base/allocator/tcmalloc_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4 #include <stdio.h>
   5 #include "base/allocator/allocator_shim.h"
   6
   7 #include "testing/gtest/include/gtest/gtest.h"
   8
   9 // TCMalloc header files
  10 #include "common.h"  // For TCMalloc constants like page size, etc.
  11
  12 using base::allocator::TCMallocDoMallocForTest;
  13 using base::allocator::TCMallocDoFreeForTest;
  14 using base::allocator::ExcludeSpaceForMarkForTest;
  15
  16 TEST(TCMallocFreeCheck, BadPointerInFirstPageOfTheLargeObject) {
  17   char* p = reinterpret_cast<char*>(
  18       TCMallocDoMallocForTest(ExcludeSpaceForMarkForTest(kMaxSize + 1)));
  19   for (int offset = 1; offset < kPageSize ; offset <<= 1) {
  20     ASSERT_DEATH(TCMallocDoFreeForTest(p + offset),
  21                  "Pointer is not pointing to the start of a span");
  22   }
  23 }
  24
  25 TEST(TCMallocFreeCheck, BadPageAlignedPointerInsideLargeObject) {
  26   char* p = reinterpret_cast<char*>(
  27       TCMallocDoMallocForTest(ExcludeSpaceForMarkForTest(kMaxSize + 1)));
  28
  29   for (int offset = kPageSize; offset < kMaxSize; offset += kPageSize) {
  30     // Only the first and last page of a span are in heap map. So for others
  31     // tcmalloc will give a general error of invalid pointer.
  32     ASSERT_DEATH(TCMallocDoFreeForTest(p + offset),
  33                  "Attempt to free invalid pointer");
  34   }
  35   ASSERT_DEATH(TCMallocDoFreeForTest(p + kMaxSize),
  36                "Pointer is not pointing to the start of a span");
  37 }
  38
  39 TEST(TCMallocFreeCheck, DoubleFreeLargeObject) {
  40   char* p = reinterpret_cast<char*>(
  41       TCMallocDoMallocForTest(ExcludeSpaceForMarkForTest(kMaxSize + 1)));
  42   ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p),
  43                "Object was not in-use");
  44 }
  45
  46
  47 #ifdef NDEBUG
  48 TEST(TCMallocFreeCheck, DoubleFreeSmallObject) {
  49   for (size_t size = 1;
  50        size <= ExcludeSpaceForMarkForTest(kMaxSize);
  51        size <<= 1) {
  52     char* p = reinterpret_cast<char*>(TCMallocDoMallocForTest(size));
  53     ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p),
  54                  "Circular loop in list detected");
  55   }
  56 }
  57 #else
  58 TEST(TCMallocFreeCheck, DoubleFreeSmallObject) {
  59   size_t size = 1;
  60
  61   // When the object is small, tcmalloc validation can not distinguish normal
  62   // memory corruption or double free, because there's not enough space in
  63   // freed objects to keep the mark.
  64   for (; size <= ExcludeSpaceForMarkForTest(kMinClassSize); size <<= 1) {
  65     char* p = reinterpret_cast<char*>(TCMallocDoMallocForTest(size));
  66     ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p),
  67                  "Memory corrupted");
  68   }
  69
  70   for (; size <= ExcludeSpaceForMarkForTest(kMaxSize); size <<= 1) {
  71     char* p = reinterpret_cast<char*>(TCMallocDoMallocForTest(size));
  72     ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p),
  73                  "Attempt to double free");
  74   }
  75 }
  76 #endif
  77
  78 int main(int argc, char **argv) {
  79   testing::InitGoogleTest(&argc, argv);
  80   return RUN_ALL_TESTS();
  81 }