[email protected] | 4410618 | 2012-04-06 03:53:02 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
[email protected] | 0716cba | 2009-12-17 12:37:58 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 4 | // |
| 5 | // This file contains intentional memory errors, some of which may lead to |
| 6 | // crashes if the test is ran without special memory testing tools. We use these |
| 7 | // errors to verify the sanity of the tools. |
[email protected] | 0716cba | 2009-12-17 12:37:58 | [diff] [blame] | 8 | |
avi | 9b6f4293 | 2015-12-26 22:15:14 | [diff] [blame] | 9 | #include <stddef.h> |
| 10 | |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 11 | #include "base/atomicops.h" |
Scott Violet | 4416579 | 2018-02-22 02:08:08 | [diff] [blame] | 12 | #include "base/cfi_buildflags.h" |
[email protected] | b4b3479 | 2014-06-14 08:29:37 | [diff] [blame] | 13 | #include "base/debug/asan_invalid_access.h" |
| 14 | #include "base/debug/profiler.h" |
[email protected] | 495cad9 | 2013-07-18 08:12:40 | [diff] [blame] | 15 | #include "base/message_loop/message_loop.h" |
[email protected] | ee85751 | 2010-05-14 08:24:42 | [diff] [blame] | 16 | #include "base/third_party/dynamic_annotations/dynamic_annotations.h" |
[email protected] | 34b9963 | 2011-01-01 01:01:06 | [diff] [blame] | 17 | #include "base/threading/thread.h" |
avi | 9b6f4293 | 2015-12-26 22:15:14 | [diff] [blame] | 18 | #include "build/build_config.h" |
[email protected] | 0716cba | 2009-12-17 12:37:58 | [diff] [blame] | 19 | #include "testing/gtest/include/gtest/gtest.h" |
| 20 | |
[email protected] | ce072a7 | 2010-12-31 20:02:16 | [diff] [blame] | 21 | namespace base { |
| 22 | |
[email protected] | 0716cba | 2009-12-17 12:37:58 | [diff] [blame] | 23 | namespace { |
| 24 | |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 25 | const base::subtle::Atomic32 kMagicValue = 42; |
[email protected] | 0716cba | 2009-12-17 12:37:58 | [diff] [blame] | 26 | |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 27 | // Helper for memory accesses that can potentially corrupt memory or cause a |
| 28 | // crash during a native run. |
[email protected] | aee2f33 | 2014-03-27 15:08:04 | [diff] [blame] | 29 | #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
[email protected] | 9a4f618 | 2012-10-24 14:11:02 | [diff] [blame] | 30 | #if defined(OS_IOS) |
| 31 | // EXPECT_DEATH is not supported on IOS. |
| 32 | #define HARMFUL_ACCESS(action,error_regexp) do { action; } while (0) |
[email protected] | b4b3479 | 2014-06-14 08:29:37 | [diff] [blame] | 33 | #elif defined(SYZYASAN) |
| 34 | // We won't get a meaningful error message because we're not running under the |
| 35 | // SyzyASan logger, but we can at least make sure that the error has been |
| 36 | // generated in the SyzyASan runtime. |
| 37 | #define HARMFUL_ACCESS(action,unused) \ |
| 38 | if (debug::IsBinaryInstrumented()) { EXPECT_DEATH(action, \ |
| 39 | "AsanRuntime::OnError"); } |
[email protected] | 9a4f618 | 2012-10-24 14:11:02 | [diff] [blame] | 40 | #else |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 41 | #define HARMFUL_ACCESS(action,error_regexp) EXPECT_DEATH(action,error_regexp) |
[email protected] | b4b3479 | 2014-06-14 08:29:37 | [diff] [blame] | 42 | #endif // !OS_IOS && !SYZYASAN |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 43 | #else |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 44 | #define HARMFUL_ACCESS(action, error_regexp) |
| 45 | #define HARMFUL_ACCESS_IS_NOOP |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 46 | #endif |
| 47 | |
[email protected] | 1e51a96 | 2014-01-16 05:31:41 | [diff] [blame] | 48 | void DoReadUninitializedValue(char *ptr) { |
[email protected] | 43dea19 | 2012-05-16 08:42:08 | [diff] [blame] | 49 | // Comparison with 64 is to prevent clang from optimizing away the |
[email protected] | 83a13b2 | 2011-09-18 16:39:12 | [diff] [blame] | 50 | // jump -- valgrind only catches jumps and conditional moves, but clang uses |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 51 | // the borrow flag if the condition is just `*ptr == '\0'`. We no longer |
| 52 | // support valgrind, but this constant should be fine to keep as-is. |
[email protected] | 43dea19 | 2012-05-16 08:42:08 | [diff] [blame] | 53 | if (*ptr == 64) { |
[email protected] | 1e51a96 | 2014-01-16 05:31:41 | [diff] [blame] | 54 | VLOG(1) << "Uninit condition is true"; |
[email protected] | adf7d80 | 2010-09-23 09:12:37 | [diff] [blame] | 55 | } else { |
[email protected] | 1e51a96 | 2014-01-16 05:31:41 | [diff] [blame] | 56 | VLOG(1) << "Uninit condition is false"; |
[email protected] | adf7d80 | 2010-09-23 09:12:37 | [diff] [blame] | 57 | } |
| 58 | } |
| 59 | |
[email protected] | 1e51a96 | 2014-01-16 05:31:41 | [diff] [blame] | 60 | void ReadUninitializedValue(char *ptr) { |
| 61 | #if defined(MEMORY_SANITIZER) |
| 62 | EXPECT_DEATH(DoReadUninitializedValue(ptr), |
| 63 | "use-of-uninitialized-value"); |
| 64 | #else |
| 65 | DoReadUninitializedValue(ptr); |
| 66 | #endif |
| 67 | } |
| 68 | |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 69 | #ifndef HARMFUL_ACCESS_IS_NOOP |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 70 | void ReadValueOutOfArrayBoundsLeft(char *ptr) { |
[email protected] | 45b9eba | 2010-10-18 23:57:49 | [diff] [blame] | 71 | char c = ptr[-2]; |
| 72 | VLOG(1) << "Reading a byte out of bounds: " << c; |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 73 | } |
| 74 | |
| 75 | void ReadValueOutOfArrayBoundsRight(char *ptr, size_t size) { |
[email protected] | 45b9eba | 2010-10-18 23:57:49 | [diff] [blame] | 76 | char c = ptr[size + 1]; |
| 77 | VLOG(1) << "Reading a byte out of bounds: " << c; |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 78 | } |
| 79 | |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 80 | void WriteValueOutOfArrayBoundsLeft(char *ptr) { |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 81 | ptr[-1] = kMagicValue; |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 82 | } |
| 83 | |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 84 | void WriteValueOutOfArrayBoundsRight(char *ptr, size_t size) { |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 85 | ptr[size] = kMagicValue; |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 86 | } |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 87 | #endif // HARMFUL_ACCESS_IS_NOOP |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 88 | |
| 89 | void MakeSomeErrors(char *ptr, size_t size) { |
[email protected] | adf7d80 | 2010-09-23 09:12:37 | [diff] [blame] | 90 | ReadUninitializedValue(ptr); |
[email protected] | e260ebc | 2013-12-18 05:31:33 | [diff] [blame] | 91 | |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 92 | HARMFUL_ACCESS(ReadValueOutOfArrayBoundsLeft(ptr), |
[email protected] | e260ebc | 2013-12-18 05:31:33 | [diff] [blame] | 93 | "2 bytes to the left"); |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 94 | HARMFUL_ACCESS(ReadValueOutOfArrayBoundsRight(ptr, size), |
[email protected] | e260ebc | 2013-12-18 05:31:33 | [diff] [blame] | 95 | "1 bytes to the right"); |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 96 | HARMFUL_ACCESS(WriteValueOutOfArrayBoundsLeft(ptr), |
[email protected] | e260ebc | 2013-12-18 05:31:33 | [diff] [blame] | 97 | "1 bytes to the left"); |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 98 | HARMFUL_ACCESS(WriteValueOutOfArrayBoundsRight(ptr, size), |
[email protected] | e260ebc | 2013-12-18 05:31:33 | [diff] [blame] | 99 | "0 bytes to the right"); |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 100 | } |
| 101 | |
[email protected] | 66d051bb | 2010-10-14 08:25:54 | [diff] [blame] | 102 | } // namespace |
| 103 | |
| 104 | // A memory leak detector should report an error in this test. |
| 105 | TEST(ToolsSanityTest, MemoryLeak) { |
[email protected] | 6bfad0e | 2011-11-01 11:08:09 | [diff] [blame] | 106 | // Without the |volatile|, clang optimizes away the next two lines. |
| 107 | int* volatile leak = new int[256]; // Leak some memory intentionally. |
[email protected] | 66d051bb | 2010-10-14 08:25:54 | [diff] [blame] | 108 | leak[4] = 1; // Make sure the allocated memory is used. |
| 109 | } |
| 110 | |
[email protected] | 3da8c16 | 2014-03-28 17:35:10 | [diff] [blame] | 111 | #if (defined(ADDRESS_SANITIZER) && defined(OS_IOS)) || defined(SYZYASAN) |
[email protected] | 9a4f618 | 2012-10-24 14:11:02 | [diff] [blame] | 112 | // Because iOS doesn't support death tests, each of the following tests will |
[email protected] | 3da8c16 | 2014-03-28 17:35:10 | [diff] [blame] | 113 | // crash the whole program under Asan. On Windows Asan is based on SyzyAsan; the |
| 114 | // error report mechanism is different than with Asan so these tests will fail. |
[email protected] | 9a4f618 | 2012-10-24 14:11:02 | [diff] [blame] | 115 | #define MAYBE_AccessesToNewMemory DISABLED_AccessesToNewMemory |
| 116 | #define MAYBE_AccessesToMallocMemory DISABLED_AccessesToMallocMemory |
[email protected] | 2d4e013 | 2014-05-14 11:50:37 | [diff] [blame] | 117 | #else |
| 118 | #define MAYBE_AccessesToNewMemory AccessesToNewMemory |
| 119 | #define MAYBE_AccessesToMallocMemory AccessesToMallocMemory |
[email protected] | de0c7ed5 | 2014-07-18 02:40:40 | [diff] [blame] | 120 | #endif // (defined(ADDRESS_SANITIZER) && defined(OS_IOS)) || defined(SYZYASAN) |
[email protected] | f516280 | 2014-05-14 16:04:30 | [diff] [blame] | 121 | |
| 122 | // The following tests pass with Clang r170392, but not r172454, which |
| 123 | // makes AddressSanitizer detect errors in them. We disable these tests under |
| 124 | // AddressSanitizer until we fully switch to Clang r172454. After that the |
| 125 | // tests should be put back under the (defined(OS_IOS) || defined(OS_WIN)) |
| 126 | // clause above. |
| 127 | // See also http://crbug.com/172614. |
| 128 | #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
[email protected] | 2d4e013 | 2014-05-14 11:50:37 | [diff] [blame] | 129 | #define MAYBE_SingleElementDeletedWithBraces \ |
| 130 | DISABLED_SingleElementDeletedWithBraces |
[email protected] | f516280 | 2014-05-14 16:04:30 | [diff] [blame] | 131 | #define MAYBE_ArrayDeletedWithoutBraces DISABLED_ArrayDeletedWithoutBraces |
[email protected] | de0c7ed5 | 2014-07-18 02:40:40 | [diff] [blame] | 132 | #else |
| 133 | #define MAYBE_ArrayDeletedWithoutBraces ArrayDeletedWithoutBraces |
| 134 | #define MAYBE_SingleElementDeletedWithBraces SingleElementDeletedWithBraces |
| 135 | #endif // defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
| 136 | |
[email protected] | 9a4f618 | 2012-10-24 14:11:02 | [diff] [blame] | 137 | TEST(ToolsSanityTest, MAYBE_AccessesToNewMemory) { |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 138 | char *foo = new char[10]; |
| 139 | MakeSomeErrors(foo, 10); |
| 140 | delete [] foo; |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 141 | // Use after delete. |
| 142 | HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 143 | } |
| 144 | |
[email protected] | 9a4f618 | 2012-10-24 14:11:02 | [diff] [blame] | 145 | TEST(ToolsSanityTest, MAYBE_AccessesToMallocMemory) { |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 146 | char *foo = reinterpret_cast<char*>(malloc(10)); |
| 147 | MakeSomeErrors(foo, 10); |
| 148 | free(foo); |
[email protected] | c2a1849 | 2011-10-05 13:22:50 | [diff] [blame] | 149 | // Use after free. |
| 150 | HARMFUL_ACCESS(foo[5] = 0, "heap-use-after-free"); |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 151 | } |
| 152 | |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 153 | #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
| 154 | |
hans | cd4cce3 | 2015-05-19 17:03:14 | [diff] [blame] | 155 | static int* allocateArray() { |
| 156 | // Clang warns about the mismatched new[]/delete if they occur in the same |
| 157 | // function. |
| 158 | return new int[10]; |
| 159 | } |
| 160 | |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 161 | // This test may corrupt memory if not compiled with AddressSanitizer. |
[email protected] | 9a4f618 | 2012-10-24 14:11:02 | [diff] [blame] | 162 | TEST(ToolsSanityTest, MAYBE_ArrayDeletedWithoutBraces) { |
[email protected] | 014b0b06 | 2011-09-18 16:30:12 | [diff] [blame] | 163 | // Without the |volatile|, clang optimizes away the next two lines. |
hans | cd4cce3 | 2015-05-19 17:03:14 | [diff] [blame] | 164 | int* volatile foo = allocateArray(); |
[email protected] | f516280 | 2014-05-14 16:04:30 | [diff] [blame] | 165 | delete foo; |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 166 | } |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 167 | #endif |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 168 | |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 169 | #if defined(ADDRESS_SANITIZER) |
hans | cd4cce3 | 2015-05-19 17:03:14 | [diff] [blame] | 170 | static int* allocateScalar() { |
| 171 | // Clang warns about the mismatched new/delete[] if they occur in the same |
| 172 | // function. |
| 173 | return new int; |
| 174 | } |
| 175 | |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 176 | // This test may corrupt memory if not compiled with AddressSanitizer. |
[email protected] | 9a4f618 | 2012-10-24 14:11:02 | [diff] [blame] | 177 | TEST(ToolsSanityTest, MAYBE_SingleElementDeletedWithBraces) { |
[email protected] | 014b0b06 | 2011-09-18 16:30:12 | [diff] [blame] | 178 | // Without the |volatile|, clang optimizes away the next two lines. |
hans | cd4cce3 | 2015-05-19 17:03:14 | [diff] [blame] | 179 | int* volatile foo = allocateScalar(); |
[email protected] | 928ca1d | 2011-09-30 18:52:04 | [diff] [blame] | 180 | (void) foo; |
[email protected] | f516280 | 2014-05-14 16:04:30 | [diff] [blame] | 181 | delete [] foo; |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 182 | } |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 183 | #endif |
[email protected] | 9ded991 | 2010-03-26 12:54:44 | [diff] [blame] | 184 | |
[email protected] | aee2f33 | 2014-03-27 15:08:04 | [diff] [blame] | 185 | #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
[email protected] | b4b3479 | 2014-06-14 08:29:37 | [diff] [blame] | 186 | |
[email protected] | 9b147ae | 2011-11-08 09:28:49 | [diff] [blame] | 187 | TEST(ToolsSanityTest, DISABLED_AddressSanitizerNullDerefCrashTest) { |
[email protected] | 6fcbc62f | 2011-10-12 17:18:24 | [diff] [blame] | 188 | // Intentionally crash to make sure AddressSanitizer is running. |
| 189 | // This test should not be ran on bots. |
| 190 | int* volatile zero = NULL; |
| 191 | *zero = 0; |
| 192 | } |
[email protected] | 9b147ae | 2011-11-08 09:28:49 | [diff] [blame] | 193 | |
| 194 | TEST(ToolsSanityTest, DISABLED_AddressSanitizerLocalOOBCrashTest) { |
| 195 | // Intentionally crash to make sure AddressSanitizer is instrumenting |
| 196 | // the local variables. |
| 197 | // This test should not be ran on bots. |
| 198 | int array[5]; |
| 199 | // Work around the OOB warning reported by Clang. |
| 200 | int* volatile access = &array[5]; |
| 201 | *access = 43; |
| 202 | } |
| 203 | |
| 204 | namespace { |
| 205 | int g_asan_test_global_array[10]; |
| 206 | } // namespace |
| 207 | |
| 208 | TEST(ToolsSanityTest, DISABLED_AddressSanitizerGlobalOOBCrashTest) { |
| 209 | // Intentionally crash to make sure AddressSanitizer is instrumenting |
| 210 | // the global variables. |
| 211 | // This test should not be ran on bots. |
| 212 | |
| 213 | // Work around the OOB warning reported by Clang. |
| 214 | int* volatile access = g_asan_test_global_array - 1; |
| 215 | *access = 43; |
| 216 | } |
| 217 | |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 218 | #ifndef HARMFUL_ACCESS_IS_NOOP |
[email protected] | b4b3479 | 2014-06-14 08:29:37 | [diff] [blame] | 219 | TEST(ToolsSanityTest, AsanHeapOverflow) { |
| 220 | HARMFUL_ACCESS(debug::AsanHeapOverflow() ,"to the right"); |
| 221 | } |
| 222 | |
| 223 | TEST(ToolsSanityTest, AsanHeapUnderflow) { |
| 224 | HARMFUL_ACCESS(debug::AsanHeapUnderflow(), "to the left"); |
| 225 | } |
| 226 | |
| 227 | TEST(ToolsSanityTest, AsanHeapUseAfterFree) { |
| 228 | HARMFUL_ACCESS(debug::AsanHeapUseAfterFree(), "heap-use-after-free"); |
| 229 | } |
| 230 | |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 231 | #if defined(SYZYASAN) && defined(COMPILER_MSVC) |
[email protected] | b4b3479 | 2014-06-14 08:29:37 | [diff] [blame] | 232 | TEST(ToolsSanityTest, AsanCorruptHeapBlock) { |
| 233 | HARMFUL_ACCESS(debug::AsanCorruptHeapBlock(), ""); |
| 234 | } |
| 235 | |
| 236 | TEST(ToolsSanityTest, AsanCorruptHeap) { |
| 237 | // This test will kill the process by raising an exception, there's no |
| 238 | // particular string to look for in the stack trace. |
| 239 | EXPECT_DEATH(debug::AsanCorruptHeap(), ""); |
| 240 | } |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 241 | #endif // SYZYASAN && COMPILER_MSVC |
| 242 | #endif // !HARMFUL_ACCESS_IS_NOOP |
[email protected] | b4b3479 | 2014-06-14 08:29:37 | [diff] [blame] | 243 | |
| 244 | #endif // ADDRESS_SANITIZER || SYZYASAN |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 245 | |
| 246 | namespace { |
| 247 | |
| 248 | // We use caps here just to ensure that the method name doesn't interfere with |
| 249 | // the wildcarded suppressions. |
| 250 | class TOOLS_SANITY_TEST_CONCURRENT_THREAD : public PlatformThread::Delegate { |
| 251 | public: |
| 252 | explicit TOOLS_SANITY_TEST_CONCURRENT_THREAD(bool *value) : value_(value) {} |
Chris Watkins | bb7211c | 2017-11-29 07:16:38 | [diff] [blame] | 253 | ~TOOLS_SANITY_TEST_CONCURRENT_THREAD() override = default; |
dcheng | 5648818 | 2014-10-21 10:54:51 | [diff] [blame] | 254 | void ThreadMain() override { |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 255 | *value_ = true; |
| 256 | |
| 257 | // Sleep for a few milliseconds so the two threads are more likely to live |
| 258 | // simultaneously. Otherwise we may miss the report due to mutex |
| 259 | // lock/unlock's inside thread creation code in pure-happens-before mode... |
[email protected] | a1b75b94 | 2011-12-31 22:53:51 | [diff] [blame] | 260 | PlatformThread::Sleep(TimeDelta::FromMilliseconds(100)); |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 261 | } |
| 262 | private: |
| 263 | bool *value_; |
| 264 | }; |
| 265 | |
| 266 | class ReleaseStoreThread : public PlatformThread::Delegate { |
| 267 | public: |
| 268 | explicit ReleaseStoreThread(base::subtle::Atomic32 *value) : value_(value) {} |
Chris Watkins | bb7211c | 2017-11-29 07:16:38 | [diff] [blame] | 269 | ~ReleaseStoreThread() override = default; |
dcheng | 5648818 | 2014-10-21 10:54:51 | [diff] [blame] | 270 | void ThreadMain() override { |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 271 | base::subtle::Release_Store(value_, kMagicValue); |
| 272 | |
| 273 | // Sleep for a few milliseconds so the two threads are more likely to live |
| 274 | // simultaneously. Otherwise we may miss the report due to mutex |
| 275 | // lock/unlock's inside thread creation code in pure-happens-before mode... |
[email protected] | a1b75b94 | 2011-12-31 22:53:51 | [diff] [blame] | 276 | PlatformThread::Sleep(TimeDelta::FromMilliseconds(100)); |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 277 | } |
| 278 | private: |
| 279 | base::subtle::Atomic32 *value_; |
| 280 | }; |
| 281 | |
| 282 | class AcquireLoadThread : public PlatformThread::Delegate { |
| 283 | public: |
| 284 | explicit AcquireLoadThread(base::subtle::Atomic32 *value) : value_(value) {} |
Chris Watkins | bb7211c | 2017-11-29 07:16:38 | [diff] [blame] | 285 | ~AcquireLoadThread() override = default; |
dcheng | 5648818 | 2014-10-21 10:54:51 | [diff] [blame] | 286 | void ThreadMain() override { |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 287 | // Wait for the other thread to make Release_Store |
[email protected] | a1b75b94 | 2011-12-31 22:53:51 | [diff] [blame] | 288 | PlatformThread::Sleep(TimeDelta::FromMilliseconds(100)); |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 289 | base::subtle::Acquire_Load(value_); |
| 290 | } |
| 291 | private: |
| 292 | base::subtle::Atomic32 *value_; |
| 293 | }; |
| 294 | |
| 295 | void RunInParallel(PlatformThread::Delegate *d1, PlatformThread::Delegate *d2) { |
| 296 | PlatformThreadHandle a; |
| 297 | PlatformThreadHandle b; |
| 298 | PlatformThread::Create(0, d1, &a); |
| 299 | PlatformThread::Create(0, d2, &b); |
| 300 | PlatformThread::Join(a); |
| 301 | PlatformThread::Join(b); |
| 302 | } |
| 303 | |
[email protected] | b11d38d0 | 2014-06-26 13:10:50 | [diff] [blame] | 304 | #if defined(THREAD_SANITIZER) |
| 305 | void DataRace() { |
[email protected] | a405798 | 2013-03-23 11:28:17 | [diff] [blame] | 306 | bool *shared = new bool(false); |
| 307 | TOOLS_SANITY_TEST_CONCURRENT_THREAD thread1(shared), thread2(shared); |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 308 | RunInParallel(&thread1, &thread2); |
[email protected] | a405798 | 2013-03-23 11:28:17 | [diff] [blame] | 309 | EXPECT_TRUE(*shared); |
| 310 | delete shared; |
[email protected] | b11d38d0 | 2014-06-26 13:10:50 | [diff] [blame] | 311 | // We're in a death test - crash. |
| 312 | CHECK(0); |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 313 | } |
[email protected] | b11d38d0 | 2014-06-26 13:10:50 | [diff] [blame] | 314 | #endif |
| 315 | |
| 316 | } // namespace |
| 317 | |
| 318 | #if defined(THREAD_SANITIZER) |
| 319 | // A data race detector should report an error in this test. |
| 320 | TEST(ToolsSanityTest, DataRace) { |
| 321 | // The suppression regexp must match that in base/debug/tsan_suppressions.cc. |
| 322 | EXPECT_DEATH(DataRace(), "1 race:base/tools_sanity_unittest.cc"); |
| 323 | } |
| 324 | #endif |
[email protected] | f49ecd8f | 2011-05-10 18:03:34 | [diff] [blame] | 325 | |
| 326 | TEST(ToolsSanityTest, AnnotateBenignRace) { |
| 327 | bool shared = false; |
| 328 | ANNOTATE_BENIGN_RACE(&shared, "Intentional race - make sure doesn't show up"); |
| 329 | TOOLS_SANITY_TEST_CONCURRENT_THREAD thread1(&shared), thread2(&shared); |
| 330 | RunInParallel(&thread1, &thread2); |
| 331 | EXPECT_TRUE(shared); |
| 332 | } |
| 333 | |
| 334 | TEST(ToolsSanityTest, AtomicsAreIgnored) { |
| 335 | base::subtle::Atomic32 shared = 0; |
| 336 | ReleaseStoreThread thread1(&shared); |
| 337 | AcquireLoadThread thread2(&shared); |
| 338 | RunInParallel(&thread1, &thread2); |
| 339 | EXPECT_EQ(kMagicValue, shared); |
[email protected] | 0716cba | 2009-12-17 12:37:58 | [diff] [blame] | 340 | } |
[email protected] | ce072a7 | 2010-12-31 20:02:16 | [diff] [blame] | 341 | |
Vlad Tsyrklevich | e0408ff | 2017-10-13 19:35:24 | [diff] [blame] | 342 | #if BUILDFLAG(CFI_ENFORCEMENT_TRAP) |
Peter Collingbourne | 355546f | 2017-10-12 19:51:27 | [diff] [blame] | 343 | #if defined(OS_WIN) |
| 344 | #define CFI_ERROR_MSG "EXCEPTION_ILLEGAL_INSTRUCTION" |
| 345 | #elif defined(OS_ANDROID) |
| 346 | // TODO(pcc): Produce proper stack dumps on Android and test for the correct |
| 347 | // si_code here. |
| 348 | #define CFI_ERROR_MSG "^$" |
| 349 | #else |
Vlad Tsyrklevich | 37f1e35 | 2017-08-15 23:45:10 | [diff] [blame] | 350 | #define CFI_ERROR_MSG "ILL_ILLOPN" |
Peter Collingbourne | 355546f | 2017-10-12 19:51:27 | [diff] [blame] | 351 | #endif |
Vlad Tsyrklevich | e0408ff | 2017-10-13 19:35:24 | [diff] [blame] | 352 | #elif BUILDFLAG(CFI_ENFORCEMENT_DIAGNOSTIC) |
Vlad Tsyrklevich | 37f1e35 | 2017-08-15 23:45:10 | [diff] [blame] | 353 | #define CFI_ERROR_MSG "runtime error: control flow integrity check" |
Vlad Tsyrklevich | e0408ff | 2017-10-13 19:35:24 | [diff] [blame] | 354 | #endif // BUILDFLAG(CFI_ENFORCEMENT_TRAP || CFI_ENFORCEMENT_DIAGNOSTIC) |
pcc | 0736491 | 2015-07-31 00:19:06 | [diff] [blame] | 355 | |
Vlad Tsyrklevich | 37f1e35 | 2017-08-15 23:45:10 | [diff] [blame] | 356 | #if defined(CFI_ERROR_MSG) |
krasin | 59d3718 | 2016-07-13 03:24:34 | [diff] [blame] | 357 | class A { |
| 358 | public: |
| 359 | A(): n_(0) {} |
| 360 | virtual void f() { n_++; } |
| 361 | protected: |
| 362 | int n_; |
| 363 | }; |
| 364 | |
| 365 | class B: public A { |
| 366 | public: |
| 367 | void f() override { n_--; } |
| 368 | }; |
| 369 | |
Vlad Tsyrklevich | 37f1e35 | 2017-08-15 23:45:10 | [diff] [blame] | 370 | class C: public B { |
| 371 | public: |
| 372 | void f() override { n_ += 2; } |
| 373 | }; |
| 374 | |
krasin | 59d3718 | 2016-07-13 03:24:34 | [diff] [blame] | 375 | NOINLINE void KillVptrAndCall(A *obj) { |
| 376 | *reinterpret_cast<void **>(obj) = 0; |
| 377 | obj->f(); |
| 378 | } |
| 379 | |
Vlad Tsyrklevich | 37f1e35 | 2017-08-15 23:45:10 | [diff] [blame] | 380 | TEST(ToolsSanityTest, BadVirtualCallNull) { |
krasin | 59d3718 | 2016-07-13 03:24:34 | [diff] [blame] | 381 | A a; |
| 382 | B b; |
Vlad Tsyrklevich | 37f1e35 | 2017-08-15 23:45:10 | [diff] [blame] | 383 | EXPECT_DEATH({ KillVptrAndCall(&a); KillVptrAndCall(&b); }, CFI_ERROR_MSG); |
krasin | 59d3718 | 2016-07-13 03:24:34 | [diff] [blame] | 384 | } |
| 385 | |
Vlad Tsyrklevich | 37f1e35 | 2017-08-15 23:45:10 | [diff] [blame] | 386 | NOINLINE void OverwriteVptrAndCall(B *obj, A *vptr) { |
| 387 | *reinterpret_cast<void **>(obj) = *reinterpret_cast<void **>(vptr); |
| 388 | obj->f(); |
| 389 | } |
| 390 | |
| 391 | TEST(ToolsSanityTest, BadVirtualCallWrongType) { |
| 392 | A a; |
| 393 | B b; |
| 394 | C c; |
| 395 | EXPECT_DEATH({ OverwriteVptrAndCall(&b, &a); OverwriteVptrAndCall(&b, &c); }, |
| 396 | CFI_ERROR_MSG); |
| 397 | } |
| 398 | |
| 399 | // TODO(pcc): remove CFI_CAST_CHECK, see https://crbug.com/626794. |
Vlad Tsyrklevich | e0408ff | 2017-10-13 19:35:24 | [diff] [blame] | 400 | #if BUILDFLAG(CFI_CAST_CHECK) |
Vlad Tsyrklevich | 37f1e35 | 2017-08-15 23:45:10 | [diff] [blame] | 401 | TEST(ToolsSanityTest, BadDerivedCast) { |
| 402 | A a; |
| 403 | EXPECT_DEATH((void)(B*)&a, CFI_ERROR_MSG); |
| 404 | } |
| 405 | |
| 406 | TEST(ToolsSanityTest, BadUnrelatedCast) { |
| 407 | class A { |
| 408 | virtual void f() {} |
| 409 | }; |
| 410 | |
| 411 | class B { |
| 412 | virtual void f() {} |
| 413 | }; |
| 414 | |
| 415 | A a; |
| 416 | EXPECT_DEATH((void)(B*)&a, CFI_ERROR_MSG); |
| 417 | } |
Vlad Tsyrklevich | e0408ff | 2017-10-13 19:35:24 | [diff] [blame] | 418 | #endif // BUILDFLAG(CFI_CAST_CHECK) |
Vlad Tsyrklevich | 37f1e35 | 2017-08-15 23:45:10 | [diff] [blame] | 419 | |
Vlad Tsyrklevich | e0408ff | 2017-10-13 19:35:24 | [diff] [blame] | 420 | #endif // CFI_ERROR_MSG |
pcc | 0736491 | 2015-07-31 00:19:06 | [diff] [blame] | 421 | |
Mostyn Bramley-Moore | d0ecd6a | 2017-12-06 19:13:21 | [diff] [blame] | 422 | #undef CFI_ERROR_MSG |
| 423 | #undef MAYBE_AccessesToNewMemory |
| 424 | #undef MAYBE_AccessesToMallocMemory |
| 425 | #undef MAYBE_ArrayDeletedWithoutBraces |
| 426 | #undef MAYBE_SingleElementDeletedWithBraces |
| 427 | #undef HARMFUL_ACCESS |
| 428 | #undef HARMFUL_ACCESS_IS_NOOP |
| 429 | |
[email protected] | ce072a7 | 2010-12-31 20:02:16 | [diff] [blame] | 430 | } // namespace base |