OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This file contains intentional memory errors, some of which may lead to | 5 // This file contains intentional memory errors, some of which may lead to |
6 // crashes if the test is ran without special memory testing tools. We use these | 6 // crashes if the test is ran without special memory testing tools. We use these |
7 // errors to verify the sanity of the tools. | 7 // errors to verify the sanity of the tools. |
8 | 8 |
9 #include "base/atomicops.h" | 9 #include "base/atomicops.h" |
10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
93 int* volatile leak = new int[256]; // Leak some memory intentionally. | 93 int* volatile leak = new int[256]; // Leak some memory intentionally. |
94 leak[4] = 1; // Make sure the allocated memory is used. | 94 leak[4] = 1; // Make sure the allocated memory is used. |
95 } | 95 } |
96 | 96 |
97 #if (defined(ADDRESS_SANITIZER) && defined(OS_IOS)) || defined(SYZYASAN) | 97 #if (defined(ADDRESS_SANITIZER) && defined(OS_IOS)) || defined(SYZYASAN) |
98 // Because iOS doesn't support death tests, each of the following tests will | 98 // Because iOS doesn't support death tests, each of the following tests will |
99 // crash the whole program under Asan. On Windows Asan is based on SyzyAsan; the | 99 // crash the whole program under Asan. On Windows Asan is based on SyzyAsan; the |
100 // error report mechanism is different than with Asan so these tests will fail. | 100 // error report mechanism is different than with Asan so these tests will fail. |
101 #define MAYBE_AccessesToNewMemory DISABLED_AccessesToNewMemory | 101 #define MAYBE_AccessesToNewMemory DISABLED_AccessesToNewMemory |
102 #define MAYBE_AccessesToMallocMemory DISABLED_AccessesToMallocMemory | 102 #define MAYBE_AccessesToMallocMemory DISABLED_AccessesToMallocMemory |
| 103 #else |
| 104 #define MAYBE_AccessesToNewMemory AccessesToNewMemory |
| 105 #define MAYBE_AccessesToMallocMemory AccessesToMallocMemory |
| 106 #define MAYBE_ArrayDeletedWithoutBraces ArrayDeletedWithoutBraces |
| 107 #define MAYBE_SingleElementDeletedWithBraces SingleElementDeletedWithBraces |
| 108 #endif |
| 109 |
| 110 // The following tests pass with Clang r170392, but not r172454, which |
| 111 // makes AddressSanitizer detect errors in them. We disable these tests under |
| 112 // AddressSanitizer until we fully switch to Clang r172454. After that the |
| 113 // tests should be put back under the (defined(OS_IOS) || defined(OS_WIN)) |
| 114 // clause above. |
| 115 // See also http://crbug.com/172614. |
| 116 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
103 #define MAYBE_SingleElementDeletedWithBraces \ | 117 #define MAYBE_SingleElementDeletedWithBraces \ |
104 DISABLED_SingleElementDeletedWithBraces | 118 DISABLED_SingleElementDeletedWithBraces |
105 #define MAYBE_ArrayDeletedWithoutBraces DISABLED_ArrayDeletedWithoutBraces | 119 #define MAYBE_ArrayDeletedWithoutBraces DISABLED_ArrayDeletedWithoutBraces |
106 #else | |
107 #define MAYBE_AccessesToNewMemory AccessesToNewMemory | |
108 #define MAYBE_AccessesToMallocMemory AccessesToMallocMemory | |
109 | |
110 #if defined(ADDRESS_SANITIZER) && !defined(OS_MACOSX) | |
111 // AddressSanitizer for OSX doesn't support alloc-dealloc mismatch checks. | |
112 #define MAYBE_ArrayDeletedWithoutBraces ArrayDeletedWithoutBraces | |
113 #define MAYBE_SingleElementDeletedWithBraces SingleElementDeletedWithBraces | |
114 #else | |
115 #define MAYBE_ArrayDeletedWithoutBraces DISABLED_ArrayDeletedWithoutBraces | |
116 #define MAYBE_SingleElementDeletedWithBraces \ | |
117 DISABLED_SingleElementDeletedWithBraces | |
118 #endif | 120 #endif |
119 | |
120 #endif | |
121 | |
122 TEST(ToolsSanityTest, MAYBE_AccessesToNewMemory) { | 121 TEST(ToolsSanityTest, MAYBE_AccessesToNewMemory) { |
123 char *foo = new char[10]; | 122 char *foo = new char[10]; |
124 MakeSomeErrors(foo, 10); | 123 MakeSomeErrors(foo, 10); |
125 delete [] foo; | 124 delete [] foo; |
126 // Use after delete. | 125 // Use after delete. |
127 HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); | 126 HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); |
128 } | 127 } |
129 | 128 |
130 TEST(ToolsSanityTest, MAYBE_AccessesToMallocMemory) { | 129 TEST(ToolsSanityTest, MAYBE_AccessesToMallocMemory) { |
131 char *foo = reinterpret_cast<char*>(malloc(10)); | 130 char *foo = reinterpret_cast<char*>(malloc(10)); |
132 MakeSomeErrors(foo, 10); | 131 MakeSomeErrors(foo, 10); |
133 free(foo); | 132 free(foo); |
134 // Use after free. | 133 // Use after free. |
135 HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); | 134 HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); |
136 } | 135 } |
137 | 136 |
138 TEST(ToolsSanityTest, MAYBE_ArrayDeletedWithoutBraces) { | 137 TEST(ToolsSanityTest, MAYBE_ArrayDeletedWithoutBraces) { |
139 #if !defined(ADDRESS_SANITIZER) && !defined(SYZYASAN) | 138 #if !defined(ADDRESS_SANITIZER) && !defined(SYZYASAN) |
140 // This test may corrupt memory if not run under Valgrind or compiled with | 139 // This test may corrupt memory if not run under Valgrind or compiled with |
141 // AddressSanitizer. | 140 // AddressSanitizer. |
142 if (!RunningOnValgrind()) | 141 if (!RunningOnValgrind()) |
143 return; | 142 return; |
144 #endif | 143 #endif |
145 | 144 |
146 // Without the |volatile|, clang optimizes away the next two lines. | 145 // Without the |volatile|, clang optimizes away the next two lines. |
147 int* volatile foo = new int[10]; | 146 int* volatile foo = new int[10]; |
148 HARMFUL_ACCESS(delete foo, "alloc-dealloc-mismatch"); | 147 delete foo; |
149 #if defined(ADDRESS_SANITIZER) | |
150 // Under ASan the crash happens in the process spawned by HARMFUL_ACCESS, | |
151 // need to free the memory in the parent. | |
152 delete [] foo; | |
153 #endif | |
154 } | 148 } |
155 | 149 |
156 TEST(ToolsSanityTest, MAYBE_SingleElementDeletedWithBraces) { | 150 TEST(ToolsSanityTest, MAYBE_SingleElementDeletedWithBraces) { |
157 #if !defined(ADDRESS_SANITIZER) | 151 #if !defined(ADDRESS_SANITIZER) |
158 // This test may corrupt memory if not run under Valgrind or compiled with | 152 // This test may corrupt memory if not run under Valgrind or compiled with |
159 // AddressSanitizer. | 153 // AddressSanitizer. |
160 if (!RunningOnValgrind()) | 154 if (!RunningOnValgrind()) |
161 return; | 155 return; |
162 #endif | 156 #endif |
163 | 157 |
164 // Without the |volatile|, clang optimizes away the next two lines. | 158 // Without the |volatile|, clang optimizes away the next two lines. |
165 int* volatile foo = new int; | 159 int* volatile foo = new int; |
166 (void) foo; | 160 (void) foo; |
167 HARMFUL_ACCESS(delete [] foo, "alloc-dealloc-mismatch"); | 161 delete [] foo; |
168 #if defined(ADDRESS_SANITIZER) | |
169 // Under ASan the crash happens in the child process, need to free the memory | |
170 // in the parent. | |
171 delete foo; | |
172 #endif | |
173 } | 162 } |
174 | 163 |
175 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) | 164 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
176 TEST(ToolsSanityTest, DISABLED_AddressSanitizerNullDerefCrashTest) { | 165 TEST(ToolsSanityTest, DISABLED_AddressSanitizerNullDerefCrashTest) { |
177 // Intentionally crash to make sure AddressSanitizer is running. | 166 // Intentionally crash to make sure AddressSanitizer is running. |
178 // This test should not be ran on bots. | 167 // This test should not be ran on bots. |
179 int* volatile zero = NULL; | 168 int* volatile zero = NULL; |
180 *zero = 0; | 169 *zero = 0; |
181 } | 170 } |
182 | 171 |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
285 | 274 |
286 TEST(ToolsSanityTest, AtomicsAreIgnored) { | 275 TEST(ToolsSanityTest, AtomicsAreIgnored) { |
287 base::subtle::Atomic32 shared = 0; | 276 base::subtle::Atomic32 shared = 0; |
288 ReleaseStoreThread thread1(&shared); | 277 ReleaseStoreThread thread1(&shared); |
289 AcquireLoadThread thread2(&shared); | 278 AcquireLoadThread thread2(&shared); |
290 RunInParallel(&thread1, &thread2); | 279 RunInParallel(&thread1, &thread2); |
291 EXPECT_EQ(kMagicValue, shared); | 280 EXPECT_EQ(kMagicValue, shared); |
292 } | 281 } |
293 | 282 |
294 } // namespace base | 283 } // namespace base |
OLD | NEW |