// Copyright (c) 2007, Google Inc. // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are // met: // // * Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above // copyright notice, this list of conditions and the following disclaimer // in the documentation and/or other materials provided with the // distribution. // * Neither the name of Google Inc. nor the names of its // contributors may be used to endorse or promote products derived from // this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // --- // Author: Fred Akalin #include <stdio.h> #include <stdlib.h> #include <vector> #include "gperftools/malloc_extension.h" #include "base/logging.h" using std::vector; vector<void (*)()> g_testlist; // the tests to run #define TEST(a, b) \ struct Test_##a##_##b { \ Test_##a##_##b() { g_testlist.push_back(&Run); } \ static void Run(); \ }; \ static Test_##a##_##b g_test_##a##_##b; \ void Test_##a##_##b::Run() static int RUN_ALL_TESTS() { vector<void (*)()>::const_iterator it; for (it = g_testlist.begin(); it != g_testlist.end(); ++it) { (*it)(); // The test will error-exit if there's a problem. } fprintf(stderr, "\nPassed %d tests\n\nPASS\n", static_cast<int>(g_testlist.size())); return 0; } // The death tests are meant to be run from a shell-script driver, which // passes in an integer saying which death test to run. We store that // test-to-run here, and in the macro use a counter to see when we get // to that test, so we can run it. static int test_to_run = 0; // set in main() based on argv static int test_counter = 0; // incremented every time the macro is called #define IF_DEBUG_EXPECT_DEATH(statement, regex) do { \ if (test_counter++ == test_to_run) { \ fprintf(stderr, "Expected regex:%s\n", regex); \ statement; \ } \ } while (false) // This flag won't be compiled in in opt mode. DECLARE_int32(max_free_queue_size); // Test match as well as mismatch rules. But do not test on OS X; on // OS X the OS converts new/new[] to malloc before it gets to us, so // we are unable to catch these mismatch errors. #ifndef __APPLE__ TEST(DebugAllocationTest, DeallocMismatch) { // malloc can be matched only by free // new can be matched only by delete and delete(nothrow) // new[] can be matched only by delete[] and delete[](nothrow) // new(nothrow) can be matched only by delete and delete(nothrow) // new(nothrow)[] can be matched only by delete[] and delete[](nothrow) // Allocate with malloc. { int* x = static_cast<int*>(malloc(sizeof(*x))); IF_DEBUG_EXPECT_DEATH(delete x, "mismatch.*being dealloc.*delete"); IF_DEBUG_EXPECT_DEATH(delete [] x, "mismatch.*being dealloc.*delete *[[]"); // Should work fine. free(x); } // Allocate with new. { int* x = new int; int* y = new int; IF_DEBUG_EXPECT_DEATH(free(x), "mismatch.*being dealloc.*free"); IF_DEBUG_EXPECT_DEATH(delete [] x, "mismatch.*being dealloc.*delete *[[]"); delete x; ::operator delete(y, std::nothrow); } // Allocate with new[]. { int* x = new int[1]; int* y = new int[1]; IF_DEBUG_EXPECT_DEATH(free(x), "mismatch.*being dealloc.*free"); IF_DEBUG_EXPECT_DEATH(delete x, "mismatch.*being dealloc.*delete"); delete [] x; ::operator delete[](y, std::nothrow); } // Allocate with new(nothrow). { int* x = new(std::nothrow) int; int* y = new(std::nothrow) int; IF_DEBUG_EXPECT_DEATH(free(x), "mismatch.*being dealloc.*free"); IF_DEBUG_EXPECT_DEATH(delete [] x, "mismatch.*being dealloc.*delete *[[]"); delete x; ::operator delete(y, std::nothrow); } // Allocate with new(nothrow)[]. { int* x = new(std::nothrow) int[1]; int* y = new(std::nothrow) int[1]; IF_DEBUG_EXPECT_DEATH(free(x), "mismatch.*being dealloc.*free"); IF_DEBUG_EXPECT_DEATH(delete x, "mismatch.*being dealloc.*delete"); delete [] x; ::operator delete[](y, std::nothrow); } } #endif // #ifdef OS_MACOSX TEST(DebugAllocationTest, DoubleFree) { int* pint = new int; delete pint; IF_DEBUG_EXPECT_DEATH(delete pint, "has been already deallocated"); } TEST(DebugAllocationTest, StompBefore) { int* pint = new int; #ifndef NDEBUG // don't stomp memory if we're not in a position to detect it pint[-1] = 5; IF_DEBUG_EXPECT_DEATH(delete pint, "a word before object"); #endif } TEST(DebugAllocationTest, StompAfter) { int* pint = new int; #ifndef NDEBUG // don't stomp memory if we're not in a position to detect it pint[1] = 5; IF_DEBUG_EXPECT_DEATH(delete pint, "a word after object"); #endif } TEST(DebugAllocationTest, FreeQueueTest) { // Verify that the allocator doesn't return blocks that were recently freed. int* x = new int; int* old_x = x; delete x; x = new int; #if 1 // This check should not be read as a universal guarantee of behavior. If // other threads are executing, it would be theoretically possible for this // check to fail despite the efforts of debugallocation.cc to the contrary. // It should always hold under the controlled conditions of this unittest, // however. EXPECT_NE(x, old_x); // Allocator shouldn't return recently freed blocks #else // The below check passes, but since it isn't *required* to pass, I've left // it commented out. // EXPECT_EQ(x, old_x); #endif old_x = NULL; // avoid breaking opt build with an unused variable warning. delete x; } TEST(DebugAllocationTest, DanglingPointerWriteTest) { // This test can only be run if debugging. // // If not debugging, the 'new' following the dangling write might not be // safe. When debugging, we expect the (trashed) deleted block to be on the // list of recently-freed blocks, so the following 'new' will be safe. #if 1 int* x = new int; delete x; int poisoned_x_value = *x; *x = 1; // a dangling write. char* s = new char[FLAGS_max_free_queue_size]; // When we delete s, we push the storage that was previously allocated to x // off the end of the free queue. At that point, the write to that memory // will be detected. IF_DEBUG_EXPECT_DEATH(delete [] s, "Memory was written to after being freed."); // restore the poisoned value of x so that we can delete s without causing a // crash. *x = poisoned_x_value; delete [] s; #endif } TEST(DebugAllocationTest, DanglingWriteAtExitTest) { int *x = new int; delete x; int old_x_value = *x; *x = 1; // verify that dangling writes are caught at program termination if the // corrupted block never got pushed off of the end of the free queue. IF_DEBUG_EXPECT_DEATH(exit(0), "Memory was written to after being freed."); *x = old_x_value; // restore x so that the test can exit successfully. } TEST(DebugAllocationTest, StackTraceWithDanglingWriteAtExitTest) { int *x = new int; delete x; int old_x_value = *x; *x = 1; // verify that we also get a stack trace when we have a dangling write. // The " @ " is part of the stack trace output. IF_DEBUG_EXPECT_DEATH(exit(0), " @ .*main"); *x = old_x_value; // restore x so that the test can exit successfully. } static size_t CurrentlyAllocatedBytes() { size_t value; CHECK(MallocExtension::instance()->GetNumericProperty( "generic.current_allocated_bytes", &value)); return value; } TEST(DebugAllocationTest, CurrentlyAllocated) { // Clear the free queue #if 1 FLAGS_max_free_queue_size = 0; // Force a round-trip through the queue management code so that the // new size is seen and the queue of recently-freed blocks is flushed. free(malloc(1)); FLAGS_max_free_queue_size = 1048576; #endif // Free something and check that it disappears from allocated bytes // immediately. char* p = new char[1000]; size_t after_malloc = CurrentlyAllocatedBytes(); delete[] p; size_t after_free = CurrentlyAllocatedBytes(); EXPECT_LE(after_free, after_malloc - 1000); } TEST(DebugAllocationTest, GetAllocatedSizeTest) { #if 1 // When debug_allocation is in effect, GetAllocatedSize should return // exactly requested size, since debug_allocation doesn't allow users // to write more than that. for (int i = 0; i < 10; ++i) { void *p = malloc(i); EXPECT_EQ(i, MallocExtension::instance()->GetAllocatedSize(p)); free(p); } #endif void* a = malloc(1000); EXPECT_GE(MallocExtension::instance()->GetAllocatedSize(a), 1000); // This is just a sanity check. If we allocated too much, alloc is broken EXPECT_LE(MallocExtension::instance()->GetAllocatedSize(a), 5000); EXPECT_GE(MallocExtension::instance()->GetEstimatedAllocatedSize(1000), 1000); free(a); } TEST(DebugAllocationTest, HugeAlloc) { // This must not be a const variable so it doesn't form an // integral-constant-expression which can be *statically* rejected by the // compiler as too large for the allocation. size_t kTooBig = ~static_cast<size_t>(0); void* a = NULL; #ifndef NDEBUG a = malloc(kTooBig); EXPECT_EQ(NULL, a); // kAlsoTooBig is small enough not to get caught by debugallocation's check, // but will still fall through to tcmalloc's check. This must also be // a non-const variable. See kTooBig for more details. size_t kAlsoTooBig = kTooBig - 1024; a = malloc(kAlsoTooBig); EXPECT_EQ(NULL, a); #endif } int main(int argc, char** argv) { // If you run without args, we run the non-death parts of the test. // Otherwise, argv[1] should be a number saying which death-test // to run. We will output a regexp we expect the death-message // to include, and then run the given death test (which hopefully // will produce that error message). If argv[1] > the number of // death tests, we will run only the non-death parts. One way to // tell when you are done with all tests is when no 'expected // regexp' message is printed for a given argv[1]. if (argc < 2) { test_to_run = -1; // will never match } else { test_to_run = atoi(argv[1]); } return RUN_ALL_TESTS(); }