Add some function and URLs to induce ASan crashes.

base/tools_sanity_unittest.cc

Index: base/tools_sanity_unittest.cc
diff --git a/base/tools_sanity_unittest.cc b/base/tools_sanity_unittest.cc
index b1da3e1aa59fc79a4fe5391d208614bf634deda0..781644fb190e55ae2295daf47f38a6e71fb35677 100644
--- a/base/tools_sanity_unittest.cc
+++ b/base/tools_sanity_unittest.cc
@@ -7,6 +7,8 @@
 // errors to verify the sanity of the tools.
 
 #include "base/atomicops.h"
+#include "base/debug/asan_invalid_access.h"
+#include "base/debug/profiler.h"
 #include "base/message_loop/message_loop.h"
 #include "base/third_party/dynamic_annotations/dynamic_annotations.h"
 #include "base/threading/thread.h"
@@ -24,9 +26,12 @@ const base::subtle::Atomic32 kMagicValue = 42;
 #if defined(OS_IOS)
 // EXPECT_DEATH is not supported on IOS.
 #define HARMFUL_ACCESS(action,error_regexp) do { action; } while (0)
+#elif defined(SYZYASAN)
+#define HARMFUL_ACCESS(action,error_regexp) \
+if (debug::IsBinaryInstrumented()) { EXPECT_DEATH(action,error_regexp); }
 #else
 #define HARMFUL_ACCESS(action,error_regexp) EXPECT_DEATH(action,error_regexp)
-#endif  // !OS_IOS
+#endif  // !OS_IOS && !SYZYASAN
 #else
 #define HARMFUL_ACCESS(action,error_regexp) \
 do { if (RunningOnValgrind()) { action; } } while (0)
@@ -162,6 +167,7 @@ TEST(ToolsSanityTest, MAYBE_SingleElementDeletedWithBraces) {
 }
 
 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN)
+
 TEST(ToolsSanityTest, DISABLED_AddressSanitizerNullDerefCrashTest) {
   // Intentionally crash to make sure AddressSanitizer is running.
   // This test should not be ran on bots.
@@ -193,7 +199,52 @@ TEST(ToolsSanityTest, DISABLED_AddressSanitizerGlobalOOBCrashTest) {
   *access = 43;
 }
 
+TEST(ToolsSanityTest, AsanHeapOverflow) {
+#if defined(SYZYASAN)
+  // We won't get a meaningful error message because we're not running under the
+  // SyzyASan logger, but we can at least make sure that the error has been
+  // generated in the SyzyASan runtime.
+  HARMFUL_ACCESS(AsanHeapOverflow(), "AsanRuntime::OnError")

[Timur Iskhodzhanov, 2014/06/05 15:32:09]

can you put the OnError stuff into the HARMFUL_ACCESS macro instead?

[Sébastien Marchand, 2014/06/05 19:44:34]

Nop, mostly because of ToolsSanityTest.AsanCorruptHeap as in this case this
frame won't be in the stack trace...

[Timur Iskhodzhanov, 2014/06/06 11:36:56]

:(
Maybe we can handle only that test differently (especially since it's
SyzyASan-only) rather than all of the tests?

[Sébastien Marchand, 2014/06/09 14:47:39]

Done.

+#else
+  HARMFUL_ACCESS(AsanHeapOverflow(),"to the right");
 #endif
+}
+
+TEST(ToolsSanityTest, AsanHeapUnderflow) {
+#if defined(SYZYASAN)
+  // We won't get a meaningful error message because we're not running under the
+  // SyzyASan logger, but we can at least make sure that the error has been
+  // generated in the SyzyASan runtime.
+  HARMFUL_ACCESS(AsanHeapUnderflow(), "AsanRuntime::OnError");
+#else
+  HARMFUL_ACCESS(AsanHeapUnderflow(), "to the left");
+#endif
+}
+
+TEST(ToolsSanityTest, AsanHeapUseAfterFree) {
+#if defined(SYZYASAN)
+  // We won't get a meaningful error message because we're not running under the
+  // SyzyASan logger, but we can at least make sure that the error has been
+  // generated in the SyzyASan runtime.
+  HARMFUL_ACCESS(AsanHeapUseAfterFree(), "AsanRuntime::OnError");
+#else
+  HARMFUL_ACCESS(AsanHeapUseAfterFree(), "heap-use-after-free");
+#endif
+}
+
+#if defined(SYZYASAN)
+TEST(ToolsSanityTest, AsanCorruptHeapBlock) {
+  HARMFUL_ACCESS(AsanCorruptHeapBlock(), "AsanRuntime::OnError");
+}
+
+TEST(ToolsSanityTest, AsanCorruptHeap) {
+  // This test will kill the process by raising an exception, there's no
+  // particular string to look for in the stack trace.
+  HARMFUL_ACCESS(AsanCorruptHeap(), "");
+}
+#endif  // SYZYASAN
+
+#endif  // ADDRESS_SANITIZER || SYZYASAN
 
 namespace {