base/process/memory_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #define _CRT_SECURE_NO_WARNINGS
   6
   7 #include "base/process/memory.h"
   8
   9 #include <limits>
  10
  11 #include "base/compiler_specific.h"
  12 #include "base/debug/alias.h"
  13 #include "base/strings/stringprintf.h"
  14 #include "testing/gtest/include/gtest/gtest.h"
  15
  16 #if defined(OS_WIN)
  17 #include <windows.h>
  18 #endif
  19 #if defined(OS_POSIX)
  20 #include <errno.h>
  21 #endif
  22 #if defined(OS_MACOSX)
  23 #include <malloc/malloc.h>
  24 #include "base/mac/mac_util.h"
  25 #include "base/process/memory_unittest_mac.h"
  26 #endif
  27 #if defined(OS_LINUX)
  28 #include <malloc.h>
  29 #endif
  30
  31 #if defined(OS_WIN)
  32 // HeapQueryInformation function pointer.
  33 typedef BOOL (WINAPI* HeapQueryFn)  \
  34     (HANDLE, HEAP_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
  35
  36 const int kConstantInModule = 42;
  37
  38 TEST(ProcessMemoryTest, GetModuleFromAddress) {
  39   // Since the unit tests are their own EXE, this should be
  40   // equivalent to the EXE's HINSTANCE.
  41   //
  42   // kConstantInModule is a constant in this file and
  43   // therefore within the unit test EXE.
  44   EXPECT_EQ(::GetModuleHandle(NULL),
  45             base::GetModuleFromAddress(
  46                 const_cast<int*>(&kConstantInModule)));
  47
  48   // Any address within the kernel32 module should return
  49   // kernel32's HMODULE.  Our only assumption here is that
  50   // kernel32 is larger than 4 bytes.
  51   HMODULE kernel32 = ::GetModuleHandle(L"kernel32.dll");
  52   HMODULE kernel32_from_address =
  53       base::GetModuleFromAddress(reinterpret_cast<DWORD*>(kernel32) + 1);
  54   EXPECT_EQ(kernel32, kernel32_from_address);
  55 }
  56
  57 TEST(ProcessMemoryTest, EnableLFH) {
  58   ASSERT_TRUE(base::EnableLowFragmentationHeap());
  59   if (IsDebuggerPresent()) {
  60     // Under these conditions, LFH can't be enabled. There's no point to test
  61     // anything.
  62     const char* no_debug_env = getenv("_NO_DEBUG_HEAP");
  63     if (!no_debug_env || strcmp(no_debug_env, "1"))
  64       return;
  65   }
  66   HMODULE kernel32 = GetModuleHandle(L"kernel32.dll");
  67   ASSERT_TRUE(kernel32 != NULL);
  68   HeapQueryFn heap_query = reinterpret_cast<HeapQueryFn>(GetProcAddress(
  69       kernel32,
  70       "HeapQueryInformation"));
  71
  72   // On Windows 2000, the function is not exported. This is not a reason to
  73   // fail but we won't be able to retrieves information about the heap, so we
  74   // should stop here.
  75   if (heap_query == NULL)
  76     return;
  77
  78   HANDLE heaps[1024] = { 0 };
  79   unsigned number_heaps = GetProcessHeaps(1024, heaps);
  80   EXPECT_GT(number_heaps, 0u);
  81   for (unsigned i = 0; i < number_heaps; ++i) {
  82     ULONG flag = 0;
  83     SIZE_T length;
  84     ASSERT_NE(0, heap_query(heaps[i],
  85                             HeapCompatibilityInformation,
  86                             &flag,
  87                             sizeof(flag),
  88                             &length));
  89     // If flag is 0, the heap is a standard heap that does not support
  90     // look-asides. If flag is 1, the heap supports look-asides. If flag is 2,
  91     // the heap is a low-fragmentation heap (LFH). Note that look-asides are not
  92     // supported on the LFH.
  93
  94     // We don't have any documented way of querying the HEAP_NO_SERIALIZE flag.
  95     EXPECT_LE(flag, 2u);
  96     EXPECT_NE(flag, 1u);
  97   }
  98 }
  99 #endif  // defined(OS_WIN)
 100
 101 #if defined(OS_MACOSX)
 102
 103 // For the following Mac tests:
 104 // Note that base::EnableTerminationOnHeapCorruption() is called as part of
 105 // test suite setup and does not need to be done again, else mach_override
 106 // will fail.
 107
 108 #if !defined(ADDRESS_SANITIZER)
 109 // The following code tests the system implementation of malloc() thus no need
 110 // to test it under AddressSanitizer.
 111 TEST(ProcessMemoryTest, MacMallocFailureDoesNotTerminate) {
 112 #if ARCH_CPU_32_BITS
 113   // The Mavericks malloc library changed in a way which breaks the tricks used
 114   // to implement EnableTerminationOnOutOfMemory() with UncheckedMalloc() under
 115   // 32-bit.  Under 64-bit the oom_killer code handles this.
 116   if (base::mac::IsOSMavericksOrLater())
 117     return;
 118 #endif
 119
 120   // Test that ENOMEM doesn't crash via CrMallocErrorBreak two ways: the exit
 121   // code and lack of the error string. The number of bytes is one less than
 122   // MALLOC_ABSOLUTE_MAX_SIZE, more than which the system early-returns NULL and
 123   // does not call through malloc_error_break(). See the comment at
 124   // EnableTerminationOnOutOfMemory() for more information.
 125   void* buf = NULL;
 126   ASSERT_EXIT(
 127       {
 128         base::EnableTerminationOnOutOfMemory();
 129
 130         buf = malloc(std::numeric_limits<size_t>::max() - (2 * PAGE_SIZE) - 1);
 131       },
 132       testing::KilledBySignal(SIGTRAP),
 133       "\\*\\*\\* error: can't allocate region.*\\n?.*");
 134
 135   base::debug::Alias(buf);
 136 }
 137 #endif  // !defined(ADDRESS_SANITIZER)
 138
 139 TEST(ProcessMemoryTest, MacTerminateOnHeapCorruption) {
 140   // Assert that freeing an unallocated pointer will crash the process.
 141   char buf[9];
 142   asm("" : "=r" (buf));  // Prevent clang from being too smart.
 143 #if ARCH_CPU_64_BITS
 144   // On 64 bit Macs, the malloc system automatically abort()s on heap corruption
 145   // but does not output anything.
 146   ASSERT_DEATH(free(buf), "");
 147 #elif defined(ADDRESS_SANITIZER)
 148   // AddressSanitizer replaces malloc() and prints a different error message on
 149   // heap corruption.
 150   ASSERT_DEATH(free(buf), "attempting free on address which "
 151       "was not malloc\\(\\)-ed");
 152 #else
 153   ADD_FAILURE() << "This test is not supported in this build configuration.";
 154 #endif
 155 }
 156
 157 #endif  // defined(OS_MACOSX)
 158
 159 // Android doesn't implement set_new_handler, so we can't use the
 160 // OutOfMemoryTest cases.
 161 // OpenBSD does not support these tests either.
 162 // TODO(vandebo) make this work on Windows too.
 163 #if !defined(OS_ANDROID) && !defined(OS_OPENBSD) && \
 164     !defined(OS_WIN)
 165
 166 #if defined(USE_TCMALLOC)
 167 extern "C" {
 168 int tc_set_new_mode(int mode);
 169 }
 170 #endif  // defined(USE_TCMALLOC)
 171
 172 class OutOfMemoryTest : public testing::Test {
 173  public:
 174   OutOfMemoryTest()
 175     : value_(NULL),
 176     // Make test size as large as possible minus a few pages so
 177     // that alignment or other rounding doesn't make it wrap.
 178     test_size_(std::numeric_limits<std::size_t>::max() - 12 * 1024),
 179     signed_test_size_(std::numeric_limits<ssize_t>::max()) {
 180   }
 181
 182 #if defined(USE_TCMALLOC)
 183   void SetUp() override { tc_set_new_mode(1); }
 184
 185   void TearDown() override { tc_set_new_mode(0); }
 186 #endif  // defined(USE_TCMALLOC)
 187
 188  protected:
 189   void* value_;
 190   size_t test_size_;
 191   ssize_t signed_test_size_;
 192 };
 193
 194 class OutOfMemoryDeathTest : public OutOfMemoryTest {
 195  public:
 196   void SetUpInDeathAssert() {
 197     // Must call EnableTerminationOnOutOfMemory() because that is called from
 198     // chrome's main function and therefore hasn't been called yet.
 199     // Since this call may result in another thread being created and death
 200     // tests shouldn't be started in a multithread environment, this call
 201     // should be done inside of the ASSERT_DEATH.
 202     base::EnableTerminationOnOutOfMemory();
 203   }
 204 };
 205
 206 TEST_F(OutOfMemoryDeathTest, New) {
 207   ASSERT_DEATH({
 208       SetUpInDeathAssert();
 209       value_ = operator new(test_size_);
 210     }, "");
 211 }
 212
 213 TEST_F(OutOfMemoryDeathTest, NewArray) {
 214   ASSERT_DEATH({
 215       SetUpInDeathAssert();
 216       value_ = new char[test_size_];
 217     }, "");
 218 }
 219
 220 TEST_F(OutOfMemoryDeathTest, Malloc) {
 221   ASSERT_DEATH({
 222       SetUpInDeathAssert();
 223       value_ = malloc(test_size_);
 224     }, "");
 225 }
 226
 227 TEST_F(OutOfMemoryDeathTest, Realloc) {
 228   ASSERT_DEATH({
 229       SetUpInDeathAssert();
 230       value_ = realloc(NULL, test_size_);
 231     }, "");
 232 }
 233
 234 TEST_F(OutOfMemoryDeathTest, Calloc) {
 235   ASSERT_DEATH({
 236       SetUpInDeathAssert();
 237       value_ = calloc(1024, test_size_ / 1024L);
 238     }, "");
 239 }
 240
 241 TEST_F(OutOfMemoryDeathTest, Valloc) {
 242   ASSERT_DEATH({
 243       SetUpInDeathAssert();
 244       value_ = valloc(test_size_);
 245     }, "");
 246 }
 247
 248 #if defined(OS_LINUX)
 249
 250 #if PVALLOC_AVAILABLE == 1
 251 TEST_F(OutOfMemoryDeathTest, Pvalloc) {
 252   ASSERT_DEATH({
 253       SetUpInDeathAssert();
 254       value_ = pvalloc(test_size_);
 255     }, "");
 256 }
 257 #endif  // PVALLOC_AVAILABLE == 1
 258
 259 TEST_F(OutOfMemoryDeathTest, Memalign) {
 260   ASSERT_DEATH({
 261       SetUpInDeathAssert();
 262       value_ = memalign(4, test_size_);
 263     }, "");
 264 }
 265
 266 TEST_F(OutOfMemoryDeathTest, ViaSharedLibraries) {
 267   // This tests that the run-time symbol resolution is overriding malloc for
 268   // shared libraries (including libc itself) as well as for our code.
 269   std::string format = base::StringPrintf("%%%zud", test_size_);
 270   char *value = NULL;
 271   ASSERT_DEATH({
 272       SetUpInDeathAssert();
 273       EXPECT_EQ(-1, asprintf(&value, format.c_str(), 0));
 274     }, "");
 275 }
 276 #endif  // OS_LINUX
 277
 278 // Android doesn't implement posix_memalign().
 279 #if defined(OS_POSIX) && !defined(OS_ANDROID)
 280 TEST_F(OutOfMemoryDeathTest, Posix_memalign) {
 281   // Grab the return value of posix_memalign to silence a compiler warning
 282   // about unused return values. We don't actually care about the return
 283   // value, since we're asserting death.
 284   ASSERT_DEATH({
 285       SetUpInDeathAssert();
 286       EXPECT_EQ(ENOMEM, posix_memalign(&value_, 8, test_size_));
 287     }, "");
 288 }
 289 #endif  // defined(OS_POSIX) && !defined(OS_ANDROID)
 290
 291 #if defined(OS_MACOSX)
 292
 293 // Purgeable zone tests
 294
 295 TEST_F(OutOfMemoryDeathTest, MallocPurgeable) {
 296   malloc_zone_t* zone = malloc_default_purgeable_zone();
 297   ASSERT_DEATH({
 298       SetUpInDeathAssert();
 299       value_ = malloc_zone_malloc(zone, test_size_);
 300     }, "");
 301 }
 302
 303 TEST_F(OutOfMemoryDeathTest, ReallocPurgeable) {
 304   malloc_zone_t* zone = malloc_default_purgeable_zone();
 305   ASSERT_DEATH({
 306       SetUpInDeathAssert();
 307       value_ = malloc_zone_realloc(zone, NULL, test_size_);
 308     }, "");
 309 }
 310
 311 TEST_F(OutOfMemoryDeathTest, CallocPurgeable) {
 312   malloc_zone_t* zone = malloc_default_purgeable_zone();
 313   ASSERT_DEATH({
 314       SetUpInDeathAssert();
 315       value_ = malloc_zone_calloc(zone, 1024, test_size_ / 1024L);
 316     }, "");
 317 }
 318
 319 TEST_F(OutOfMemoryDeathTest, VallocPurgeable) {
 320   malloc_zone_t* zone = malloc_default_purgeable_zone();
 321   ASSERT_DEATH({
 322       SetUpInDeathAssert();
 323       value_ = malloc_zone_valloc(zone, test_size_);
 324     }, "");
 325 }
 326
 327 TEST_F(OutOfMemoryDeathTest, PosixMemalignPurgeable) {
 328   malloc_zone_t* zone = malloc_default_purgeable_zone();
 329   ASSERT_DEATH({
 330       SetUpInDeathAssert();
 331       value_ = malloc_zone_memalign(zone, 8, test_size_);
 332     }, "");
 333 }
 334
 335 // Since these allocation functions take a signed size, it's possible that
 336 // calling them just once won't be enough to exhaust memory. In the 32-bit
 337 // environment, it's likely that these allocation attempts will fail because
 338 // not enough contiguous address space is available. In the 64-bit environment,
 339 // it's likely that they'll fail because they would require a preposterous
 340 // amount of (virtual) memory.
 341
 342 TEST_F(OutOfMemoryDeathTest, CFAllocatorSystemDefault) {
 343   ASSERT_DEATH({
 344       SetUpInDeathAssert();
 345       while ((value_ =
 346               base::AllocateViaCFAllocatorSystemDefault(signed_test_size_))) {}
 347     }, "");
 348 }
 349
 350 TEST_F(OutOfMemoryDeathTest, CFAllocatorMalloc) {
 351   ASSERT_DEATH({
 352       SetUpInDeathAssert();
 353       while ((value_ =
 354               base::AllocateViaCFAllocatorMalloc(signed_test_size_))) {}
 355     }, "");
 356 }
 357
 358 TEST_F(OutOfMemoryDeathTest, CFAllocatorMallocZone) {
 359   ASSERT_DEATH({
 360       SetUpInDeathAssert();
 361       while ((value_ =
 362               base::AllocateViaCFAllocatorMallocZone(signed_test_size_))) {}
 363     }, "");
 364 }
 365
 366 #if !defined(ARCH_CPU_64_BITS)
 367
 368 // See process_util_unittest_mac.mm for an explanation of why this test isn't
 369 // run in the 64-bit environment.
 370
 371 TEST_F(OutOfMemoryDeathTest, PsychoticallyBigObjCObject) {
 372   ASSERT_DEATH({
 373       SetUpInDeathAssert();
 374       while ((value_ = base::AllocatePsychoticallyBigObjCObject())) {}
 375     }, "");
 376 }
 377
 378 #endif  // !ARCH_CPU_64_BITS
 379 #endif  // OS_MACOSX
 380
 381 class OutOfMemoryHandledTest : public OutOfMemoryTest {
 382  public:
 383   static const size_t kSafeMallocSize = 512;
 384   static const size_t kSafeCallocSize = 128;
 385   static const size_t kSafeCallocItems = 4;
 386
 387   void SetUp() override {
 388     OutOfMemoryTest::SetUp();
 389
 390     // We enable termination on OOM - just as Chrome does at early
 391     // initialization - and test that UncheckedMalloc and  UncheckedCalloc
 392     // properly by-pass this in order to allow the caller to handle OOM.
 393     base::EnableTerminationOnOutOfMemory();
 394   }
 395 };
 396
 397 // TODO(b.kelemen): make UncheckedMalloc and UncheckedCalloc work
 398 // on Windows as well.
 399 // UncheckedMalloc() and UncheckedCalloc() work as regular malloc()/calloc()
 400 // under sanitizer tools.
 401 #if !defined(MEMORY_TOOL_REPLACES_ALLOCATOR)
 402 TEST_F(OutOfMemoryHandledTest, UncheckedMalloc) {
 403 #if defined(OS_MACOSX) && ARCH_CPU_32_BITS
 404   // The Mavericks malloc library changed in a way which breaks the tricks used
 405   // to implement EnableTerminationOnOutOfMemory() with UncheckedMalloc() under
 406   // 32-bit.  The 64-bit malloc library works as desired without tricks.
 407   if (base::mac::IsOSMavericksOrLater())
 408     return;
 409 #endif
 410   EXPECT_TRUE(base::UncheckedMalloc(kSafeMallocSize, &value_));
 411   EXPECT_TRUE(value_ != NULL);
 412   free(value_);
 413
 414   EXPECT_FALSE(base::UncheckedMalloc(test_size_, &value_));
 415   EXPECT_TRUE(value_ == NULL);
 416 }
 417
 418 TEST_F(OutOfMemoryHandledTest, UncheckedCalloc) {
 419 #if defined(OS_MACOSX) && ARCH_CPU_32_BITS
 420   // The Mavericks malloc library changed in a way which breaks the tricks used
 421   // to implement EnableTerminationOnOutOfMemory() with UncheckedCalloc() under
 422   // 32-bit.  The 64-bit malloc library works as desired without tricks.
 423   if (base::mac::IsOSMavericksOrLater())
 424     return;
 425 #endif
 426   EXPECT_TRUE(base::UncheckedCalloc(1, kSafeMallocSize, &value_));
 427   EXPECT_TRUE(value_ != NULL);
 428   const char* bytes = static_cast<const char*>(value_);
 429   for (size_t i = 0; i < kSafeMallocSize; ++i)
 430     EXPECT_EQ(0, bytes[i]);
 431   free(value_);
 432
 433   EXPECT_TRUE(
 434       base::UncheckedCalloc(kSafeCallocItems, kSafeCallocSize, &value_));
 435   EXPECT_TRUE(value_ != NULL);
 436   bytes = static_cast<const char*>(value_);
 437   for (size_t i = 0; i < (kSafeCallocItems * kSafeCallocSize); ++i)
 438     EXPECT_EQ(0, bytes[i]);
 439   free(value_);
 440
 441   EXPECT_FALSE(base::UncheckedCalloc(1, test_size_, &value_));
 442   EXPECT_TRUE(value_ == NULL);
 443 }
 444 #endif  // !defined(MEMORY_TOOL_REPLACES_ALLOCATOR)
 445 #endif  // !defined(OS_ANDROID) && !defined(OS_OPENBSD) && !defined(OS_WIN)