Loading...
--- /dev/null
+++ libmalloc/libmalloc-715.140.5/tests/malloc_claimed_address_tests.c
@@ -0,0 +1,309 @@
+//
+// malloc_claimed_address_tests.c
+// libmalloc
+//
+// Tests for malloc_claimed_address() and malloc_zone_claimed_address().
+//
+
+#include <darwintest.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <malloc/malloc.h>
+#include <malloc_private.h>
+#include <sys/mman.h>
+#include "base.h"
+
+#if !MALLOC_TARGET_EXCLAVES
+#include <mach/mach.h>
+#include <mach/mach_vm.h>
+#endif // !MALLOC_TARGET_EXCLAVES
+
+T_GLOBAL_META(T_META_RUN_CONCURRENTLY(true));
+
+T_DECL(malloc_claimed_address_default_zone_test,
+ "Tests for malloc_claimed_address, default zone only",
+#if TARGET_OS_IPHONE
+ T_META_TAG_XZONE,
+#endif // TARGET_OS_IPHONE
+ T_META_ENVVAR("MallocNanoZone=0"),
+ T_META_TAG_VM_NOT_PREFERRED)
+{
+ // NULL is never a possible pointer.
+ boolean_t result = malloc_claimed_address(NULL);
+ T_EXPECT_FALSE(result, "NULL is never a valid pointer");
+
+ // Allocate from tiny, check that it's claimed.
+ void *ptr = malloc(16);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "allocation from tiny");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_claimed_address(ptr + 8);
+ T_EXPECT_TRUE(result, "allocation from tiny with offset");
+ free(ptr);
+
+ // Allocate from small, check that it's claimed.
+ ptr = malloc(2048);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "allocation from small");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_claimed_address(ptr + 1000);
+ T_EXPECT_TRUE(result, "allocation from small with offset");
+ free(ptr);
+
+ // Allocate from large, check that it's claimed.
+ ptr = malloc(140000);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "allocation from large");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_claimed_address(ptr + 1000);
+ T_EXPECT_TRUE(result, "allocation from large with offset");
+ free(ptr);
+
+#if !MALLOC_TARGET_EXCLAVES
+ // Allocate some memory with vm_allocate() and make sure it's not claimed.
+ mach_vm_address_t addr;
+ kern_return_t kr = mach_vm_allocate(mach_task_self(), &addr, 1024, VM_FLAGS_ANYWHERE);
+ T_ASSERT_TRUE(kr == KERN_SUCCESS, "allocate vm space");
+ result = malloc_claimed_address((void *)addr);
+ T_EXPECT_FALSE(result, "address in VM allocated memory");
+ mach_vm_deallocate(mach_task_self(), addr, 1024);
+#endif // !MALLOC_TARGET_EXCLAVES
+}
+
+
+#if !MALLOC_TARGET_EXCLAVES
+// Don't test on xzones because non-default xzones can claim allocations
+// from the main zone
+T_DECL(malloc_zone_claimed_address_test,
+ "Tests for malloc_zone_claimed_address",
+ T_META_ENVVAR("MallocNanoZone=0"),
+ T_META_TAG_VM_NOT_PREFERRED)
+{
+ malloc_zone_t *zone = malloc_create_zone(0, 0);
+
+ // NULL is never a possible pointer.
+ boolean_t result = malloc_zone_claimed_address(zone, NULL);
+ T_EXPECT_FALSE(result, "NULL is never a valid pointer");
+
+ // Allocate from tiny, check that it's claimed.
+ void *ptr = malloc_zone_malloc(zone, 16);
+ result = malloc_zone_claimed_address(zone, ptr);
+ T_EXPECT_TRUE(result, "allocation from tiny");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_zone_claimed_address(zone, ptr + 8);
+ T_EXPECT_TRUE(result, "allocation from tiny with offset");
+ free(ptr);
+
+ // Allocate with tiny from the default zone, check that it's not claimed.
+ ptr = malloc(16);
+ result = malloc_zone_claimed_address(zone, ptr);
+ T_EXPECT_FALSE(result, "allocation from tiny in default zone");
+ result = malloc_zone_claimed_address(zone, ptr + 8);
+ T_EXPECT_FALSE(result, "allocation from tiny in default zone with offset");
+ free(ptr);
+
+ // Allocate from small, check that it's claimed.
+ ptr = malloc_zone_malloc(zone, 2048);
+ result = malloc_zone_claimed_address(zone, ptr);
+ T_EXPECT_TRUE(result, "allocation from small");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_zone_claimed_address(zone, ptr + 1000);
+ T_EXPECT_TRUE(result, "allocation from small with offset");
+ free(ptr);
+
+ // Allocate with small from the default zone, check that it's not claimed.
+ ptr = malloc(2048);
+ result = malloc_zone_claimed_address(zone, ptr);
+ T_EXPECT_FALSE(result, "allocation from small in default zone");
+ result = malloc_zone_claimed_address(zone, ptr + 8);
+ T_EXPECT_FALSE(result, "allocation from small in default zone with offset");
+ free(ptr);
+
+ // Allocate from large, check that it's claimed.
+ ptr = malloc_zone_malloc(zone, 140000);
+ result = malloc_zone_claimed_address(zone, ptr);
+ T_EXPECT_TRUE(result, "allocation from large");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_zone_claimed_address(zone, ptr + 1000);
+ T_EXPECT_TRUE(result, "allocation from large with offset");
+ free(ptr);
+
+ // Allocate with large from the default zone, check that it's not claimed.
+ ptr = malloc(140000);
+ result = malloc_zone_claimed_address(zone, ptr);
+ T_EXPECT_FALSE(result, "allocation from large in default zone");
+ result = malloc_zone_claimed_address(zone, ptr + 8);
+ T_EXPECT_FALSE(result, "allocation from large in default zone with offset");
+ free(ptr);
+
+ // Allocate some memory with vm_allocate() and make sure it's not claimed.
+ mach_vm_address_t addr;
+ kern_return_t kr = mach_vm_allocate(mach_task_self(), &addr, 1024, VM_FLAGS_ANYWHERE);
+ T_ASSERT_TRUE(kr == KERN_SUCCESS, "allocate vm space");
+ result = malloc_zone_claimed_address(zone, (void *)addr);
+ T_EXPECT_FALSE(result, "address in VM allocated memory");
+ mach_vm_deallocate(mach_task_self(), addr, 1024);
+
+ malloc_destroy_zone(zone);
+}
+#endif // !MALLOC_TARGET_EXCLAVES
+
+#if !MALLOC_TARGET_EXCLAVES
+T_DECL(malloc_claimed_address_zone_test,
+ "Tests for malloc_claimed_address with another zone",
+#if TARGET_OS_IPHONE
+ T_META_TAG_XZONE,
+#endif // TARGET_OS_IPHONE
+ T_META_ENVVAR("MallocNanoZone=0"),
+ T_META_TAG_VM_NOT_PREFERRED)
+{
+ // Allocate in a custom zone, check that we can still use
+ // malloc_claimed_address() to check whether an address is claimed.
+ malloc_zone_t *zone = malloc_create_zone(0, 0);
+
+ // Allocate from tiny, check that it's claimed.
+ void *ptr = malloc_zone_malloc(zone, 16);
+ boolean_t result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "allocation from tiny");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_claimed_address(ptr + 8);
+ T_EXPECT_TRUE(result, "allocation from tiny with offset");
+ free(ptr);
+
+ // Allocate from small, check that it's claimed.
+ ptr = malloc_zone_malloc(zone, 2048);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "allocation from small");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_claimed_address(ptr + 1000);
+ T_EXPECT_TRUE(result, "allocation from small with offset");
+ free(ptr);
+
+ // Allocate from large, check that it's claimed.
+ ptr = malloc_zone_malloc(zone, 140000);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "allocation from large");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_claimed_address(ptr + 1000);
+ T_EXPECT_TRUE(result, "allocation from large with offset");
+ free(ptr);
+
+ malloc_destroy_zone(zone);
+}
+#endif // !MALLOC_TARGET_EXCLAVES
+
+T_DECL(malloc_claimed_address_nanozone_test,
+ "Tests for malloc_claimed_address with nano",
+ T_META_ENVVAR("MallocNanoZone=1"),
+ T_META_TAG_VM_NOT_PREFERRED)
+{
+ // NULL is never a possible pointer.
+ boolean_t result = malloc_claimed_address(NULL);
+ T_EXPECT_FALSE(result, "NULL is never a valid pointer");
+
+ // Allocate various sizes, check that they are claimed and that offset
+ // pointers are also claimed.
+ for (size_t sz = 16; sz <= 256; sz += 16) {
+ void *ptr = malloc(sz);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "nano allocation size %d", (int)sz);
+ result = malloc_claimed_address(ptr + sz/2);
+ T_EXPECT_TRUE(result, "nano allocation size %d offset %d", (int)sz, (int)sz/2);
+ free(ptr);
+ }
+
+ // Allocate a non-Nano size, which Nano will pass to its helper zone.
+ // Verify that it still claims the address as valid when asked via the
+ // default zone.
+ void *ptr = malloc(512);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "Above nano pointer check");
+ result = malloc_zone_claimed_address(malloc_default_zone(), ptr);
+ T_EXPECT_TRUE(result, "Above nano pointer check via default zone");
+ free(ptr);
+
+#if !MALLOC_TARGET_EXCLAVES
+ // Allocate some memory with vm_allocate() and make sure it's not claimed.
+ mach_vm_address_t addr;
+ kern_return_t kr = mach_vm_allocate(mach_task_self(), &addr, 1024, VM_FLAGS_ANYWHERE);
+ T_ASSERT_TRUE(kr == KERN_SUCCESS, "allocate vm space");
+ result = malloc_claimed_address((void *)addr);
+ T_EXPECT_FALSE(result, "address in VM allocated memory");
+ mach_vm_deallocate(mach_task_self(), addr, 1024);
+#endif // !MALLOC_TARGET_EXCLAVES
+}
+
+#if !MALLOC_TARGET_EXCLAVES
+// Don't run this test on xzone malloc, since the test assumes that it's safe
+// to mprotect the zone returned by malloc_create_zone
+T_DECL(malloc_claimed_address_custom_zone_test,
+ "Tests for malloc_claimed_address in a zone that does not implement it",
+ T_META_ENVVAR("MallocNanoZone=0"), T_META_TAG_VM_PREFERRED)
+{
+ // Custom zones that do not support claimed_address must always appear
+ // to return true.
+ malloc_zone_t *zone = malloc_create_zone(0, 0);
+ mprotect(zone, sizeof(*zone), PROT_READ | PROT_WRITE);
+ zone->version = 9;
+ zone->claimed_address = NULL;
+ mprotect(zone, sizeof(*zone), PROT_READ);
+
+ // NULL must still be disclaimed.
+ boolean_t result = malloc_zone_claimed_address(zone, NULL);
+ T_EXPECT_FALSE(result, "NULL is never a valid pointer");
+
+ // Allocate from tiny, check that it's claimed.
+ void *ptr = malloc_zone_malloc(zone, 16);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "allocation from tiny");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_claimed_address(ptr + 8);
+ T_EXPECT_TRUE(result, "allocation from tiny with offset");
+ free(ptr);
+
+ // Allocate from small, check that it's claimed.
+ ptr = malloc_zone_malloc(zone, 2048);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "allocation from small");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_claimed_address(ptr + 1000);
+ T_EXPECT_TRUE(result, "allocation from small with offset");
+ free(ptr);
+
+ // Allocate from large, check that it's claimed.
+ ptr = malloc_zone_malloc(zone, 140000);
+ result = malloc_claimed_address(ptr);
+ T_EXPECT_TRUE(result, "allocation from large");
+
+ // Offset from the pointer, check that it's still claimed.
+ result = malloc_claimed_address(ptr + 1000);
+ T_EXPECT_TRUE(result, "allocation from large with offset");
+ free(ptr);
+
+ malloc_destroy_zone(zone);
+}
+#endif // !MALLOC_TARGET_EXCLAVES
+
+T_DECL(malloc_claimed_address_xzone_test,
+ "Specific xzone malloc tests for malloc_claimed_address",
+ T_META_TAG_XZONE_ONLY)
+{
+ // Allocate a HUGE buffer, and then check that both the start and end of it
+ // are claimed by malloc
+ void *ptr = malloc(MiB(6));
+ T_EXPECT_TRUE(malloc_claimed_address(ptr), "start of HUGE allocation");
+ T_EXPECT_TRUE(malloc_claimed_address(ptr + MiB(6) - 1),
+ "end of HUGE allocation");
+ free(ptr);
+}