base/allocator/tcmalloc_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4 #include <stddef.h>
   5 #include <stdio.h>
   6
   7 #include "testing/gtest/include/gtest/gtest.h"
   8
   9 // TCMalloc header files.
  10 #include "common.h"  // For TCMalloc constants like page size, etc.
  11
  12 // TCMalloc implementation.
  13 #include "debugallocation_shim.cc"
  14
  15 namespace {
  16
  17 void* TCMallocDoMallocForTest(size_t size) {
  18   return do_malloc(size);
  19 }
  20
  21 void TCMallocDoFreeForTest(void* ptr) {
  22   do_free(ptr);
  23 }
  24
  25 size_t ExcludeSpaceForMarkForTest(size_t size) {
  26   return ExcludeSpaceForMark(size);
  27 }
  28
  29 }  // namespace
  30
  31 TEST(TCMallocFreeCheck, BadPointerInFirstPageOfTheLargeObject) {
  32   char* p = reinterpret_cast<char*>(
  33       TCMallocDoMallocForTest(ExcludeSpaceForMarkForTest(kMaxSize + 1)));
  34   for (int offset = 1; offset < kPageSize ; offset <<= 1) {
  35     ASSERT_DEATH(TCMallocDoFreeForTest(p + offset),
  36                  "Pointer is not pointing to the start of a span");
  37   }
  38 }
  39
  40 TEST(TCMallocFreeCheck, BadPageAlignedPointerInsideLargeObject) {
  41   char* p = reinterpret_cast<char*>(
  42       TCMallocDoMallocForTest(ExcludeSpaceForMarkForTest(kMaxSize + 1)));
  43
  44   for (int offset = kPageSize; offset < kMaxSize; offset += kPageSize) {
  45     // Only the first and last page of a span are in heap map. So for others
  46     // tcmalloc will give a general error of invalid pointer.
  47     ASSERT_DEATH(TCMallocDoFreeForTest(p + offset),
  48                  "Attempt to free invalid pointer");
  49   }
  50   ASSERT_DEATH(TCMallocDoFreeForTest(p + kMaxSize),
  51                "Pointer is not pointing to the start of a span");
  52 }
  53
  54 TEST(TCMallocFreeCheck, DoubleFreeLargeObject) {
  55   char* p = reinterpret_cast<char*>(
  56       TCMallocDoMallocForTest(ExcludeSpaceForMarkForTest(kMaxSize + 1)));
  57   ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p),
  58                "Object was not in-use");
  59 }
  60
  61
  62 #ifdef NDEBUG
  63 TEST(TCMallocFreeCheck, DoubleFreeSmallObject) {
  64   for (size_t size = 1;
  65        size <= ExcludeSpaceForMarkForTest(kMaxSize);
  66        size <<= 1) {
  67     char* p = reinterpret_cast<char*>(TCMallocDoMallocForTest(size));
  68     ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p),
  69                  "Circular loop in list detected");
  70   }
  71 }
  72 #else
  73 TEST(TCMallocFreeCheck, DoubleFreeSmallObject) {
  74   size_t size = 1;
  75
  76   // When the object is small, tcmalloc validation can not distinguish normal
  77   // memory corruption or double free, because there's not enough space in
  78   // freed objects to keep the mark.
  79   for (; size <= ExcludeSpaceForMarkForTest(kMinClassSize); size <<= 1) {
  80     char* p = reinterpret_cast<char*>(TCMallocDoMallocForTest(size));
  81     ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p),
  82                  "Memory corrupted");
  83   }
  84
  85   for (; size <= ExcludeSpaceForMarkForTest(kMaxSize); size <<= 1) {
  86     char* p = reinterpret_cast<char*>(TCMallocDoMallocForTest(size));
  87     ASSERT_DEATH(TCMallocDoFreeForTest(p); TCMallocDoFreeForTest(p),
  88                  "Attempt to double free");
  89   }
  90 }
  91 #endif
  92
  93 int main(int argc, char **argv) {
  94   testing::InitGoogleTest(&argc, argv);
  95   return RUN_ALL_TESTS();
  96 }