rtos: Thread: Make stack allocation failure runtime catchable

LDong-Arm · LDong-Arm · commit 48cf1c9c8078 · 2021-09-08T14:17:58.000+01:00
When a Thread object's stack memory is not provided, its `start()`
member function dynamically allocates its stack from the heap. If
allocation fails, there is no way to catch it because
* `std::nothrow` is missing after the `new` keyword. As Mbed OS
is built with `-fno-exceptions` (C++ exceptions disabled), failed
allocation results in an unrecoverable fault.
* The attempted `nullptr` check, which doesn't work anyway due to
the first point, is an assertion instead of error returning.
Assertions should be used as a development tool to ensure code
behaves correctly. But out-of-memory is a completely valid runtime
situation.

This commit adds the missing `std::nothrow`, and makes `Thread::start()`
return `osErrorNoMemory` if allocation fails so the caller can handle
it.

Note: A case when a thread should never fail due to lack of memory
is the main thread. But the main thread's stack is a pre-allocated
array in the static memory, passed to the `Thread()` constructor
during thread creation, so it's not impacted by this change.
diff --git a/rtos/include/rtos/Thread.h b/rtos/include/rtos/Thread.h
@@ -131,7 +131,8 @@ class Thread : private mbed::NonCopyable<Thread> {
 
     /** Starts a thread executing the specified function.
       @param   task           function to be executed by this thread.
-      @return  status code that indicates the execution status of the function.
+      @return  status code that indicates the execution status of the function,
+               or osErrorNoMemory if stack allocation failed.
       @note a thread can only be started once
 
       @note You cannot call this function ISR context.
diff --git a/rtos/source/Thread.cpp b/rtos/source/Thread.cpp
@@ -81,8 +81,11 @@ osStatus Thread::start(mbed::Callback<void()> task)
     }
 
     if (_attr.stack_mem == nullptr) {
-        _attr.stack_mem = new uint32_t[_attr.stack_size / sizeof(uint32_t)];
-        MBED_ASSERT(_attr.stack_mem != nullptr);
+        _attr.stack_mem = new (std::nothrow) uint32_t[_attr.stack_size / sizeof(uint32_t)];
+        if (_attr.stack_mem == nullptr) {
+            _mutex.unlock();
+            return osErrorNoMemory;
+        }
     }
 
     //Fill the stack with a magic word for maximum usage checking

Original file line number	Diff line number	Diff line change
`@@ -81,8 +81,11 @@ osStatus Thread::start(mbed::Callback<void()> task)`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`if (_attr.stack_mem == nullptr) {`
`84`		`- _attr.stack_mem = new uint32_t[_attr.stack_size / sizeof(uint32_t)];`
`85`		`- MBED_ASSERT(_attr.stack_mem != nullptr);`
	`84`	`+ _attr.stack_mem = new (std::nothrow) uint32_t[_attr.stack_size / sizeof(uint32_t)];`
	`85`	`+ if (_attr.stack_mem == nullptr) {`
	`86`	`+ _mutex.unlock();`
	`87`	`+ return osErrorNoMemory;`
	`88`	`+ }`
`86`	`89`	`}`
`87`	`90`
`88`	`91`	`//Fill the stack with a magic word for maximum usage checking`