asan_noinst_test.cc revision fe6d91684bcda766593800f6307233f1a33d31f6
1a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly//===-- asan_noinst_test.cc -----------------------------------------------===// 2a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// 3a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// The LLVM Compiler Infrastructure 4a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// 5a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// This file is distributed under the University of Illinois Open Source 6a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// License. See LICENSE.TXT for details. 7a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// 8a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly//===----------------------------------------------------------------------===// 9a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// 10a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// This file is a part of AddressSanitizer, an address sanity checker. 11a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// 12a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// This test file should be compiled w/o asan instrumentation. 13a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly//===----------------------------------------------------------------------===// 14a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 15a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include "asan_allocator.h" 16a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include "asan_internal.h" 17a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include "asan_mapping.h" 18a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include "asan_stack.h" 19a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include "asan_test_utils.h" 20a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include "sanitizer/asan_interface.h" 21a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 22a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include <assert.h> 23a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include <stdio.h> 24a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include <stdlib.h> 25a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include <string.h> // for memset() 26a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include <algorithm> 27a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#include <vector> 28a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 29a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// Simple stand-alone pseudorandom number generator. 30a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// Current algorithm is ANSI C linear congruential PRNG. 31a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic inline u32 my_rand(u32* state) { 32a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly return (*state = *state * 1103515245 + 12345) >> 16; 33a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 34a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 35a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic u32 global_seed = 0; 36a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 37a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 38a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizer, InternalSimpleDeathTest) { 39a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(exit(1), ""); 40a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 41a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 42a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic void MallocStress(size_t n) { 43a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly u32 seed = my_rand(&global_seed); 44a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace stack1; 45a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack1.trace[0] = 0xa123; 46a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack1.trace[1] = 0xa456; 47a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack1.size = 2; 48a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 49a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace stack2; 50a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack2.trace[0] = 0xb123; 51a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack2.trace[1] = 0xb456; 52a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack2.size = 2; 53a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 54a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace stack3; 55a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack3.trace[0] = 0xc123; 56a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack3.trace[1] = 0xc456; 57a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack3.size = 2; 58a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 59a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly std::vector<void *> vec; 60a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < n; i++) { 61a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if ((i % 3) == 0) { 62a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (vec.empty()) continue; 63a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t idx = my_rand(&seed) % vec.size(); 64a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly void *ptr = vec[idx]; 65a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly vec[idx] = vec.back(); 66a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly vec.pop_back(); 67a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::asan_free(ptr, &stack1, __asan::FROM_MALLOC); 68a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } else { 69a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t size = my_rand(&seed) % 1000 + 1; 70a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly switch ((my_rand(&seed) % 128)) { 71a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly case 0: size += 1024; break; 72a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly case 1: size += 2048; break; 73a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly case 2: size += 4096; break; 74a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 75a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t alignment = 1 << (my_rand(&seed) % 10 + 1); 76a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *ptr = (char*)__asan::asan_memalign(alignment, size, 77a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly &stack2, __asan::FROM_MALLOC); 78a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly vec.push_back(ptr); 79a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ptr[0] = 0; 80a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ptr[size-1] = 0; 81a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ptr[size/2] = 0; 82a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 83a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 84a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < vec.size(); i++) 85a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::asan_free(vec[i], &stack3, __asan::FROM_MALLOC); 86a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 87a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 88a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 89a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizer, NoInstMallocTest) { 90a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#ifdef __arm__ 91a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly MallocStress(300000); 92a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#else 93a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly MallocStress(1000000); 94a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#endif 95a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 96a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 97a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic void PrintShadow(const char *tag, uptr ptr, size_t size) { 98a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "%s shadow: %lx size % 3ld: ", tag, (long)ptr, (long)size); 99a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly uptr prev_shadow = 0; 100a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (sptr i = -32; i < (sptr)size + 32; i++) { 101a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly uptr shadow = __asan::MemToShadow(ptr + i); 102a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (i == 0 || i == (sptr)size) 103a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "."); 104a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (shadow != prev_shadow) { 105a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly prev_shadow = shadow; 106a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "%02x", (int)*(u8*)shadow); 107a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 108a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 109a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "\n"); 110a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 111a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 112a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizer, DISABLED_InternalPrintShadow) { 113a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t size = 1; size <= 513; size++) { 114a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *ptr = new char[size]; 115a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly PrintShadow("m", (uptr)ptr, size); 116a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly delete [] ptr; 117a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly PrintShadow("f", (uptr)ptr, size); 118a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 119a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 120a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 121a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic uptr pc_array[] = { 122a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#if SANITIZER_WORDSIZE == 64 123a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbf756068ULL, 124a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbf75e5abULL, 125a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc0625b7cULL, 126a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc05b8997ULL, 127a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbf990577ULL, 128a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbf990c56ULL, 129a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbf992f3cULL, 130a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbf950c22ULL, 131a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc036dba0ULL, 132a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc03638a3ULL, 133a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc035be4aULL, 134a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc0539c45ULL, 135a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc0539a65ULL, 136a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc03db9b3ULL, 137a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc03db100ULL, 138a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc037c7b8ULL, 139a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc037bfffULL, 140a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc038b777ULL, 141a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc038021cULL, 142a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc037c7d1ULL, 143a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc037bfffULL, 144a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc038b777ULL, 145a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc038021cULL, 146a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc037c7d1ULL, 147a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc037bfffULL, 148a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc038b777ULL, 149a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc038021cULL, 150a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc037c7d1ULL, 151a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc037bfffULL, 152a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc0520d26ULL, 153a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc009ddffULL, 154a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbf90bb50ULL, 155a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbdddfa69ULL, 156a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbdde1fe2ULL, 157a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbdde2424ULL, 158a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbdde27b3ULL, 159a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbddee53bULL, 160a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbdde1988ULL, 161a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbdde0904ULL, 162a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effc106ce0dULL, 163a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbcc3fa04ULL, 164a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbcc3f6a4ULL, 165a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbcc3e726ULL, 166a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effbcc40852ULL, 167a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7effb681ec4dULL, 168a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#endif // SANITIZER_WORDSIZE 169a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xB0B5E768, 170a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7B682EC1, 171a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x367F9918, 172a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xAE34E13, 173a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xBA0C6C6, 174a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x13250F46, 175a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xA0D6A8AB, 176a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x2B07C1A8, 177a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x6C844F4A, 178a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x2321B53, 179a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x1F3D4F8F, 180a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x3FE2924B, 181a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xB7A2F568, 182a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xBD23950A, 183a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x61020930, 184a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x33E7970C, 185a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x405998A1, 186a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x59F3551D, 187a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x350E3028, 188a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xBC55A28D, 189a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x361F3AED, 190a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xBEAD0F73, 191a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xAEF28479, 192a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x757E971F, 193a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xAEBA450, 194a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x43AD22F5, 195a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x8C2C50C4, 196a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7AD8A2E1, 197a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x69EE4EE8, 198a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xC08DFF, 199a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x4BA6538, 200a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x3708AB2, 201a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xC24B6475, 202a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x7C8890D7, 203a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x6662495F, 204a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x9B641689, 205a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xD3596B, 206a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0xA1049569, 207a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x44CBC16, 208a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 0x4D39C39F 209a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly}; 210a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 211a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellyvoid CompressStackTraceTest(size_t n_iter) { 212a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly u32 seed = my_rand(&global_seed); 213a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const size_t kNumPcs = ARRAY_SIZE(pc_array); 214a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly u32 compressed[2 * kNumPcs]; 215a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 216a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t iter = 0; iter < n_iter; iter++) { 217a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly std::random_shuffle(pc_array, pc_array + kNumPcs); 218a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace stack0, stack1; 219a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack0.CopyFrom(pc_array, kNumPcs); 220a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack0.size = std::max((size_t)1, (size_t)(my_rand(&seed) % stack0.size)); 221a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t compress_size = 222a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly std::max((size_t)2, (size_t)my_rand(&seed) % (2 * kNumPcs)); 223a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t n_frames = 224a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace::CompressStack(&stack0, compressed, compress_size); 225a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly Ident(n_frames); 226a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly assert(n_frames <= stack0.size); 227a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace::UncompressStack(&stack1, compressed, compress_size); 228a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly assert(stack1.size == n_frames); 229a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < stack1.size; i++) { 230a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly assert(stack0.trace[i] == stack1.trace[i]); 231a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 232a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 233a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 234a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 235a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizer, CompressStackTraceTest) { 236a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly CompressStackTraceTest(10000); 237a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 238a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 239a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellyvoid CompressStackTraceBenchmark(size_t n_iter) { 240a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const size_t kNumPcs = ARRAY_SIZE(pc_array); 241a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly u32 compressed[2 * kNumPcs]; 242a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly std::random_shuffle(pc_array, pc_array + kNumPcs); 243a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 244a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace stack0; 245a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack0.CopyFrom(pc_array, kNumPcs); 246a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack0.size = kNumPcs; 247a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t iter = 0; iter < n_iter; iter++) { 248a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t compress_size = kNumPcs; 249a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t n_frames = 250a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace::CompressStack(&stack0, compressed, compress_size); 251a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly Ident(n_frames); 252a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 253a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 254a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 255a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizer, CompressStackTraceBenchmark) { 256a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly CompressStackTraceBenchmark(1 << 24); 257a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 258a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 259a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizer, QuarantineTest) { 260a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace stack; 261a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack.trace[0] = 0x890; 262a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack.size = 1; 263a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 264a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const int size = 32; 265a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly void *p = __asan::asan_malloc(size, &stack); 266a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::asan_free(p, &stack, __asan::FROM_MALLOC); 267a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t i; 268a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t max_i = 1 << 30; 269a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (i = 0; i < max_i; i++) { 270a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly void *p1 = __asan::asan_malloc(size, &stack); 271a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::asan_free(p1, &stack, __asan::FROM_MALLOC); 272a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (p1 == p) break; 273a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 274a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // fprintf(stderr, "i=%ld\n", i); 275a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_GE(i, 100000U); 276a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_LT(i, max_i); 277a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 278a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 279a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellyvoid *ThreadedQuarantineTestWorker(void *unused) { 280a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly (void)unused; 281a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly u32 seed = my_rand(&global_seed); 282a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace stack; 283a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack.trace[0] = 0x890; 284a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack.size = 1; 285a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 286a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < 1000; i++) { 287a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly void *p = __asan::asan_malloc(1 + (my_rand(&seed) % 4000), &stack); 288a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::asan_free(p, &stack, __asan::FROM_MALLOC); 289a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 290a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly return NULL; 291a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 292a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 293a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// Check that the thread local allocators are flushed when threads are 294a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// destroyed. 295a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizer, ThreadedQuarantineTest) { 296a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const int n_threads = 3000; 297a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t mmaped1 = __asan_get_heap_size(); 298a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (int i = 0; i < n_threads; i++) { 299a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly pthread_t t; 300a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly PTHREAD_CREATE(&t, NULL, ThreadedQuarantineTestWorker, 0); 301a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly PTHREAD_JOIN(t, 0); 302a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t mmaped2 = __asan_get_heap_size(); 303a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_LT(mmaped2 - mmaped1, 320U * (1 << 20)); 304a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 305a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 306a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 307a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellyvoid *ThreadedOneSizeMallocStress(void *unused) { 308a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly (void)unused; 309a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::StackTrace stack; 310a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack.trace[0] = 0x890; 311a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly stack.size = 1; 312a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const size_t kNumMallocs = 1000; 313a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (int iter = 0; iter < 1000; iter++) { 314a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly void *p[kNumMallocs]; 315a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < kNumMallocs; i++) { 316a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly p[i] = __asan::asan_malloc(32, &stack); 317a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 318a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < kNumMallocs; i++) { 319a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan::asan_free(p[i], &stack, __asan::FROM_MALLOC); 320a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 321a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 322a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly return NULL; 323a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 324a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 325a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizer, ThreadedOneSizeMallocStressTest) { 326a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const int kNumThreads = 4; 327a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly pthread_t t[kNumThreads]; 328a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (int i = 0; i < kNumThreads; i++) { 329a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly PTHREAD_CREATE(&t[i], 0, ThreadedOneSizeMallocStress, 0); 330a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 331a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (int i = 0; i < kNumThreads; i++) { 332a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly PTHREAD_JOIN(t[i], 0); 333a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 334a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 335a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 336a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizer, MemsetWildAddressTest) { 337a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly typedef void*(*memset_p)(void*, int, size_t); 338a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Prevent inlining of memset(). 339a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly volatile memset_p libc_memset = (memset_p)memset; 340a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(libc_memset((void*)(kLowShadowBeg + 200), 0, 100), 341a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly "unknown-crash.*low shadow"); 342a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(libc_memset((void*)(kShadowGapBeg + 200), 0, 100), 343a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly "unknown-crash.*shadow gap"); 344a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(libc_memset((void*)(kHighShadowBeg + 200), 0, 100), 345a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly "unknown-crash.*high shadow"); 346a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 347a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 348a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, GetEstimatedAllocatedSize) { 349a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#if ASAN_ALLOCATOR_VERSION == 1 350a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(1U, __asan_get_estimated_allocated_size(0)); 351a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#elif ASAN_ALLOCATOR_VERSION == 2 352a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(0U, __asan_get_estimated_allocated_size(0)); 353a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#endif 354a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const size_t sizes[] = { 1, 30, 1<<30 }; 355a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < 3; i++) { 356a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(sizes[i], __asan_get_estimated_allocated_size(sizes[i])); 357a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 358a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 359a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 360a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic const char* kGetAllocatedSizeErrorMsg = 361a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly "attempting to call __asan_get_allocated_size()"; 362a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 363a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, GetAllocatedSizeAndOwnershipTest) { 364a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const size_t kArraySize = 100; 365a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *array = Ident((char*)malloc(kArraySize)); 366a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly int *int_ptr = Ident(new int); 367a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 368a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Allocated memory is owned by allocator. Allocated size should be 369a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // equal to requested size. 370a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(true, __asan_get_ownership(array)); 371a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(kArraySize, __asan_get_allocated_size(array)); 372a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(true, __asan_get_ownership(int_ptr)); 373a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(sizeof(int), __asan_get_allocated_size(int_ptr)); 374a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 375a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // We cannot call GetAllocatedSize from the memory we didn't map, 376a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // and from the interior pointers (not returned by previous malloc). 377a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly void *wild_addr = (void*)0x1; 378a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_FALSE(__asan_get_ownership(wild_addr)); 379a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(__asan_get_allocated_size(wild_addr), kGetAllocatedSizeErrorMsg); 380a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_FALSE(__asan_get_ownership(array + kArraySize / 2)); 381a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(__asan_get_allocated_size(array + kArraySize / 2), 382a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly kGetAllocatedSizeErrorMsg); 383a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 384a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // NULL is not owned, but is a valid argument for __asan_get_allocated_size(). 385a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_FALSE(__asan_get_ownership(NULL)); 386a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(0U, __asan_get_allocated_size(NULL)); 387a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 388a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // When memory is freed, it's not owned, and call to GetAllocatedSize 389a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // is forbidden. 390a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(array); 391a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_FALSE(__asan_get_ownership(array)); 392a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(__asan_get_allocated_size(array), kGetAllocatedSizeErrorMsg); 393a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 394a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly delete int_ptr; 395a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 396a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 397a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, GetCurrentAllocatedBytesTest) { 398a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t before_malloc, after_malloc, after_free; 399a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *array; 400a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const size_t kMallocSize = 100; 401a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly before_malloc = __asan_get_current_allocated_bytes(); 402a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 403a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly array = Ident((char*)malloc(kMallocSize)); 404a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly after_malloc = __asan_get_current_allocated_bytes(); 405a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(before_malloc + kMallocSize, after_malloc); 406a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 407a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(array); 408a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly after_free = __asan_get_current_allocated_bytes(); 409a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(before_malloc, after_free); 410a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 411a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 412a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic void DoDoubleFree() { 413a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly int *x = Ident(new int); 414a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly delete Ident(x); 415a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly delete Ident(x); 416a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 417a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 418a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#if ASAN_ALLOCATOR_VERSION == 1 419a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// This test is run in a separate process, so that large malloced 420a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// chunk won't remain in the free lists after the test. 421a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// Note: use ASSERT_* instead of EXPECT_* here. 422a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic void RunGetHeapSizeTestAndDie() { 423a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t old_heap_size, new_heap_size, heap_growth; 424a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // We unlikely have have chunk of this size in free list. 425a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly static const size_t kLargeMallocSize = 1 << 29; // 512M 426a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly old_heap_size = __asan_get_heap_size(); 427a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "allocating %zu bytes:\n", kLargeMallocSize); 428a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(Ident(malloc(kLargeMallocSize))); 429a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly new_heap_size = __asan_get_heap_size(); 430a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly heap_growth = new_heap_size - old_heap_size; 431a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "heap growth after first malloc: %zu\n", heap_growth); 432a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASSERT_GE(heap_growth, kLargeMallocSize); 433a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASSERT_LE(heap_growth, 2 * kLargeMallocSize); 434a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 435a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Now large chunk should fall into free list, and can be 436a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // allocated without increasing heap size. 437a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly old_heap_size = new_heap_size; 438a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(Ident(malloc(kLargeMallocSize))); 439a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly heap_growth = __asan_get_heap_size() - old_heap_size; 440a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "heap growth after second malloc: %zu\n", heap_growth); 441a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASSERT_LT(heap_growth, kLargeMallocSize); 442a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 443a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Test passed. Now die with expected double-free. 444a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly DoDoubleFree(); 445a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 446a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 447a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, GetHeapSizeTest) { 448a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(RunGetHeapSizeTestAndDie(), "double-free"); 449a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 450a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#elif ASAN_ALLOCATOR_VERSION == 2 451a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, GetHeapSizeTest) { 452a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // asan_allocator2 does not keep huge chunks in free list, but unmaps them. 453a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // The chunk should be greater than the quarantine size, 454a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // otherwise it will be stuck in quarantine instead of being unmaped. 455a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly static const size_t kLargeMallocSize = 1 << 28; // 256M 456a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly uptr old_heap_size = __asan_get_heap_size(); 457a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (int i = 0; i < 3; i++) { 458a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // fprintf(stderr, "allocating %zu bytes:\n", kLargeMallocSize); 459a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(Ident(malloc(kLargeMallocSize))); 460a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(old_heap_size, __asan_get_heap_size()); 461a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 462a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 463a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#endif 464a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 465a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// Note: use ASSERT_* instead of EXPECT_* here. 466a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic void DoLargeMallocForGetFreeBytesTestAndDie() { 467a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#if ASAN_ALLOCATOR_VERSION == 1 468a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // asan_allocator2 does not keep large chunks in free_lists, so this test 469a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // will not work. 470a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t old_free_bytes, new_free_bytes; 471a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly static const size_t kLargeMallocSize = 1 << 29; // 512M 472a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // If we malloc and free a large memory chunk, it will not fall 473a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // into quarantine and will be available for future requests. 474a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly old_free_bytes = __asan_get_free_bytes(); 475a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "allocating %zu bytes:\n", kLargeMallocSize); 476a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "free bytes before malloc: %zu\n", old_free_bytes); 477a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(Ident(malloc(kLargeMallocSize))); 478a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly new_free_bytes = __asan_get_free_bytes(); 479a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "free bytes after malloc and free: %zu\n", new_free_bytes); 480a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASSERT_GE(new_free_bytes, old_free_bytes + kLargeMallocSize); 481a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#endif // ASAN_ALLOCATOR_VERSION 482a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Test passed. 483a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly DoDoubleFree(); 484a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 485a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 486a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, GetFreeBytesTest) { 487a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Allocate a small chunk. Now allocator probably has a lot of these 488a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // chunks to fulfill future requests. So, future requests will decrease 489a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // the number of free bytes. Do this only on systems where there 490a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // is enough memory for such assumptions. 491a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (SANITIZER_WORDSIZE == 64 && !ASAN_LOW_MEMORY) { 492a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly static const size_t kNumOfChunks = 100; 493a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly static const size_t kChunkSize = 100; 494a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *chunks[kNumOfChunks]; 495a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t i; 496a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t old_free_bytes, new_free_bytes; 497a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly chunks[0] = Ident((char*)malloc(kChunkSize)); 498a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly old_free_bytes = __asan_get_free_bytes(); 499a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (i = 1; i < kNumOfChunks; i++) { 500a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly chunks[i] = Ident((char*)malloc(kChunkSize)); 501a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly new_free_bytes = __asan_get_free_bytes(); 502a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_LT(new_free_bytes, old_free_bytes); 503a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly old_free_bytes = new_free_bytes; 504a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 505a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (i = 0; i < kNumOfChunks; i++) 506a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(chunks[i]); 507a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 508a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(DoLargeMallocForGetFreeBytesTestAndDie(), "double-free"); 509a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 510a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 511a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic const size_t kManyThreadsMallocSizes[] = {5, 1UL<<10, 1UL<<20, 357}; 512a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic const size_t kManyThreadsIterations = 250; 513a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic const size_t kManyThreadsNumThreads = 514a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly (SANITIZER_WORDSIZE == 32) ? 40 : 200; 515a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 516a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellyvoid *ManyThreadsWithStatsWorker(void *arg) { 517a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly (void)arg; 518a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t iter = 0; iter < kManyThreadsIterations; iter++) { 519a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t size_index = 0; size_index < 4; size_index++) { 520a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(Ident(malloc(kManyThreadsMallocSizes[size_index]))); 521a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 522a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 523a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly return 0; 524a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 525a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 526a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, ManyThreadsWithStatsStressTest) { 527a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t before_test, after_test, i; 528a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly pthread_t threads[kManyThreadsNumThreads]; 529a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly before_test = __asan_get_current_allocated_bytes(); 530a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (i = 0; i < kManyThreadsNumThreads; i++) { 531a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly PTHREAD_CREATE(&threads[i], 0, 532a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly (void* (*)(void *x))ManyThreadsWithStatsWorker, (void*)i); 533a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 534a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (i = 0; i < kManyThreadsNumThreads; i++) { 535a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly PTHREAD_JOIN(threads[i], 0); 536a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 537a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly after_test = __asan_get_current_allocated_bytes(); 538a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // ASan stats also reflect memory usage of internal ASan RTL structs, 539a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // so we can't check for equality here. 540a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_LT(after_test, before_test + (1UL<<20)); 541a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 542a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 543a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, ExitCode) { 544a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly int original_exit_code = __asan_set_error_exit_code(7); 545a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EXIT(DoDoubleFree(), ::testing::ExitedWithCode(7), ""); 546a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(7, __asan_set_error_exit_code(8)); 547a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EXIT(DoDoubleFree(), ::testing::ExitedWithCode(8), ""); 548a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(8, __asan_set_error_exit_code(original_exit_code)); 549a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EXIT(DoDoubleFree(), 550a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ::testing::ExitedWithCode(original_exit_code), ""); 551a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 552a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 553a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic void MyDeathCallback() { 554a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly fprintf(stderr, "MyDeathCallback\n"); 555a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 556a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 557a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, DeathCallbackTest) { 558a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_set_death_callback(MyDeathCallback); 559a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(DoDoubleFree(), "MyDeathCallback"); 560a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_set_death_callback(NULL); 561a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 562a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 563a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic const char* kUseAfterPoisonErrorMessage = "use-after-poison"; 564a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 565a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#define GOOD_ACCESS(ptr, offset) \ 566a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_FALSE(__asan::AddressIsPoisoned((uptr)(ptr + offset))) 567a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 568a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly#define BAD_ACCESS(ptr, offset) \ 569a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_TRUE(__asan::AddressIsPoisoned((uptr)(ptr + offset))) 570a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 571a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, SimplePoisonMemoryRegionTest) { 572a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *array = Ident((char*)malloc(120)); 573a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // poison array[40..80) 574a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(array + 40, 40); 575a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly GOOD_ACCESS(array, 39); 576a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly GOOD_ACCESS(array, 80); 577a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(array, 40); 578a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(array, 60); 579a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(array, 79); 580a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(__asan_report_error(0, 0, 0, (uptr)(array + 40), true, 1), 581a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly kUseAfterPoisonErrorMessage); 582a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_unpoison_memory_region(array + 40, 40); 583a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // access previously poisoned memory. 584a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly GOOD_ACCESS(array, 40); 585a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly GOOD_ACCESS(array, 79); 586a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(array); 587a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 588a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 589a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, OverlappingPoisonMemoryRegionTest) { 590a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *array = Ident((char*)malloc(120)); 591a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Poison [0..40) and [80..120) 592a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(array, 40); 593a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(array + 80, 40); 594a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(array, 20); 595a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly GOOD_ACCESS(array, 60); 596a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(array, 100); 597a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Poison whole array - [0..120) 598a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(array, 120); 599a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(array, 60); 600a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Unpoison [24..96) 601a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_unpoison_memory_region(array + 24, 72); 602a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(array, 23); 603a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly GOOD_ACCESS(array, 24); 604a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly GOOD_ACCESS(array, 60); 605a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly GOOD_ACCESS(array, 95); 606a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(array, 96); 607a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(array); 608a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 609a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 610a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, PushAndPopWithPoisoningTest) { 611a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Vector of capacity 20 612a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *vec = Ident((char*)malloc(20)); 613a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(vec, 20); 614a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < 7; i++) { 615a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Simulate push_back. 616a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_unpoison_memory_region(vec + i, 1); 617a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly GOOD_ACCESS(vec, i); 618a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(vec, i + 1); 619a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 620a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 7; i > 0; i--) { 621a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Simulate pop_back. 622a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(vec + i - 1, 1); 623a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly BAD_ACCESS(vec, i - 1); 624a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (i > 1) GOOD_ACCESS(vec, i - 2); 625a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 626a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(vec); 627a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 628a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 629a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// Make sure that each aligned block of size "2^granularity" doesn't have 630a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly// "true" value before "false" value. 631a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic void MakeShadowValid(bool *shadow, int length, int granularity) { 632a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly bool can_be_poisoned = true; 633a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (int i = length - 1; i >= 0; i--) { 634a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (!shadow[i]) 635a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly can_be_poisoned = false; 636a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (!can_be_poisoned) 637a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly shadow[i] = false; 638a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (i % (1 << granularity) == 0) { 639a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly can_be_poisoned = true; 640a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 641a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 642a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 643a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 644a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, PoisoningStressTest) { 645a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const size_t kSize = 24; 646a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly bool expected[kSize]; 647a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *arr = Ident((char*)malloc(kSize)); 648a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t l1 = 0; l1 < kSize; l1++) { 649a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t s1 = 1; l1 + s1 <= kSize; s1++) { 650a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t l2 = 0; l2 < kSize; l2++) { 651a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t s2 = 1; l2 + s2 <= kSize; s2++) { 652a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Poison [l1, l1+s1), [l2, l2+s2) and check result. 653a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_unpoison_memory_region(arr, kSize); 654a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(arr + l1, s1); 655a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(arr + l2, s2); 656a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly memset(expected, false, kSize); 657a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly memset(expected + l1, true, s1); 658a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly MakeShadowValid(expected, kSize, /*granularity*/ 3); 659a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly memset(expected + l2, true, s2); 660a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly MakeShadowValid(expected, kSize, /*granularity*/ 3); 661a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < kSize; i++) { 662a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASSERT_EQ(expected[i], __asan_address_is_poisoned(arr + i)); 663a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 664a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Unpoison [l1, l1+s1) and [l2, l2+s2) and check result. 665a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(arr, kSize); 666a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_unpoison_memory_region(arr + l1, s1); 667a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_unpoison_memory_region(arr + l2, s2); 668a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly memset(expected, true, kSize); 669a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly memset(expected + l1, false, s1); 670a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly MakeShadowValid(expected, kSize, /*granularity*/ 3); 671a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly memset(expected + l2, false, s2); 672a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly MakeShadowValid(expected, kSize, /*granularity*/ 3); 673a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < kSize; i++) { 674a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASSERT_EQ(expected[i], __asan_address_is_poisoned(arr + i)); 675a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 676a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 677a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 678a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 679a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 680a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 681a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 682a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic const char *kInvalidPoisonMessage = "invalid-poison-memory-range"; 683a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic const char *kInvalidUnpoisonMessage = "invalid-unpoison-memory-range"; 684a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 685a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, DISABLED_InvalidPoisonAndUnpoisonCallsTest) { 686a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly char *array = Ident((char*)malloc(120)); 687a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_unpoison_memory_region(array, 120); 688a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Try to unpoison not owned memory 689a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(__asan_unpoison_memory_region(array, 121), 690a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly kInvalidUnpoisonMessage); 691a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(__asan_unpoison_memory_region(array - 1, 120), 692a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly kInvalidUnpoisonMessage); 693a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 694a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_poison_memory_region(array, 120); 695a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly // Try to poison not owned memory. 696a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(__asan_poison_memory_region(array, 121), kInvalidPoisonMessage); 697a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(__asan_poison_memory_region(array - 1, 120), 698a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly kInvalidPoisonMessage); 699a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(array); 700a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 701a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 702a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pellystatic void ErrorReportCallbackOneToZ(const char *report) { 703a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly int report_len = strlen(report); 704a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASSERT_EQ(6, write(2, "ABCDEF", 6)); 705a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASSERT_EQ(report_len, write(2, report, report_len)); 706a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASSERT_EQ(6, write(2, "ABCDEF", 6)); 707a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly _exit(1); 708a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 709a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 710a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, SetErrorReportCallbackTest) { 711a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_set_error_report_callback(ErrorReportCallbackOneToZ); 712a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_DEATH(__asan_report_error(0, 0, 0, 0, true, 1), 713a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly ASAN_PCRE_DOTALL "ABCDEF.*AddressSanitizer.*WRITE.*ABCDEF"); 714a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly __asan_set_error_report_callback(NULL); 715a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 716a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly 717a5086a29ed4333070c7488765c22b6d3a8eef296Nick PellyTEST(AddressSanitizerInterface, GetOwnershipStressTest) { 718a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly std::vector<char *> pointers; 719a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly std::vector<size_t> sizes; 720a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly if (ASAN_ALLOCATOR_VERSION == 2 && SANITIZER_WORDSIZE == 32) 721a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly return; // FIXME: this is too slow. 722a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly const size_t kNumMallocs = 723a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly (SANITIZER_WORDSIZE <= 32 || ASAN_LOW_MEMORY) ? 1 << 10 : 1 << 14; 724a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < kNumMallocs; i++) { 725a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t size = i * 100 + 1; 726a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly pointers.push_back((char*)malloc(size)); 727a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly sizes.push_back(size); 728a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 729a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0; i < 4000000; i++) { 730a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_FALSE(__asan_get_ownership(&pointers)); 731a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_FALSE(__asan_get_ownership((void*)0x1234)); 732a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly size_t idx = i % kNumMallocs; 733a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_TRUE(__asan_get_ownership(pointers[idx])); 734a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly EXPECT_EQ(sizes[idx], __asan_get_allocated_size(pointers[idx])); 735a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly } 736a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly for (size_t i = 0, n = pointers.size(); i < n; i++) 737a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly free(pointers[i]); 738a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly} 739a5086a29ed4333070c7488765c22b6d3a8eef296Nick Pelly