| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // This file contains intentional memory errors, some of which may lead to | 5 // This file contains intentional memory errors, some of which may lead to |
| 6 // crashes if the test is ran without special memory testing tools. We use these | 6 // crashes if the test is ran without special memory testing tools. We use these |
| 7 // errors to verify the sanity of the tools. | 7 // errors to verify the sanity of the tools. |
| 8 | 8 |
| 9 #include "base/atomicops.h" | 9 #include "base/atomicops.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| 11 #include "base/third_party/dynamic_annotations/dynamic_annotations.h" | 11 #include "base/third_party/dynamic_annotations/dynamic_annotations.h" |
| 12 #include "base/threading/thread.h" | 12 #include "base/threading/thread.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 14 | 14 |
| 15 namespace base { | 15 namespace base { |
| 16 | 16 |
| 17 namespace { | 17 namespace { |
| 18 | 18 |
| 19 const base::subtle::Atomic32 kMagicValue = 42; | 19 const base::subtle::Atomic32 kMagicValue = 42; |
| 20 | 20 |
| 21 // Helper for memory accesses that can potentially corrupt memory or cause a | 21 // Helper for memory accesses that can potentially corrupt memory or cause a |
| 22 // crash during a native run. | 22 // crash during a native run. |
| 23 #if defined(ADDRESS_SANITIZER) | 23 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
| 24 #if defined(OS_IOS) | 24 #if defined(OS_IOS) |
| 25 // EXPECT_DEATH is not supported on IOS. | 25 // EXPECT_DEATH is not supported on IOS. |
| 26 #define HARMFUL_ACCESS(action,error_regexp) do { action; } while (0) | 26 #define HARMFUL_ACCESS(action,error_regexp) do { action; } while (0) |
| 27 #else | 27 #else |
| 28 #define HARMFUL_ACCESS(action,error_regexp) EXPECT_DEATH(action,error_regexp) | 28 #define HARMFUL_ACCESS(action,error_regexp) EXPECT_DEATH(action,error_regexp) |
| 29 #endif // !OS_IOS | 29 #endif // !OS_IOS |
| 30 #else | 30 #else |
| 31 #define HARMFUL_ACCESS(action,error_regexp) \ | 31 #define HARMFUL_ACCESS(action,error_regexp) \ |
| 32 do { if (RunningOnValgrind()) { action; } } while (0) | 32 do { if (RunningOnValgrind()) { action; } } while (0) |
| 33 #endif | 33 #endif |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 106 #define MAYBE_ArrayDeletedWithoutBraces ArrayDeletedWithoutBraces | 106 #define MAYBE_ArrayDeletedWithoutBraces ArrayDeletedWithoutBraces |
| 107 #define MAYBE_SingleElementDeletedWithBraces SingleElementDeletedWithBraces | 107 #define MAYBE_SingleElementDeletedWithBraces SingleElementDeletedWithBraces |
| 108 #endif | 108 #endif |
| 109 | 109 |
| 110 // The following tests pass with Clang r170392, but not r172454, which | 110 // The following tests pass with Clang r170392, but not r172454, which |
| 111 // makes AddressSanitizer detect errors in them. We disable these tests under | 111 // makes AddressSanitizer detect errors in them. We disable these tests under |
| 112 // AddressSanitizer until we fully switch to Clang r172454. After that the | 112 // AddressSanitizer until we fully switch to Clang r172454. After that the |
| 113 // tests should be put back under the (defined(OS_IOS) || defined(OS_WIN)) | 113 // tests should be put back under the (defined(OS_IOS) || defined(OS_WIN)) |
| 114 // clause above. | 114 // clause above. |
| 115 // See also http://crbug.com/172614. | 115 // See also http://crbug.com/172614. |
| 116 #if defined(ADDRESS_SANITIZER) | 116 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
| 117 #define MAYBE_SingleElementDeletedWithBraces \ | 117 #define MAYBE_SingleElementDeletedWithBraces \ |
| 118 DISABLED_SingleElementDeletedWithBraces | 118 DISABLED_SingleElementDeletedWithBraces |
| 119 #define MAYBE_ArrayDeletedWithoutBraces DISABLED_ArrayDeletedWithoutBraces | 119 #define MAYBE_ArrayDeletedWithoutBraces DISABLED_ArrayDeletedWithoutBraces |
| 120 #endif | 120 #endif |
| 121 TEST(ToolsSanityTest, MAYBE_AccessesToNewMemory) { | 121 TEST(ToolsSanityTest, MAYBE_AccessesToNewMemory) { |
| 122 char *foo = new char[10]; | 122 char *foo = new char[10]; |
| 123 MakeSomeErrors(foo, 10); | 123 MakeSomeErrors(foo, 10); |
| 124 delete [] foo; | 124 delete [] foo; |
| 125 // Use after delete. | 125 // Use after delete. |
| 126 HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); | 126 HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); |
| 127 } | 127 } |
| 128 | 128 |
| 129 TEST(ToolsSanityTest, MAYBE_AccessesToMallocMemory) { | 129 TEST(ToolsSanityTest, MAYBE_AccessesToMallocMemory) { |
| 130 char *foo = reinterpret_cast<char*>(malloc(10)); | 130 char *foo = reinterpret_cast<char*>(malloc(10)); |
| 131 MakeSomeErrors(foo, 10); | 131 MakeSomeErrors(foo, 10); |
| 132 free(foo); | 132 free(foo); |
| 133 // Use after free. | 133 // Use after free. |
| 134 HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); | 134 HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); |
| 135 } | 135 } |
| 136 | 136 |
| 137 TEST(ToolsSanityTest, MAYBE_ArrayDeletedWithoutBraces) { | 137 TEST(ToolsSanityTest, MAYBE_ArrayDeletedWithoutBraces) { |
| 138 #if !defined(ADDRESS_SANITIZER) | 138 #if !defined(ADDRESS_SANITIZER) && !defined(SYZYASAN) |
| 139 // This test may corrupt memory if not run under Valgrind or compiled with | 139 // This test may corrupt memory if not run under Valgrind or compiled with |
| 140 // AddressSanitizer. | 140 // AddressSanitizer. |
| 141 if (!RunningOnValgrind()) | 141 if (!RunningOnValgrind()) |
| 142 return; | 142 return; |
| 143 #endif | 143 #endif |
| 144 | 144 |
| 145 // Without the |volatile|, clang optimizes away the next two lines. | 145 // Without the |volatile|, clang optimizes away the next two lines. |
| 146 int* volatile foo = new int[10]; | 146 int* volatile foo = new int[10]; |
| 147 delete foo; | 147 delete foo; |
| 148 } | 148 } |
| 149 | 149 |
| 150 TEST(ToolsSanityTest, MAYBE_SingleElementDeletedWithBraces) { | 150 TEST(ToolsSanityTest, MAYBE_SingleElementDeletedWithBraces) { |
| 151 #if !defined(ADDRESS_SANITIZER) | 151 #if !defined(ADDRESS_SANITIZER) |
| 152 // This test may corrupt memory if not run under Valgrind or compiled with | 152 // This test may corrupt memory if not run under Valgrind or compiled with |
| 153 // AddressSanitizer. | 153 // AddressSanitizer. |
| 154 if (!RunningOnValgrind()) | 154 if (!RunningOnValgrind()) |
| 155 return; | 155 return; |
| 156 #endif | 156 #endif |
| 157 | 157 |
| 158 // Without the |volatile|, clang optimizes away the next two lines. | 158 // Without the |volatile|, clang optimizes away the next two lines. |
| 159 int* volatile foo = new int; | 159 int* volatile foo = new int; |
| 160 (void) foo; | 160 (void) foo; |
| 161 delete [] foo; | 161 delete [] foo; |
| 162 } | 162 } |
| 163 | 163 |
| 164 #if defined(ADDRESS_SANITIZER) | 164 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
| 165 TEST(ToolsSanityTest, DISABLED_AddressSanitizerNullDerefCrashTest) { | 165 TEST(ToolsSanityTest, DISABLED_AddressSanitizerNullDerefCrashTest) { |
| 166 // Intentionally crash to make sure AddressSanitizer is running. | 166 // Intentionally crash to make sure AddressSanitizer is running. |
| 167 // This test should not be ran on bots. | 167 // This test should not be ran on bots. |
| 168 int* volatile zero = NULL; | 168 int* volatile zero = NULL; |
| 169 *zero = 0; | 169 *zero = 0; |
| 170 } | 170 } |
| 171 | 171 |
| 172 TEST(ToolsSanityTest, DISABLED_AddressSanitizerLocalOOBCrashTest) { | 172 TEST(ToolsSanityTest, DISABLED_AddressSanitizerLocalOOBCrashTest) { |
| 173 // Intentionally crash to make sure AddressSanitizer is instrumenting | 173 // Intentionally crash to make sure AddressSanitizer is instrumenting |
| 174 // the local variables. | 174 // the local variables. |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 274 | 274 |
| 275 TEST(ToolsSanityTest, AtomicsAreIgnored) { | 275 TEST(ToolsSanityTest, AtomicsAreIgnored) { |
| 276 base::subtle::Atomic32 shared = 0; | 276 base::subtle::Atomic32 shared = 0; |
| 277 ReleaseStoreThread thread1(&shared); | 277 ReleaseStoreThread thread1(&shared); |
| 278 AcquireLoadThread thread2(&shared); | 278 AcquireLoadThread thread2(&shared); |
| 279 RunInParallel(&thread1, &thread2); | 279 RunInParallel(&thread1, &thread2); |
| 280 EXPECT_EQ(kMagicValue, shared); | 280 EXPECT_EQ(kMagicValue, shared); |
| 281 } | 281 } |
| 282 | 282 |
| 283 } // namespace base | 283 } // namespace base |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 212643015:
Use SYZYASAN instead of ADDRESS_SANITIZER. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src