Home | History | Annotate | Download | only in unit
      1 #include "test/jemalloc_test.h"
      2 
      3 #ifdef JEMALLOC_FILL
      4 #  ifndef JEMALLOC_TEST_JUNK_OPT
      5 #    define JEMALLOC_TEST_JUNK_OPT "junk:true"
      6 #  endif
      7 const char *malloc_conf =
      8     "abort:false,zero:false,redzone:true,quarantine:0," JEMALLOC_TEST_JUNK_OPT;
      9 #endif
     10 
     11 static arena_dalloc_junk_small_t *arena_dalloc_junk_small_orig;
     12 static arena_dalloc_junk_large_t *arena_dalloc_junk_large_orig;
     13 static huge_dalloc_junk_t *huge_dalloc_junk_orig;
     14 static void *watch_for_junking;
     15 static bool saw_junking;
     16 
     17 static void
     18 watch_junking(void *p)
     19 {
     20 
     21 	watch_for_junking = p;
     22 	saw_junking = false;
     23 }
     24 
     25 static void
     26 arena_dalloc_junk_small_intercept(void *ptr, arena_bin_info_t *bin_info)
     27 {
     28 	size_t i;
     29 
     30 	arena_dalloc_junk_small_orig(ptr, bin_info);
     31 	for (i = 0; i < bin_info->reg_size; i++) {
     32 		assert_u_eq(((uint8_t *)ptr)[i], JEMALLOC_FREE_JUNK,
     33 		    "Missing junk fill for byte %zu/%zu of deallocated region",
     34 		    i, bin_info->reg_size);
     35 	}
     36 	if (ptr == watch_for_junking)
     37 		saw_junking = true;
     38 }
     39 
     40 static void
     41 arena_dalloc_junk_large_intercept(void *ptr, size_t usize)
     42 {
     43 	size_t i;
     44 
     45 	arena_dalloc_junk_large_orig(ptr, usize);
     46 	for (i = 0; i < usize; i++) {
     47 		assert_u_eq(((uint8_t *)ptr)[i], JEMALLOC_FREE_JUNK,
     48 		    "Missing junk fill for byte %zu/%zu of deallocated region",
     49 		    i, usize);
     50 	}
     51 	if (ptr == watch_for_junking)
     52 		saw_junking = true;
     53 }
     54 
     55 static void
     56 huge_dalloc_junk_intercept(void *ptr, size_t usize)
     57 {
     58 
     59 	huge_dalloc_junk_orig(ptr, usize);
     60 	/*
     61 	 * The conditions under which junk filling actually occurs are nuanced
     62 	 * enough that it doesn't make sense to duplicate the decision logic in
     63 	 * test code, so don't actually check that the region is junk-filled.
     64 	 */
     65 	if (ptr == watch_for_junking)
     66 		saw_junking = true;
     67 }
     68 
     69 static void
     70 test_junk(size_t sz_min, size_t sz_max)
     71 {
     72 	uint8_t *s;
     73 	size_t sz_prev, sz, i;
     74 
     75 	if (opt_junk_free) {
     76 		arena_dalloc_junk_small_orig = arena_dalloc_junk_small;
     77 		arena_dalloc_junk_small = arena_dalloc_junk_small_intercept;
     78 		arena_dalloc_junk_large_orig = arena_dalloc_junk_large;
     79 		arena_dalloc_junk_large = arena_dalloc_junk_large_intercept;
     80 		huge_dalloc_junk_orig = huge_dalloc_junk;
     81 		huge_dalloc_junk = huge_dalloc_junk_intercept;
     82 	}
     83 
     84 	sz_prev = 0;
     85 	s = (uint8_t *)mallocx(sz_min, 0);
     86 	assert_ptr_not_null((void *)s, "Unexpected mallocx() failure");
     87 
     88 	for (sz = sallocx(s, 0); sz <= sz_max;
     89 	    sz_prev = sz, sz = sallocx(s, 0)) {
     90 		if (sz_prev > 0) {
     91 			assert_u_eq(s[0], 'a',
     92 			    "Previously allocated byte %zu/%zu is corrupted",
     93 			    ZU(0), sz_prev);
     94 			assert_u_eq(s[sz_prev-1], 'a',
     95 			    "Previously allocated byte %zu/%zu is corrupted",
     96 			    sz_prev-1, sz_prev);
     97 		}
     98 
     99 		for (i = sz_prev; i < sz; i++) {
    100 			if (opt_junk_alloc) {
    101 				assert_u_eq(s[i], JEMALLOC_ALLOC_JUNK,
    102 				    "Newly allocated byte %zu/%zu isn't "
    103 				    "junk-filled", i, sz);
    104 			}
    105 			s[i] = 'a';
    106 		}
    107 
    108 		if (xallocx(s, sz+1, 0, 0) == sz) {
    109 			watch_junking(s);
    110 			s = (uint8_t *)rallocx(s, sz+1, 0);
    111 			assert_ptr_not_null((void *)s,
    112 			    "Unexpected rallocx() failure");
    113 			assert_true(!opt_junk_free || saw_junking,
    114 			    "Expected region of size %zu to be junk-filled",
    115 			    sz);
    116 		}
    117 	}
    118 
    119 	watch_junking(s);
    120 	dallocx(s, 0);
    121 	assert_true(!opt_junk_free || saw_junking,
    122 	    "Expected region of size %zu to be junk-filled", sz);
    123 
    124 	if (opt_junk_free) {
    125 		arena_dalloc_junk_small = arena_dalloc_junk_small_orig;
    126 		arena_dalloc_junk_large = arena_dalloc_junk_large_orig;
    127 		huge_dalloc_junk = huge_dalloc_junk_orig;
    128 	}
    129 }
    130 
    131 TEST_BEGIN(test_junk_small)
    132 {
    133 
    134 	test_skip_if(!config_fill);
    135 	test_junk(1, SMALL_MAXCLASS-1);
    136 }
    137 TEST_END
    138 
    139 TEST_BEGIN(test_junk_large)
    140 {
    141 
    142 	test_skip_if(!config_fill);
    143 	test_junk(SMALL_MAXCLASS+1, large_maxclass);
    144 }
    145 TEST_END
    146 
    147 TEST_BEGIN(test_junk_huge)
    148 {
    149 
    150 	test_skip_if(!config_fill);
    151 	test_junk(large_maxclass+1, chunksize*2);
    152 }
    153 TEST_END
    154 
    155 arena_ralloc_junk_large_t *arena_ralloc_junk_large_orig;
    156 static void *most_recently_trimmed;
    157 
    158 static size_t
    159 shrink_size(size_t size)
    160 {
    161 	size_t shrink_size;
    162 
    163 	for (shrink_size = size - 1; nallocx(shrink_size, 0) == size;
    164 	    shrink_size--)
    165 		; /* Do nothing. */
    166 
    167 	return (shrink_size);
    168 }
    169 
    170 static void
    171 arena_ralloc_junk_large_intercept(void *ptr, size_t old_usize, size_t usize)
    172 {
    173 
    174 	arena_ralloc_junk_large_orig(ptr, old_usize, usize);
    175 	assert_zu_eq(old_usize, large_maxclass, "Unexpected old_usize");
    176 	assert_zu_eq(usize, shrink_size(large_maxclass), "Unexpected usize");
    177 	most_recently_trimmed = ptr;
    178 }
    179 
    180 TEST_BEGIN(test_junk_large_ralloc_shrink)
    181 {
    182 	void *p1, *p2;
    183 
    184 	p1 = mallocx(large_maxclass, 0);
    185 	assert_ptr_not_null(p1, "Unexpected mallocx() failure");
    186 
    187 	arena_ralloc_junk_large_orig = arena_ralloc_junk_large;
    188 	arena_ralloc_junk_large = arena_ralloc_junk_large_intercept;
    189 
    190 	p2 = rallocx(p1, shrink_size(large_maxclass), 0);
    191 	assert_ptr_eq(p1, p2, "Unexpected move during shrink");
    192 
    193 	arena_ralloc_junk_large = arena_ralloc_junk_large_orig;
    194 
    195 	assert_ptr_eq(most_recently_trimmed, p1,
    196 	    "Expected trimmed portion of region to be junk-filled");
    197 }
    198 TEST_END
    199 
    200 static bool detected_redzone_corruption;
    201 
    202 static void
    203 arena_redzone_corruption_replacement(void *ptr, size_t usize, bool after,
    204     size_t offset, uint8_t byte)
    205 {
    206 
    207 	detected_redzone_corruption = true;
    208 }
    209 
    210 TEST_BEGIN(test_junk_redzone)
    211 {
    212 	char *s;
    213 	arena_redzone_corruption_t *arena_redzone_corruption_orig;
    214 
    215 	test_skip_if(!config_fill);
    216 	test_skip_if(!opt_junk_alloc || !opt_junk_free);
    217 
    218 	arena_redzone_corruption_orig = arena_redzone_corruption;
    219 	arena_redzone_corruption = arena_redzone_corruption_replacement;
    220 
    221 	/* Test underflow. */
    222 	detected_redzone_corruption = false;
    223 	s = (char *)mallocx(1, 0);
    224 	assert_ptr_not_null((void *)s, "Unexpected mallocx() failure");
    225 	s[-1] = 0xbb;
    226 	dallocx(s, 0);
    227 	assert_true(detected_redzone_corruption,
    228 	    "Did not detect redzone corruption");
    229 
    230 	/* Test overflow. */
    231 	detected_redzone_corruption = false;
    232 	s = (char *)mallocx(1, 0);
    233 	assert_ptr_not_null((void *)s, "Unexpected mallocx() failure");
    234 	s[sallocx(s, 0)] = 0xbb;
    235 	dallocx(s, 0);
    236 	assert_true(detected_redzone_corruption,
    237 	    "Did not detect redzone corruption");
    238 
    239 	arena_redzone_corruption = arena_redzone_corruption_orig;
    240 }
    241 TEST_END
    242 
    243 int
    244 main(void)
    245 {
    246 
    247 	return (test(
    248 	    test_junk_small,
    249 	    test_junk_large,
    250 	    test_junk_huge,
    251 	    test_junk_large_ralloc_shrink,
    252 	    test_junk_redzone));
    253 }
    254