1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#define _CRT_SECURE_NO_WARNINGS 6 7#include "base/process/memory.h" 8 9#include <limits> 10 11#include "base/compiler_specific.h" 12#include "base/debug/alias.h" 13#include "base/strings/stringprintf.h" 14#include "testing/gtest/include/gtest/gtest.h" 15 16#if defined(OS_WIN) 17#include <windows.h> 18#endif 19#if defined(OS_POSIX) 20#include <errno.h> 21#endif 22#if defined(OS_MACOSX) 23#include <malloc/malloc.h> 24#include "base/mac/mac_util.h" 25#include "base/process/memory_unittest_mac.h" 26#endif 27#if defined(OS_LINUX) 28#include <malloc.h> 29#endif 30 31#if defined(OS_WIN) 32// HeapQueryInformation function pointer. 33typedef BOOL (WINAPI* HeapQueryFn) \ 34 (HANDLE, HEAP_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T); 35 36const int kConstantInModule = 42; 37 38TEST(ProcessMemoryTest, GetModuleFromAddress) { 39 // Since the unit tests are their own EXE, this should be 40 // equivalent to the EXE's HINSTANCE. 41 // 42 // kConstantInModule is a constant in this file and 43 // therefore within the unit test EXE. 44 EXPECT_EQ(::GetModuleHandle(NULL), 45 base::GetModuleFromAddress( 46 const_cast<int*>(&kConstantInModule))); 47 48 // Any address within the kernel32 module should return 49 // kernel32's HMODULE. Our only assumption here is that 50 // kernel32 is larger than 4 bytes. 51 HMODULE kernel32 = ::GetModuleHandle(L"kernel32.dll"); 52 HMODULE kernel32_from_address = 53 base::GetModuleFromAddress(reinterpret_cast<DWORD*>(kernel32) + 1); 54 EXPECT_EQ(kernel32, kernel32_from_address); 55} 56 57TEST(ProcessMemoryTest, EnableLFH) { 58 ASSERT_TRUE(base::EnableLowFragmentationHeap()); 59 if (IsDebuggerPresent()) { 60 // Under these conditions, LFH can't be enabled. There's no point to test 61 // anything. 62 const char* no_debug_env = getenv("_NO_DEBUG_HEAP"); 63 if (!no_debug_env || strcmp(no_debug_env, "1")) 64 return; 65 } 66 HMODULE kernel32 = GetModuleHandle(L"kernel32.dll"); 67 ASSERT_TRUE(kernel32 != NULL); 68 HeapQueryFn heap_query = reinterpret_cast<HeapQueryFn>(GetProcAddress( 69 kernel32, 70 "HeapQueryInformation")); 71 72 // On Windows 2000, the function is not exported. This is not a reason to 73 // fail but we won't be able to retrieves information about the heap, so we 74 // should stop here. 75 if (heap_query == NULL) 76 return; 77 78 HANDLE heaps[1024] = { 0 }; 79 unsigned number_heaps = GetProcessHeaps(1024, heaps); 80 EXPECT_GT(number_heaps, 0u); 81 for (unsigned i = 0; i < number_heaps; ++i) { 82 ULONG flag = 0; 83 SIZE_T length; 84 ASSERT_NE(0, heap_query(heaps[i], 85 HeapCompatibilityInformation, 86 &flag, 87 sizeof(flag), 88 &length)); 89 // If flag is 0, the heap is a standard heap that does not support 90 // look-asides. If flag is 1, the heap supports look-asides. If flag is 2, 91 // the heap is a low-fragmentation heap (LFH). Note that look-asides are not 92 // supported on the LFH. 93 94 // We don't have any documented way of querying the HEAP_NO_SERIALIZE flag. 95 EXPECT_LE(flag, 2u); 96 EXPECT_NE(flag, 1u); 97 } 98} 99#endif // defined(OS_WIN) 100 101#if defined(OS_MACOSX) 102 103// For the following Mac tests: 104// Note that base::EnableTerminationOnHeapCorruption() is called as part of 105// test suite setup and does not need to be done again, else mach_override 106// will fail. 107 108#if !defined(ADDRESS_SANITIZER) 109// The following code tests the system implementation of malloc() thus no need 110// to test it under AddressSanitizer. 111TEST(ProcessMemoryTest, MacMallocFailureDoesNotTerminate) { 112#if ARCH_CPU_32_BITS 113 // The Mavericks malloc library changed in a way which breaks the tricks used 114 // to implement EnableTerminationOnOutOfMemory() with UncheckedMalloc() under 115 // 32-bit. Under 64-bit the oom_killer code handles this. 116 if (base::mac::IsOSMavericksOrLater()) 117 return; 118#endif 119 120 // Test that ENOMEM doesn't crash via CrMallocErrorBreak two ways: the exit 121 // code and lack of the error string. The number of bytes is one less than 122 // MALLOC_ABSOLUTE_MAX_SIZE, more than which the system early-returns NULL and 123 // does not call through malloc_error_break(). See the comment at 124 // EnableTerminationOnOutOfMemory() for more information. 125 void* buf = NULL; 126 ASSERT_EXIT( 127 { 128 base::EnableTerminationOnOutOfMemory(); 129 130 buf = malloc(std::numeric_limits<size_t>::max() - (2 * PAGE_SIZE) - 1); 131 }, 132 testing::KilledBySignal(SIGTRAP), 133 "\\*\\*\\* error: can't allocate region.*\\n?.*"); 134 135 base::debug::Alias(buf); 136} 137#endif // !defined(ADDRESS_SANITIZER) 138 139TEST(ProcessMemoryTest, MacTerminateOnHeapCorruption) { 140 // Assert that freeing an unallocated pointer will crash the process. 141 char buf[9]; 142 asm("" : "=r" (buf)); // Prevent clang from being too smart. 143#if ARCH_CPU_64_BITS 144 // On 64 bit Macs, the malloc system automatically abort()s on heap corruption 145 // but does not output anything. 146 ASSERT_DEATH(free(buf), ""); 147#elif defined(ADDRESS_SANITIZER) 148 // AddressSanitizer replaces malloc() and prints a different error message on 149 // heap corruption. 150 ASSERT_DEATH(free(buf), "attempting free on address which " 151 "was not malloc\\(\\)-ed"); 152#else 153 ASSERT_DEATH(free(buf), "being freed.*\\n?\\.*" 154 "\\*\\*\\* set a breakpoint in malloc_error_break to debug.*\\n?.*" 155 "Terminating process due to a potential for future heap corruption"); 156#endif // ARCH_CPU_64_BITS || defined(ADDRESS_SANITIZER) 157} 158 159#endif // defined(OS_MACOSX) 160 161// Android doesn't implement set_new_handler, so we can't use the 162// OutOfMemoryTest cases. 163// OpenBSD does not support these tests either. 164// TODO(vandebo) make this work on Windows too. 165#if !defined(OS_ANDROID) && !defined(OS_OPENBSD) && \ 166 !defined(OS_WIN) 167 168#if defined(USE_TCMALLOC) 169extern "C" { 170int tc_set_new_mode(int mode); 171} 172#endif // defined(USE_TCMALLOC) 173 174class OutOfMemoryTest : public testing::Test { 175 public: 176 OutOfMemoryTest() 177 : value_(NULL), 178 // Make test size as large as possible minus a few pages so 179 // that alignment or other rounding doesn't make it wrap. 180 test_size_(std::numeric_limits<std::size_t>::max() - 12 * 1024), 181 signed_test_size_(std::numeric_limits<ssize_t>::max()) { 182 } 183 184#if defined(USE_TCMALLOC) 185 virtual void SetUp() OVERRIDE { 186 tc_set_new_mode(1); 187 } 188 189 virtual void TearDown() OVERRIDE { 190 tc_set_new_mode(0); 191 } 192#endif // defined(USE_TCMALLOC) 193 194 protected: 195 void* value_; 196 size_t test_size_; 197 ssize_t signed_test_size_; 198}; 199 200class OutOfMemoryDeathTest : public OutOfMemoryTest { 201 public: 202 void SetUpInDeathAssert() { 203 // Must call EnableTerminationOnOutOfMemory() because that is called from 204 // chrome's main function and therefore hasn't been called yet. 205 // Since this call may result in another thread being created and death 206 // tests shouldn't be started in a multithread environment, this call 207 // should be done inside of the ASSERT_DEATH. 208 base::EnableTerminationOnOutOfMemory(); 209 } 210}; 211 212TEST_F(OutOfMemoryDeathTest, New) { 213 ASSERT_DEATH({ 214 SetUpInDeathAssert(); 215 value_ = operator new(test_size_); 216 }, ""); 217} 218 219TEST_F(OutOfMemoryDeathTest, NewArray) { 220 ASSERT_DEATH({ 221 SetUpInDeathAssert(); 222 value_ = new char[test_size_]; 223 }, ""); 224} 225 226TEST_F(OutOfMemoryDeathTest, Malloc) { 227 ASSERT_DEATH({ 228 SetUpInDeathAssert(); 229 value_ = malloc(test_size_); 230 }, ""); 231} 232 233TEST_F(OutOfMemoryDeathTest, Realloc) { 234 ASSERT_DEATH({ 235 SetUpInDeathAssert(); 236 value_ = realloc(NULL, test_size_); 237 }, ""); 238} 239 240TEST_F(OutOfMemoryDeathTest, Calloc) { 241 ASSERT_DEATH({ 242 SetUpInDeathAssert(); 243 value_ = calloc(1024, test_size_ / 1024L); 244 }, ""); 245} 246 247TEST_F(OutOfMemoryDeathTest, Valloc) { 248 ASSERT_DEATH({ 249 SetUpInDeathAssert(); 250 value_ = valloc(test_size_); 251 }, ""); 252} 253 254#if defined(OS_LINUX) 255 256#if PVALLOC_AVAILABLE == 1 257TEST_F(OutOfMemoryDeathTest, Pvalloc) { 258 ASSERT_DEATH({ 259 SetUpInDeathAssert(); 260 value_ = pvalloc(test_size_); 261 }, ""); 262} 263#endif // PVALLOC_AVAILABLE == 1 264 265TEST_F(OutOfMemoryDeathTest, Memalign) { 266 ASSERT_DEATH({ 267 SetUpInDeathAssert(); 268 value_ = memalign(4, test_size_); 269 }, ""); 270} 271 272TEST_F(OutOfMemoryDeathTest, ViaSharedLibraries) { 273 // This tests that the run-time symbol resolution is overriding malloc for 274 // shared libraries (including libc itself) as well as for our code. 275 std::string format = base::StringPrintf("%%%zud", test_size_); 276 char *value = NULL; 277 ASSERT_DEATH({ 278 SetUpInDeathAssert(); 279 EXPECT_EQ(-1, asprintf(&value, format.c_str(), 0)); 280 }, ""); 281} 282#endif // OS_LINUX 283 284// Android doesn't implement posix_memalign(). 285#if defined(OS_POSIX) && !defined(OS_ANDROID) 286TEST_F(OutOfMemoryDeathTest, Posix_memalign) { 287 // Grab the return value of posix_memalign to silence a compiler warning 288 // about unused return values. We don't actually care about the return 289 // value, since we're asserting death. 290 ASSERT_DEATH({ 291 SetUpInDeathAssert(); 292 EXPECT_EQ(ENOMEM, posix_memalign(&value_, 8, test_size_)); 293 }, ""); 294} 295#endif // defined(OS_POSIX) && !defined(OS_ANDROID) 296 297#if defined(OS_MACOSX) 298 299// Purgeable zone tests 300 301TEST_F(OutOfMemoryDeathTest, MallocPurgeable) { 302 malloc_zone_t* zone = malloc_default_purgeable_zone(); 303 ASSERT_DEATH({ 304 SetUpInDeathAssert(); 305 value_ = malloc_zone_malloc(zone, test_size_); 306 }, ""); 307} 308 309TEST_F(OutOfMemoryDeathTest, ReallocPurgeable) { 310 malloc_zone_t* zone = malloc_default_purgeable_zone(); 311 ASSERT_DEATH({ 312 SetUpInDeathAssert(); 313 value_ = malloc_zone_realloc(zone, NULL, test_size_); 314 }, ""); 315} 316 317TEST_F(OutOfMemoryDeathTest, CallocPurgeable) { 318 malloc_zone_t* zone = malloc_default_purgeable_zone(); 319 ASSERT_DEATH({ 320 SetUpInDeathAssert(); 321 value_ = malloc_zone_calloc(zone, 1024, test_size_ / 1024L); 322 }, ""); 323} 324 325TEST_F(OutOfMemoryDeathTest, VallocPurgeable) { 326 malloc_zone_t* zone = malloc_default_purgeable_zone(); 327 ASSERT_DEATH({ 328 SetUpInDeathAssert(); 329 value_ = malloc_zone_valloc(zone, test_size_); 330 }, ""); 331} 332 333TEST_F(OutOfMemoryDeathTest, PosixMemalignPurgeable) { 334 malloc_zone_t* zone = malloc_default_purgeable_zone(); 335 ASSERT_DEATH({ 336 SetUpInDeathAssert(); 337 value_ = malloc_zone_memalign(zone, 8, test_size_); 338 }, ""); 339} 340 341// Since these allocation functions take a signed size, it's possible that 342// calling them just once won't be enough to exhaust memory. In the 32-bit 343// environment, it's likely that these allocation attempts will fail because 344// not enough contiguous address space is available. In the 64-bit environment, 345// it's likely that they'll fail because they would require a preposterous 346// amount of (virtual) memory. 347 348TEST_F(OutOfMemoryDeathTest, CFAllocatorSystemDefault) { 349 ASSERT_DEATH({ 350 SetUpInDeathAssert(); 351 while ((value_ = 352 base::AllocateViaCFAllocatorSystemDefault(signed_test_size_))) {} 353 }, ""); 354} 355 356TEST_F(OutOfMemoryDeathTest, CFAllocatorMalloc) { 357 ASSERT_DEATH({ 358 SetUpInDeathAssert(); 359 while ((value_ = 360 base::AllocateViaCFAllocatorMalloc(signed_test_size_))) {} 361 }, ""); 362} 363 364TEST_F(OutOfMemoryDeathTest, CFAllocatorMallocZone) { 365 ASSERT_DEATH({ 366 SetUpInDeathAssert(); 367 while ((value_ = 368 base::AllocateViaCFAllocatorMallocZone(signed_test_size_))) {} 369 }, ""); 370} 371 372#if !defined(ARCH_CPU_64_BITS) 373 374// See process_util_unittest_mac.mm for an explanation of why this test isn't 375// run in the 64-bit environment. 376 377TEST_F(OutOfMemoryDeathTest, PsychoticallyBigObjCObject) { 378 ASSERT_DEATH({ 379 SetUpInDeathAssert(); 380 while ((value_ = base::AllocatePsychoticallyBigObjCObject())) {} 381 }, ""); 382} 383 384#endif // !ARCH_CPU_64_BITS 385#endif // OS_MACOSX 386 387class OutOfMemoryHandledTest : public OutOfMemoryTest { 388 public: 389 static const size_t kSafeMallocSize = 512; 390 static const size_t kSafeCallocSize = 128; 391 static const size_t kSafeCallocItems = 4; 392 393 virtual void SetUp() { 394 OutOfMemoryTest::SetUp(); 395 396 // We enable termination on OOM - just as Chrome does at early 397 // initialization - and test that UncheckedMalloc and UncheckedCalloc 398 // properly by-pass this in order to allow the caller to handle OOM. 399 base::EnableTerminationOnOutOfMemory(); 400 } 401}; 402 403// TODO(b.kelemen): make UncheckedMalloc and UncheckedCalloc work 404// on Windows as well. 405// UncheckedMalloc() and UncheckedCalloc() work as regular malloc()/calloc() 406// under sanitizer tools. 407#if !defined(MEMORY_TOOL_REPLACES_ALLOCATOR) 408TEST_F(OutOfMemoryHandledTest, UncheckedMalloc) { 409#if defined(OS_MACOSX) && ARCH_CPU_32_BITS 410 // The Mavericks malloc library changed in a way which breaks the tricks used 411 // to implement EnableTerminationOnOutOfMemory() with UncheckedMalloc() under 412 // 32-bit. The 64-bit malloc library works as desired without tricks. 413 if (base::mac::IsOSMavericksOrLater()) 414 return; 415#endif 416 EXPECT_TRUE(base::UncheckedMalloc(kSafeMallocSize, &value_)); 417 EXPECT_TRUE(value_ != NULL); 418 free(value_); 419 420 EXPECT_FALSE(base::UncheckedMalloc(test_size_, &value_)); 421 EXPECT_TRUE(value_ == NULL); 422} 423 424TEST_F(OutOfMemoryHandledTest, UncheckedCalloc) { 425#if defined(OS_MACOSX) && ARCH_CPU_32_BITS 426 // The Mavericks malloc library changed in a way which breaks the tricks used 427 // to implement EnableTerminationOnOutOfMemory() with UncheckedCalloc() under 428 // 32-bit. The 64-bit malloc library works as desired without tricks. 429 if (base::mac::IsOSMavericksOrLater()) 430 return; 431#endif 432 EXPECT_TRUE(base::UncheckedCalloc(1, kSafeMallocSize, &value_)); 433 EXPECT_TRUE(value_ != NULL); 434 const char* bytes = static_cast<const char*>(value_); 435 for (size_t i = 0; i < kSafeMallocSize; ++i) 436 EXPECT_EQ(0, bytes[i]); 437 free(value_); 438 439 EXPECT_TRUE( 440 base::UncheckedCalloc(kSafeCallocItems, kSafeCallocSize, &value_)); 441 EXPECT_TRUE(value_ != NULL); 442 bytes = static_cast<const char*>(value_); 443 for (size_t i = 0; i < (kSafeCallocItems * kSafeCallocSize); ++i) 444 EXPECT_EQ(0, bytes[i]); 445 free(value_); 446 447 EXPECT_FALSE(base::UncheckedCalloc(1, test_size_, &value_)); 448 EXPECT_TRUE(value_ == NULL); 449} 450#endif // !defined(MEMORY_TOOL_REPLACES_ALLOCATOR) 451#endif // !defined(OS_ANDROID) && !defined(OS_OPENBSD) && !defined(OS_WIN) 452