/mod.rs:LL:CC
+   |
+LL |             AllocInit::Uninitialized => alloc.allocate(layout),
+   |                                         ^^^^^^^^^^^^^^^^^^^^^^ resource exhaustion occurred here
+   |
+   = note: BACKTRACE:
+   = note: inside `alloc::raw_vec::RawVecInner::try_allocate_in` at RUSTLIB/alloc/src/raw_vec/mod.rs:LL:CC
+   = note: inside `alloc::raw_vec::RawVecInner::with_capacity_in` at RUSTLIB/alloc/src/raw_vec/mod.rs:LL:CC
+   = note: inside `alloc::raw_vec::RawVec::<u8>::with_capacity_in` at RUSTLIB/alloc/src/raw_vec/mod.rs:LL:CC
+   = note: inside `std::vec::Vec::<u8>::with_capacity_in` at RUSTLIB/alloc/src/vec/mod.rs:LL:CC
+   = note: inside `std::vec::Vec::<u8>::with_capacity` at RUSTLIB/alloc/src/vec/mod.rs:LL:CC
+note: inside `miri_start`
+  --> tests/genmc/fail/simple/alloc_large.rs:LL:CC
+   |
+LL |         let _v = Vec::<u8>::with_capacity(8 * 1024 * 1024 * 1024);
+   |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+note: add `-Zmiri-genmc-print-genmc-output` to MIRIFLAGS to see the detailed GenMC error report
+
+error: aborting due to 1 previous error
+
