1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #define _CRT_SECURE_NO_WARNINGS
7 #include "base/process/memory.h"
11 #include "base/compiler_specific.h"
12 #include "base/debug/alias.h"
13 #include "base/strings/stringprintf.h"
14 #include "testing/gtest/include/gtest/gtest.h"
22 #if defined(OS_MACOSX)
23 #include <malloc/malloc.h>
24 #include "base/mac/mac_util.h"
25 #include "base/process/memory_unittest_mac.h"
32 // HeapQueryInformation function pointer.
33 typedef BOOL (WINAPI* HeapQueryFn) \
34 (HANDLE, HEAP_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
36 const int kConstantInModule = 42;
38 TEST(ProcessMemoryTest, GetModuleFromAddress) {
39 // Since the unit tests are their own EXE, this should be
40 // equivalent to the EXE's HINSTANCE.
42 // kConstantInModule is a constant in this file and
43 // therefore within the unit test EXE.
44 EXPECT_EQ(::GetModuleHandle(NULL),
45 base::GetModuleFromAddress(
46 const_cast<int*>(&kConstantInModule)));
48 // Any address within the kernel32 module should return
49 // kernel32's HMODULE. Our only assumption here is that
50 // kernel32 is larger than 4 bytes.
51 HMODULE kernel32 = ::GetModuleHandle(L"kernel32.dll");
52 HMODULE kernel32_from_address =
53 base::GetModuleFromAddress(reinterpret_cast<DWORD*>(kernel32) + 1);
54 EXPECT_EQ(kernel32, kernel32_from_address);
57 TEST(ProcessMemoryTest, EnableLFH) {
58 ASSERT_TRUE(base::EnableLowFragmentationHeap());
59 if (IsDebuggerPresent()) {
60 // Under these conditions, LFH can't be enabled. There's no point to test
62 const char* no_debug_env = getenv("_NO_DEBUG_HEAP");
63 if (!no_debug_env || strcmp(no_debug_env, "1"))
66 HMODULE kernel32 = GetModuleHandle(L"kernel32.dll");
67 ASSERT_TRUE(kernel32 != NULL);
68 HeapQueryFn heap_query = reinterpret_cast<HeapQueryFn>(GetProcAddress(
70 "HeapQueryInformation"));
72 // On Windows 2000, the function is not exported. This is not a reason to
73 // fail but we won't be able to retrieves information about the heap, so we
75 if (heap_query == NULL)
78 HANDLE heaps[1024] = { 0 };
79 unsigned number_heaps = GetProcessHeaps(1024, heaps);
80 EXPECT_GT(number_heaps, 0u);
81 for (unsigned i = 0; i < number_heaps; ++i) {
84 ASSERT_NE(0, heap_query(heaps[i],
85 HeapCompatibilityInformation,
89 // If flag is 0, the heap is a standard heap that does not support
90 // look-asides. If flag is 1, the heap supports look-asides. If flag is 2,
91 // the heap is a low-fragmentation heap (LFH). Note that look-asides are not
92 // supported on the LFH.
94 // We don't have any documented way of querying the HEAP_NO_SERIALIZE flag.
99 #endif // defined(OS_WIN)
101 #if defined(OS_MACOSX)
103 // For the following Mac tests:
104 // Note that base::EnableTerminationOnHeapCorruption() is called as part of
105 // test suite setup and does not need to be done again, else mach_override
108 #if !defined(ADDRESS_SANITIZER)
109 // The following code tests the system implementation of malloc() thus no need
110 // to test it under AddressSanitizer.
111 TEST(ProcessMemoryTest, MacMallocFailureDoesNotTerminate) {
113 // The Mavericks malloc library changed in a way which breaks the tricks used
114 // to implement EnableTerminationOnOutOfMemory() with UncheckedMalloc() under
115 // 32-bit. Under 64-bit the oom_killer code handles this.
116 if (base::mac::IsOSMavericksOrLater())
120 // Test that ENOMEM doesn't crash via CrMallocErrorBreak two ways: the exit
121 // code and lack of the error string. The number of bytes is one less than
122 // MALLOC_ABSOLUTE_MAX_SIZE, more than which the system early-returns NULL and
123 // does not call through malloc_error_break(). See the comment at
124 // EnableTerminationOnOutOfMemory() for more information.
128 base::EnableTerminationOnOutOfMemory();
130 buf = malloc(std::numeric_limits<size_t>::max() - (2 * PAGE_SIZE) - 1);
132 testing::KilledBySignal(SIGTRAP),
133 "\\*\\*\\* error: can't allocate region.*\\n?.*");
135 base::debug::Alias(buf);
137 #endif // !defined(ADDRESS_SANITIZER)
139 TEST(ProcessMemoryTest, MacTerminateOnHeapCorruption) {
140 // Assert that freeing an unallocated pointer will crash the process.
142 asm("" : "=r" (buf)); // Prevent clang from being too smart.
144 // On 64 bit Macs, the malloc system automatically abort()s on heap corruption
145 // but does not output anything.
146 ASSERT_DEATH(free(buf), "");
147 #elif defined(ADDRESS_SANITIZER)
148 // AddressSanitizer replaces malloc() and prints a different error message on
150 ASSERT_DEATH(free(buf), "attempting free on address which "
151 "was not malloc\\(\\)-ed");
153 ASSERT_DEATH(free(buf), "being freed.*\\n?\\.*"
154 "\\*\\*\\* set a breakpoint in malloc_error_break to debug.*\\n?.*"
155 "Terminating process due to a potential for future heap corruption");
156 #endif // ARCH_CPU_64_BITS || defined(ADDRESS_SANITIZER)
159 #endif // defined(OS_MACOSX)
161 // Android doesn't implement set_new_handler, so we can't use the
162 // OutOfMemoryTest cases.
163 // OpenBSD does not support these tests either.
164 // TODO(vandebo) make this work on Windows too.
165 #if !defined(OS_ANDROID) && !defined(OS_OPENBSD) && \
168 #if defined(USE_TCMALLOC)
170 int tc_set_new_mode(int mode);
172 #endif // defined(USE_TCMALLOC)
174 class OutOfMemoryTest : public testing::Test {
178 // Make test size as large as possible minus a few pages so
179 // that alignment or other rounding doesn't make it wrap.
180 test_size_(std::numeric_limits<std::size_t>::max() - 12 * 1024),
181 signed_test_size_(std::numeric_limits<ssize_t>::max()) {
184 #if defined(USE_TCMALLOC)
185 virtual void SetUp() override {
189 virtual void TearDown() override {
192 #endif // defined(USE_TCMALLOC)
197 ssize_t signed_test_size_;
200 class OutOfMemoryDeathTest : public OutOfMemoryTest {
202 void SetUpInDeathAssert() {
203 // Must call EnableTerminationOnOutOfMemory() because that is called from
204 // chrome's main function and therefore hasn't been called yet.
205 // Since this call may result in another thread being created and death
206 // tests shouldn't be started in a multithread environment, this call
207 // should be done inside of the ASSERT_DEATH.
208 base::EnableTerminationOnOutOfMemory();
212 TEST_F(OutOfMemoryDeathTest, New) {
214 SetUpInDeathAssert();
215 value_ = operator new(test_size_);
219 TEST_F(OutOfMemoryDeathTest, NewArray) {
221 SetUpInDeathAssert();
222 value_ = new char[test_size_];
226 TEST_F(OutOfMemoryDeathTest, Malloc) {
228 SetUpInDeathAssert();
229 value_ = malloc(test_size_);
233 TEST_F(OutOfMemoryDeathTest, Realloc) {
235 SetUpInDeathAssert();
236 value_ = realloc(NULL, test_size_);
240 TEST_F(OutOfMemoryDeathTest, Calloc) {
242 SetUpInDeathAssert();
243 value_ = calloc(1024, test_size_ / 1024L);
247 TEST_F(OutOfMemoryDeathTest, Valloc) {
249 SetUpInDeathAssert();
250 value_ = valloc(test_size_);
254 #if defined(OS_LINUX)
256 #if PVALLOC_AVAILABLE == 1
257 TEST_F(OutOfMemoryDeathTest, Pvalloc) {
259 SetUpInDeathAssert();
260 value_ = pvalloc(test_size_);
263 #endif // PVALLOC_AVAILABLE == 1
265 TEST_F(OutOfMemoryDeathTest, Memalign) {
267 SetUpInDeathAssert();
268 value_ = memalign(4, test_size_);
272 TEST_F(OutOfMemoryDeathTest, ViaSharedLibraries) {
273 // This tests that the run-time symbol resolution is overriding malloc for
274 // shared libraries (including libc itself) as well as for our code.
275 std::string format = base::StringPrintf("%%%zud", test_size_);
278 SetUpInDeathAssert();
279 EXPECT_EQ(-1, asprintf(&value, format.c_str(), 0));
284 // Android doesn't implement posix_memalign().
285 #if defined(OS_POSIX) && !defined(OS_ANDROID)
286 TEST_F(OutOfMemoryDeathTest, Posix_memalign) {
287 // Grab the return value of posix_memalign to silence a compiler warning
288 // about unused return values. We don't actually care about the return
289 // value, since we're asserting death.
291 SetUpInDeathAssert();
292 EXPECT_EQ(ENOMEM, posix_memalign(&value_, 8, test_size_));
295 #endif // defined(OS_POSIX) && !defined(OS_ANDROID)
297 #if defined(OS_MACOSX)
299 // Purgeable zone tests
301 TEST_F(OutOfMemoryDeathTest, MallocPurgeable) {
302 malloc_zone_t* zone = malloc_default_purgeable_zone();
304 SetUpInDeathAssert();
305 value_ = malloc_zone_malloc(zone, test_size_);
309 TEST_F(OutOfMemoryDeathTest, ReallocPurgeable) {
310 malloc_zone_t* zone = malloc_default_purgeable_zone();
312 SetUpInDeathAssert();
313 value_ = malloc_zone_realloc(zone, NULL, test_size_);
317 TEST_F(OutOfMemoryDeathTest, CallocPurgeable) {
318 malloc_zone_t* zone = malloc_default_purgeable_zone();
320 SetUpInDeathAssert();
321 value_ = malloc_zone_calloc(zone, 1024, test_size_ / 1024L);
325 TEST_F(OutOfMemoryDeathTest, VallocPurgeable) {
326 malloc_zone_t* zone = malloc_default_purgeable_zone();
328 SetUpInDeathAssert();
329 value_ = malloc_zone_valloc(zone, test_size_);
333 TEST_F(OutOfMemoryDeathTest, PosixMemalignPurgeable) {
334 malloc_zone_t* zone = malloc_default_purgeable_zone();
336 SetUpInDeathAssert();
337 value_ = malloc_zone_memalign(zone, 8, test_size_);
341 // Since these allocation functions take a signed size, it's possible that
342 // calling them just once won't be enough to exhaust memory. In the 32-bit
343 // environment, it's likely that these allocation attempts will fail because
344 // not enough contiguous address space is available. In the 64-bit environment,
345 // it's likely that they'll fail because they would require a preposterous
346 // amount of (virtual) memory.
348 TEST_F(OutOfMemoryDeathTest, CFAllocatorSystemDefault) {
350 SetUpInDeathAssert();
352 base::AllocateViaCFAllocatorSystemDefault(signed_test_size_))) {}
356 TEST_F(OutOfMemoryDeathTest, CFAllocatorMalloc) {
358 SetUpInDeathAssert();
360 base::AllocateViaCFAllocatorMalloc(signed_test_size_))) {}
364 TEST_F(OutOfMemoryDeathTest, CFAllocatorMallocZone) {
366 SetUpInDeathAssert();
368 base::AllocateViaCFAllocatorMallocZone(signed_test_size_))) {}
372 #if !defined(ARCH_CPU_64_BITS)
374 // See process_util_unittest_mac.mm for an explanation of why this test isn't
375 // run in the 64-bit environment.
377 TEST_F(OutOfMemoryDeathTest, PsychoticallyBigObjCObject) {
379 SetUpInDeathAssert();
380 while ((value_ = base::AllocatePsychoticallyBigObjCObject())) {}
384 #endif // !ARCH_CPU_64_BITS
387 class OutOfMemoryHandledTest : public OutOfMemoryTest {
389 static const size_t kSafeMallocSize = 512;
390 static const size_t kSafeCallocSize = 128;
391 static const size_t kSafeCallocItems = 4;
393 virtual void SetUp() {
394 OutOfMemoryTest::SetUp();
396 // We enable termination on OOM - just as Chrome does at early
397 // initialization - and test that UncheckedMalloc and UncheckedCalloc
398 // properly by-pass this in order to allow the caller to handle OOM.
399 base::EnableTerminationOnOutOfMemory();
403 // TODO(b.kelemen): make UncheckedMalloc and UncheckedCalloc work
404 // on Windows as well.
405 // UncheckedMalloc() and UncheckedCalloc() work as regular malloc()/calloc()
406 // under sanitizer tools.
407 #if !defined(MEMORY_TOOL_REPLACES_ALLOCATOR)
408 TEST_F(OutOfMemoryHandledTest, UncheckedMalloc) {
409 #if defined(OS_MACOSX) && ARCH_CPU_32_BITS
410 // The Mavericks malloc library changed in a way which breaks the tricks used
411 // to implement EnableTerminationOnOutOfMemory() with UncheckedMalloc() under
412 // 32-bit. The 64-bit malloc library works as desired without tricks.
413 if (base::mac::IsOSMavericksOrLater())
416 EXPECT_TRUE(base::UncheckedMalloc(kSafeMallocSize, &value_));
417 EXPECT_TRUE(value_ != NULL);
420 EXPECT_FALSE(base::UncheckedMalloc(test_size_, &value_));
421 EXPECT_TRUE(value_ == NULL);
424 TEST_F(OutOfMemoryHandledTest, UncheckedCalloc) {
425 #if defined(OS_MACOSX) && ARCH_CPU_32_BITS
426 // The Mavericks malloc library changed in a way which breaks the tricks used
427 // to implement EnableTerminationOnOutOfMemory() with UncheckedCalloc() under
428 // 32-bit. The 64-bit malloc library works as desired without tricks.
429 if (base::mac::IsOSMavericksOrLater())
432 EXPECT_TRUE(base::UncheckedCalloc(1, kSafeMallocSize, &value_));
433 EXPECT_TRUE(value_ != NULL);
434 const char* bytes = static_cast<const char*>(value_);
435 for (size_t i = 0; i < kSafeMallocSize; ++i)
436 EXPECT_EQ(0, bytes[i]);
440 base::UncheckedCalloc(kSafeCallocItems, kSafeCallocSize, &value_));
441 EXPECT_TRUE(value_ != NULL);
442 bytes = static_cast<const char*>(value_);
443 for (size_t i = 0; i < (kSafeCallocItems * kSafeCallocSize); ++i)
444 EXPECT_EQ(0, bytes[i]);
447 EXPECT_FALSE(base::UncheckedCalloc(1, test_size_, &value_));
448 EXPECT_TRUE(value_ == NULL);
450 #endif // !defined(MEMORY_TOOL_REPLACES_ALLOCATOR)
451 #endif // !defined(OS_ANDROID) && !defined(OS_OPENBSD) && !defined(OS_WIN)