1#include "test/jemalloc_test.h"
2
3#ifdef JEMALLOC_FILL
4#  ifndef JEMALLOC_TEST_JUNK_OPT
5#    define JEMALLOC_TEST_JUNK_OPT "junk:true"
6#  endif
7const char *malloc_conf =
8    "abort:false,zero:false,redzone:true,quarantine:0," JEMALLOC_TEST_JUNK_OPT;
9#endif
10
11static arena_dalloc_junk_small_t *arena_dalloc_junk_small_orig;
12static arena_dalloc_junk_large_t *arena_dalloc_junk_large_orig;
13static huge_dalloc_junk_t *huge_dalloc_junk_orig;
14static void *watch_for_junking;
15static bool saw_junking;
16
17static void
18watch_junking(void *p)
19{
20
21	watch_for_junking = p;
22	saw_junking = false;
23}
24
25static void
26arena_dalloc_junk_small_intercept(void *ptr, arena_bin_info_t *bin_info)
27{
28	size_t i;
29
30	arena_dalloc_junk_small_orig(ptr, bin_info);
31	for (i = 0; i < bin_info->reg_size; i++) {
32		assert_u_eq(((uint8_t *)ptr)[i], JEMALLOC_FREE_JUNK,
33		    "Missing junk fill for byte %zu/%zu of deallocated region",
34		    i, bin_info->reg_size);
35	}
36	if (ptr == watch_for_junking)
37		saw_junking = true;
38}
39
40static void
41arena_dalloc_junk_large_intercept(void *ptr, size_t usize)
42{
43	size_t i;
44
45	arena_dalloc_junk_large_orig(ptr, usize);
46	for (i = 0; i < usize; i++) {
47		assert_u_eq(((uint8_t *)ptr)[i], JEMALLOC_FREE_JUNK,
48		    "Missing junk fill for byte %zu/%zu of deallocated region",
49		    i, usize);
50	}
51	if (ptr == watch_for_junking)
52		saw_junking = true;
53}
54
55static void
56huge_dalloc_junk_intercept(void *ptr, size_t usize)
57{
58
59	huge_dalloc_junk_orig(ptr, usize);
60	/*
61	 * The conditions under which junk filling actually occurs are nuanced
62	 * enough that it doesn't make sense to duplicate the decision logic in
63	 * test code, so don't actually check that the region is junk-filled.
64	 */
65	if (ptr == watch_for_junking)
66		saw_junking = true;
67}
68
69static void
70test_junk(size_t sz_min, size_t sz_max)
71{
72	uint8_t *s;
73	size_t sz_prev, sz, i;
74
75	if (opt_junk_free) {
76		arena_dalloc_junk_small_orig = arena_dalloc_junk_small;
77		arena_dalloc_junk_small = arena_dalloc_junk_small_intercept;
78		arena_dalloc_junk_large_orig = arena_dalloc_junk_large;
79		arena_dalloc_junk_large = arena_dalloc_junk_large_intercept;
80		huge_dalloc_junk_orig = huge_dalloc_junk;
81		huge_dalloc_junk = huge_dalloc_junk_intercept;
82	}
83
84	sz_prev = 0;
85	s = (uint8_t *)mallocx(sz_min, 0);
86	assert_ptr_not_null((void *)s, "Unexpected mallocx() failure");
87
88	for (sz = sallocx(s, 0); sz <= sz_max;
89	    sz_prev = sz, sz = sallocx(s, 0)) {
90		if (sz_prev > 0) {
91			assert_u_eq(s[0], 'a',
92			    "Previously allocated byte %zu/%zu is corrupted",
93			    ZU(0), sz_prev);
94			assert_u_eq(s[sz_prev-1], 'a',
95			    "Previously allocated byte %zu/%zu is corrupted",
96			    sz_prev-1, sz_prev);
97		}
98
99		for (i = sz_prev; i < sz; i++) {
100			if (opt_junk_alloc) {
101				assert_u_eq(s[i], JEMALLOC_ALLOC_JUNK,
102				    "Newly allocated byte %zu/%zu isn't "
103				    "junk-filled", i, sz);
104			}
105			s[i] = 'a';
106		}
107
108		if (xallocx(s, sz+1, 0, 0) == sz) {
109			watch_junking(s);
110			s = (uint8_t *)rallocx(s, sz+1, 0);
111			assert_ptr_not_null((void *)s,
112			    "Unexpected rallocx() failure");
113			assert_true(!opt_junk_free || saw_junking,
114			    "Expected region of size %zu to be junk-filled",
115			    sz);
116		}
117	}
118
119	watch_junking(s);
120	dallocx(s, 0);
121	assert_true(!opt_junk_free || saw_junking,
122	    "Expected region of size %zu to be junk-filled", sz);
123
124	if (opt_junk_free) {
125		arena_dalloc_junk_small = arena_dalloc_junk_small_orig;
126		arena_dalloc_junk_large = arena_dalloc_junk_large_orig;
127		huge_dalloc_junk = huge_dalloc_junk_orig;
128	}
129}
130
131TEST_BEGIN(test_junk_small)
132{
133
134	test_skip_if(!config_fill);
135	test_junk(1, SMALL_MAXCLASS-1);
136}
137TEST_END
138
139TEST_BEGIN(test_junk_large)
140{
141
142	test_skip_if(!config_fill);
143	test_junk(SMALL_MAXCLASS+1, large_maxclass);
144}
145TEST_END
146
147TEST_BEGIN(test_junk_huge)
148{
149
150	test_skip_if(!config_fill);
151	test_junk(large_maxclass+1, chunksize*2);
152}
153TEST_END
154
155arena_ralloc_junk_large_t *arena_ralloc_junk_large_orig;
156static void *most_recently_trimmed;
157
158static size_t
159shrink_size(size_t size)
160{
161	size_t shrink_size;
162
163	for (shrink_size = size - 1; nallocx(shrink_size, 0) == size;
164	    shrink_size--)
165		; /* Do nothing. */
166
167	return (shrink_size);
168}
169
170static void
171arena_ralloc_junk_large_intercept(void *ptr, size_t old_usize, size_t usize)
172{
173
174	arena_ralloc_junk_large_orig(ptr, old_usize, usize);
175	assert_zu_eq(old_usize, large_maxclass, "Unexpected old_usize");
176	assert_zu_eq(usize, shrink_size(large_maxclass), "Unexpected usize");
177	most_recently_trimmed = ptr;
178}
179
180TEST_BEGIN(test_junk_large_ralloc_shrink)
181{
182	void *p1, *p2;
183
184	p1 = mallocx(large_maxclass, 0);
185	assert_ptr_not_null(p1, "Unexpected mallocx() failure");
186
187	arena_ralloc_junk_large_orig = arena_ralloc_junk_large;
188	arena_ralloc_junk_large = arena_ralloc_junk_large_intercept;
189
190	p2 = rallocx(p1, shrink_size(large_maxclass), 0);
191	assert_ptr_eq(p1, p2, "Unexpected move during shrink");
192
193	arena_ralloc_junk_large = arena_ralloc_junk_large_orig;
194
195	assert_ptr_eq(most_recently_trimmed, p1,
196	    "Expected trimmed portion of region to be junk-filled");
197}
198TEST_END
199
200static bool detected_redzone_corruption;
201
202static void
203arena_redzone_corruption_replacement(void *ptr, size_t usize, bool after,
204    size_t offset, uint8_t byte)
205{
206
207	detected_redzone_corruption = true;
208}
209
210TEST_BEGIN(test_junk_redzone)
211{
212	char *s;
213	arena_redzone_corruption_t *arena_redzone_corruption_orig;
214
215	test_skip_if(!config_fill);
216	test_skip_if(!opt_junk_alloc || !opt_junk_free);
217
218	arena_redzone_corruption_orig = arena_redzone_corruption;
219	arena_redzone_corruption = arena_redzone_corruption_replacement;
220
221	/* Test underflow. */
222	detected_redzone_corruption = false;
223	s = (char *)mallocx(1, 0);
224	assert_ptr_not_null((void *)s, "Unexpected mallocx() failure");
225	s[-1] = 0xbb;
226	dallocx(s, 0);
227	assert_true(detected_redzone_corruption,
228	    "Did not detect redzone corruption");
229
230	/* Test overflow. */
231	detected_redzone_corruption = false;
232	s = (char *)mallocx(1, 0);
233	assert_ptr_not_null((void *)s, "Unexpected mallocx() failure");
234	s[sallocx(s, 0)] = 0xbb;
235	dallocx(s, 0);
236	assert_true(detected_redzone_corruption,
237	    "Did not detect redzone corruption");
238
239	arena_redzone_corruption = arena_redzone_corruption_orig;
240}
241TEST_END
242
243int
244main(void)
245{
246
247	return (test(
248	    test_junk_small,
249	    test_junk_large,
250	    test_junk_huge,
251	    test_junk_large_ralloc_shrink,
252	    test_junk_redzone));
253}
254