|
sl@0
|
1 |
// Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies).
|
|
sl@0
|
2 |
// All rights reserved.
|
|
sl@0
|
3 |
// This component and the accompanying materials are made available
|
|
sl@0
|
4 |
// under the terms of the License "Eclipse Public License v1.0"
|
|
sl@0
|
5 |
// which accompanies this distribution, and is available
|
|
sl@0
|
6 |
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
|
sl@0
|
7 |
//
|
|
sl@0
|
8 |
// Initial Contributors:
|
|
sl@0
|
9 |
// Nokia Corporation - initial contribution.
|
|
sl@0
|
10 |
//
|
|
sl@0
|
11 |
// Contributors:
|
|
sl@0
|
12 |
//
|
|
sl@0
|
13 |
// Description:
|
|
sl@0
|
14 |
// e32test\debug\t_heapcorruption.cpp
|
|
sl@0
|
15 |
// This is a test application that will cause heap corruption
|
|
sl@0
|
16 |
// to generate BTrace events (EHeapCorruption).
|
|
sl@0
|
17 |
//
|
|
sl@0
|
18 |
//
|
|
sl@0
|
19 |
|
|
sl@0
|
20 |
// Include Files
|
|
sl@0
|
21 |
#include "t_heapcorruption.h"
|
|
sl@0
|
22 |
#include <e32base.h>
|
|
sl@0
|
23 |
#include <e32base_private.h>
|
|
sl@0
|
24 |
#include <e32cmn.h>
|
|
sl@0
|
25 |
#include <e32cmn_private.h>
|
|
sl@0
|
26 |
|
|
sl@0
|
27 |
|
|
sl@0
|
28 |
#define __NEXT_CELL(p) ((SCell*)(((TUint8*)p)+p->len))
|
|
sl@0
|
29 |
|
|
sl@0
|
30 |
TBool gEnableMemoryMonitor = EFalse;
|
|
sl@0
|
31 |
|
|
sl@0
|
32 |
|
|
sl@0
|
33 |
/**
|
|
sl@0
|
34 |
Test heap that will corrupt some cells to generate BTrace events.
|
|
sl@0
|
35 |
*/
|
|
sl@0
|
36 |
class RMyDummyHeap : public RHeap
|
|
sl@0
|
37 |
{
|
|
sl@0
|
38 |
public:
|
|
sl@0
|
39 |
//EBadFreeCellAddress
|
|
sl@0
|
40 |
void CorruptFreeMemory1()
|
|
sl@0
|
41 |
{
|
|
sl@0
|
42 |
SCell* f = (SCell*)&iFree;
|
|
sl@0
|
43 |
f->next = (SCell*)iTop;
|
|
sl@0
|
44 |
f->next += sizeof(TUint8);
|
|
sl@0
|
45 |
}
|
|
sl@0
|
46 |
|
|
sl@0
|
47 |
//EBadFreeCellSize
|
|
sl@0
|
48 |
void CorruptFreeMemory2()
|
|
sl@0
|
49 |
{
|
|
sl@0
|
50 |
SCell* p = (SCell*)&iFree;
|
|
sl@0
|
51 |
SCell* n = p->next;
|
|
sl@0
|
52 |
n->len = iMinCell-1;
|
|
sl@0
|
53 |
}
|
|
sl@0
|
54 |
|
|
sl@0
|
55 |
//EBadAllocatedCellAddress
|
|
sl@0
|
56 |
void CorruptAllocatedMemory1()
|
|
sl@0
|
57 |
{
|
|
sl@0
|
58 |
SCell* c = (SCell*)iBase;
|
|
sl@0
|
59 |
SCell* f = (SCell*)&iFree;
|
|
sl@0
|
60 |
|
|
sl@0
|
61 |
f = f->next;
|
|
sl@0
|
62 |
f = f->next;
|
|
sl@0
|
63 |
c->len = (TInt)f->next - (TInt)c;
|
|
sl@0
|
64 |
}
|
|
sl@0
|
65 |
|
|
sl@0
|
66 |
//additional utilities
|
|
sl@0
|
67 |
void CorruptAllocatedMemorySize(void* aAddress)
|
|
sl@0
|
68 |
{
|
|
sl@0
|
69 |
SCell* addres = GetAddress(aAddress);
|
|
sl@0
|
70 |
SCell* c = (SCell*)iBase;
|
|
sl@0
|
71 |
for(;;)
|
|
sl@0
|
72 |
{
|
|
sl@0
|
73 |
if(c == addres)
|
|
sl@0
|
74 |
{
|
|
sl@0
|
75 |
c->len = iMinCell-1;
|
|
sl@0
|
76 |
break;
|
|
sl@0
|
77 |
}
|
|
sl@0
|
78 |
c = __NEXT_CELL(c);
|
|
sl@0
|
79 |
}
|
|
sl@0
|
80 |
}
|
|
sl@0
|
81 |
|
|
sl@0
|
82 |
void CorruptAllocatedMemoryAddress(void* aAddress)
|
|
sl@0
|
83 |
{
|
|
sl@0
|
84 |
SCell* pF = &iFree; // free cells
|
|
sl@0
|
85 |
pF = pF->next; // next free cell
|
|
sl@0
|
86 |
if (!pF)
|
|
sl@0
|
87 |
pF = (SCell*)iTop;
|
|
sl@0
|
88 |
SCell* addres = GetAddress(aAddress);
|
|
sl@0
|
89 |
SCell* c = (SCell*)iBase;
|
|
sl@0
|
90 |
for(;;)
|
|
sl@0
|
91 |
{
|
|
sl@0
|
92 |
if(c == addres)
|
|
sl@0
|
93 |
{
|
|
sl@0
|
94 |
c->len = (TInt)pF->next - (TInt)c;
|
|
sl@0
|
95 |
break;
|
|
sl@0
|
96 |
}
|
|
sl@0
|
97 |
c = __NEXT_CELL(c);
|
|
sl@0
|
98 |
}
|
|
sl@0
|
99 |
}
|
|
sl@0
|
100 |
|
|
sl@0
|
101 |
void EnableHeavyMemoryMonitoring()
|
|
sl@0
|
102 |
{
|
|
sl@0
|
103 |
iFlags |= EMonitorMemory;
|
|
sl@0
|
104 |
}
|
|
sl@0
|
105 |
};
|
|
sl@0
|
106 |
|
|
sl@0
|
107 |
|
|
sl@0
|
108 |
/**
|
|
sl@0
|
109 |
Heap corruption 2:
|
|
sl@0
|
110 |
- Overrunning an array using memset
|
|
sl@0
|
111 |
(EHeapCorruption - EBadAllocatedCellSize)
|
|
sl@0
|
112 |
*/
|
|
sl@0
|
113 |
void Memory_Corruption2()
|
|
sl@0
|
114 |
{
|
|
sl@0
|
115 |
if(gEnableMemoryMonitor)
|
|
sl@0
|
116 |
{
|
|
sl@0
|
117 |
RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
|
|
sl@0
|
118 |
h->EnableHeavyMemoryMonitoring();
|
|
sl@0
|
119 |
}
|
|
sl@0
|
120 |
|
|
sl@0
|
121 |
char* buf = new char[10]; //will be aligned to 12
|
|
sl@0
|
122 |
char* buf2 = new char[10]; //will be aligned to 12
|
|
sl@0
|
123 |
TInt a = User::Heap().AllocLen(buf);
|
|
sl@0
|
124 |
memset(buf, 255, a+1); //memory corruption
|
|
sl@0
|
125 |
|
|
sl@0
|
126 |
if(!gEnableMemoryMonitor)
|
|
sl@0
|
127 |
User::Heap().Check(); //force 'heap walker' to check the heap
|
|
sl@0
|
128 |
|
|
sl@0
|
129 |
delete buf2;
|
|
sl@0
|
130 |
delete buf; //when heavy monitoring is ON should send trace
|
|
sl@0
|
131 |
}
|
|
sl@0
|
132 |
|
|
sl@0
|
133 |
|
|
sl@0
|
134 |
//causes EBadFreeCellAddress corruption type
|
|
sl@0
|
135 |
void Memory_Corruption3()
|
|
sl@0
|
136 |
{
|
|
sl@0
|
137 |
TInt* p1 = new TInt();
|
|
sl@0
|
138 |
TInt* p2 = new TInt();
|
|
sl@0
|
139 |
TInt* p3 = new TInt();
|
|
sl@0
|
140 |
TInt* p4 = new TInt();
|
|
sl@0
|
141 |
TInt* p5 = new TInt();
|
|
sl@0
|
142 |
TInt* p6 = new TInt();
|
|
sl@0
|
143 |
delete p2;
|
|
sl@0
|
144 |
delete p4;
|
|
sl@0
|
145 |
delete p6;
|
|
sl@0
|
146 |
|
|
sl@0
|
147 |
RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
|
|
sl@0
|
148 |
h->CorruptFreeMemory1();
|
|
sl@0
|
149 |
User::Heap().Check();
|
|
sl@0
|
150 |
|
|
sl@0
|
151 |
delete p5;
|
|
sl@0
|
152 |
delete p3;
|
|
sl@0
|
153 |
delete p1;
|
|
sl@0
|
154 |
}
|
|
sl@0
|
155 |
|
|
sl@0
|
156 |
|
|
sl@0
|
157 |
//causes EBadFreeCellSize RHeap corruption type
|
|
sl@0
|
158 |
void Memory_Corruption4()
|
|
sl@0
|
159 |
{
|
|
sl@0
|
160 |
TInt* p1 = new TInt();
|
|
sl@0
|
161 |
TInt* p2 = new TInt();
|
|
sl@0
|
162 |
TInt* p3 = new TInt();
|
|
sl@0
|
163 |
delete p2;
|
|
sl@0
|
164 |
|
|
sl@0
|
165 |
RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
|
|
sl@0
|
166 |
h->CorruptFreeMemory2();
|
|
sl@0
|
167 |
User::Heap().Check();
|
|
sl@0
|
168 |
|
|
sl@0
|
169 |
delete p3;
|
|
sl@0
|
170 |
|
|
sl@0
|
171 |
delete p1;
|
|
sl@0
|
172 |
}
|
|
sl@0
|
173 |
|
|
sl@0
|
174 |
|
|
sl@0
|
175 |
//causes EBadAllocatedCellAddress corruption type
|
|
sl@0
|
176 |
void Memory_Corruption5()
|
|
sl@0
|
177 |
{
|
|
sl@0
|
178 |
TInt* p1 = new TInt;
|
|
sl@0
|
179 |
TInt* p2 = new TInt;
|
|
sl@0
|
180 |
TInt* p3 = new TInt;
|
|
sl@0
|
181 |
TInt* p4 = new TInt;
|
|
sl@0
|
182 |
TInt* p5 = new TInt;
|
|
sl@0
|
183 |
TInt* p6 = new TInt;
|
|
sl@0
|
184 |
TInt* p7 = new TInt;
|
|
sl@0
|
185 |
delete p2;
|
|
sl@0
|
186 |
delete p4;
|
|
sl@0
|
187 |
delete p6;
|
|
sl@0
|
188 |
|
|
sl@0
|
189 |
RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
|
|
sl@0
|
190 |
//h->CorruptAllocatedMemory1();
|
|
sl@0
|
191 |
h->CorruptAllocatedMemoryAddress((void*)p7);
|
|
sl@0
|
192 |
User::Heap().Check();
|
|
sl@0
|
193 |
|
|
sl@0
|
194 |
delete p7;
|
|
sl@0
|
195 |
delete p5;
|
|
sl@0
|
196 |
delete p3;
|
|
sl@0
|
197 |
delete p1;
|
|
sl@0
|
198 |
}
|
|
sl@0
|
199 |
|
|
sl@0
|
200 |
|
|
sl@0
|
201 |
void Memory_Corruption_Special1()
|
|
sl@0
|
202 |
{
|
|
sl@0
|
203 |
char* buf = new char;
|
|
sl@0
|
204 |
RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
|
|
sl@0
|
205 |
h->EnableHeavyMemoryMonitoring();
|
|
sl@0
|
206 |
h->CorruptAllocatedMemoryAddress((void*)buf);
|
|
sl@0
|
207 |
delete buf;// should output EHeapCorruption trace
|
|
sl@0
|
208 |
}
|
|
sl@0
|
209 |
|
|
sl@0
|
210 |
|
|
sl@0
|
211 |
|
|
sl@0
|
212 |
// Local Functions
|
|
sl@0
|
213 |
LOCAL_D TInt threadTraceHeapCorruptionTestThread(TAny* param)
|
|
sl@0
|
214 |
{
|
|
sl@0
|
215 |
TInt t = *((TInt*)param);
|
|
sl@0
|
216 |
switch(t)
|
|
sl@0
|
217 |
{
|
|
sl@0
|
218 |
case RHeap::EBadAllocatedCellSize:
|
|
sl@0
|
219 |
Memory_Corruption2();
|
|
sl@0
|
220 |
break;
|
|
sl@0
|
221 |
case RHeap::EBadFreeCellAddress:
|
|
sl@0
|
222 |
Memory_Corruption3();
|
|
sl@0
|
223 |
break;
|
|
sl@0
|
224 |
case RHeap::EBadFreeCellSize:
|
|
sl@0
|
225 |
Memory_Corruption4();
|
|
sl@0
|
226 |
break;
|
|
sl@0
|
227 |
case RHeap::EBadAllocatedCellAddress:
|
|
sl@0
|
228 |
Memory_Corruption5();
|
|
sl@0
|
229 |
break;
|
|
sl@0
|
230 |
case 1000:
|
|
sl@0
|
231 |
Memory_Corruption_Special1();
|
|
sl@0
|
232 |
break;
|
|
sl@0
|
233 |
default:
|
|
sl@0
|
234 |
User::Invariant();
|
|
sl@0
|
235 |
break;
|
|
sl@0
|
236 |
}
|
|
sl@0
|
237 |
return 0;
|
|
sl@0
|
238 |
}
|
|
sl@0
|
239 |
|
|
sl@0
|
240 |
|
|
sl@0
|
241 |
//Function to execute corruption cases.
|
|
sl@0
|
242 |
TInt ExecuteTest(TInt aTestType)
|
|
sl@0
|
243 |
{
|
|
sl@0
|
244 |
RThread thread;
|
|
sl@0
|
245 |
TInt type;
|
|
sl@0
|
246 |
TRequestStatus stat;
|
|
sl@0
|
247 |
TInt r = KErrNone;
|
|
sl@0
|
248 |
gEnableMemoryMonitor = EFalse;
|
|
sl@0
|
249 |
|
|
sl@0
|
250 |
switch(aTestType)
|
|
sl@0
|
251 |
{
|
|
sl@0
|
252 |
case 0: ////RHeap::EBadAllocatedCellSize with heavy monitoring enabled
|
|
sl@0
|
253 |
type = RHeap::EBadAllocatedCellSize;
|
|
sl@0
|
254 |
gEnableMemoryMonitor = ETrue;
|
|
sl@0
|
255 |
r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
|
|
sl@0
|
256 |
KDefaultStackSize, 0x2000, 0x2000, &type);
|
|
sl@0
|
257 |
thread.Logon(stat);
|
|
sl@0
|
258 |
thread.Resume();
|
|
sl@0
|
259 |
User::WaitForRequest(stat);
|
|
sl@0
|
260 |
thread.Close();
|
|
sl@0
|
261 |
break;
|
|
sl@0
|
262 |
|
|
sl@0
|
263 |
case 1: //RHeap::EBadFreeCellAddress:
|
|
sl@0
|
264 |
type = RHeap::EBadFreeCellAddress;
|
|
sl@0
|
265 |
r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
|
|
sl@0
|
266 |
KDefaultStackSize, 0x2000, 0x2000, &type);
|
|
sl@0
|
267 |
thread.Logon(stat);
|
|
sl@0
|
268 |
thread.Resume();
|
|
sl@0
|
269 |
User::WaitForRequest(stat);
|
|
sl@0
|
270 |
thread.Close();
|
|
sl@0
|
271 |
break;
|
|
sl@0
|
272 |
|
|
sl@0
|
273 |
case 2: //RHeap::EBadFreeCellSize:
|
|
sl@0
|
274 |
type = RHeap::EBadFreeCellSize;
|
|
sl@0
|
275 |
r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
|
|
sl@0
|
276 |
KDefaultStackSize, 0x2000, 0x2000, &type);
|
|
sl@0
|
277 |
thread.Logon(stat);
|
|
sl@0
|
278 |
thread.Resume();
|
|
sl@0
|
279 |
User::WaitForRequest(stat);
|
|
sl@0
|
280 |
thread.Close();
|
|
sl@0
|
281 |
break;
|
|
sl@0
|
282 |
|
|
sl@0
|
283 |
case 3: //RHeap::EBadAllocatedCellSize:
|
|
sl@0
|
284 |
type = RHeap::EBadAllocatedCellSize;
|
|
sl@0
|
285 |
r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
|
|
sl@0
|
286 |
KDefaultStackSize, 0x2000, 0x2000, &type);
|
|
sl@0
|
287 |
thread.Logon(stat);
|
|
sl@0
|
288 |
thread.Resume();
|
|
sl@0
|
289 |
User::WaitForRequest(stat);
|
|
sl@0
|
290 |
thread.Close();
|
|
sl@0
|
291 |
break;
|
|
sl@0
|
292 |
|
|
sl@0
|
293 |
case 4: //RHeap::EBadAllocatedCellAddress:
|
|
sl@0
|
294 |
type = RHeap::EBadAllocatedCellAddress;
|
|
sl@0
|
295 |
r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
|
|
sl@0
|
296 |
KDefaultStackSize, 0x2000, 0x2000, &type);
|
|
sl@0
|
297 |
thread.Logon(stat);
|
|
sl@0
|
298 |
thread.Resume();
|
|
sl@0
|
299 |
User::WaitForRequest(stat);
|
|
sl@0
|
300 |
thread.Close();
|
|
sl@0
|
301 |
break;
|
|
sl@0
|
302 |
|
|
sl@0
|
303 |
case 1000:
|
|
sl@0
|
304 |
type = 1000;
|
|
sl@0
|
305 |
gEnableMemoryMonitor = ETrue;
|
|
sl@0
|
306 |
r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
|
|
sl@0
|
307 |
KDefaultStackSize, 0x2000, 0x2000, &type);
|
|
sl@0
|
308 |
thread.Logon(stat);
|
|
sl@0
|
309 |
thread.Resume();
|
|
sl@0
|
310 |
User::WaitForRequest(stat);
|
|
sl@0
|
311 |
thread.Close();
|
|
sl@0
|
312 |
break;
|
|
sl@0
|
313 |
|
|
sl@0
|
314 |
default:
|
|
sl@0
|
315 |
User::Invariant();
|
|
sl@0
|
316 |
break;
|
|
sl@0
|
317 |
}
|
|
sl@0
|
318 |
|
|
sl@0
|
319 |
return r;
|
|
sl@0
|
320 |
}
|
|
sl@0
|
321 |
|
|
sl@0
|
322 |
|
|
sl@0
|
323 |
LOCAL_C void MainL ()
|
|
sl@0
|
324 |
{
|
|
sl@0
|
325 |
//reading command line
|
|
sl@0
|
326 |
TInt testType = 0; //unknown test
|
|
sl@0
|
327 |
TInt cmdLength = User::CommandLineLength();
|
|
sl@0
|
328 |
HBufC* cmdLine = HBufC::NewLC(cmdLength);
|
|
sl@0
|
329 |
TPtr clp(cmdLine->Des());
|
|
sl@0
|
330 |
User::CommandLine(clp);
|
|
sl@0
|
331 |
TLex argv(clp);
|
|
sl@0
|
332 |
for(TInt i=0; !argv.Eos(); i++)
|
|
sl@0
|
333 |
{
|
|
sl@0
|
334 |
TPtrC token(argv.NextToken());
|
|
sl@0
|
335 |
|
|
sl@0
|
336 |
if(token.Compare(_L("0")) == 0)
|
|
sl@0
|
337 |
testType = 0;
|
|
sl@0
|
338 |
if(token.Compare(_L("1")) == 0)
|
|
sl@0
|
339 |
testType = 1;
|
|
sl@0
|
340 |
else if(token.Compare(_L("2")) == 0)
|
|
sl@0
|
341 |
testType = 2;
|
|
sl@0
|
342 |
else if(token.Compare(_L("3")) == 0)
|
|
sl@0
|
343 |
testType = 3;
|
|
sl@0
|
344 |
else if(token.Compare(_L("4")) == 0)
|
|
sl@0
|
345 |
testType = 4;
|
|
sl@0
|
346 |
else if(token.Compare(_L("1000")) == 0)
|
|
sl@0
|
347 |
testType = 1000;
|
|
sl@0
|
348 |
}
|
|
sl@0
|
349 |
CleanupStack::PopAndDestroy(); //cmdLine
|
|
sl@0
|
350 |
|
|
sl@0
|
351 |
ExecuteTest(testType);
|
|
sl@0
|
352 |
}
|
|
sl@0
|
353 |
|
|
sl@0
|
354 |
LOCAL_C void DoStartL ()
|
|
sl@0
|
355 |
{
|
|
sl@0
|
356 |
// Create active scheduler (to run active objects)
|
|
sl@0
|
357 |
CActiveScheduler* scheduler = new (ELeave) CActiveScheduler();
|
|
sl@0
|
358 |
CleanupStack::PushL (scheduler);
|
|
sl@0
|
359 |
CActiveScheduler::Install (scheduler);
|
|
sl@0
|
360 |
|
|
sl@0
|
361 |
MainL ();
|
|
sl@0
|
362 |
|
|
sl@0
|
363 |
// Delete active scheduler
|
|
sl@0
|
364 |
CleanupStack::PopAndDestroy (scheduler);
|
|
sl@0
|
365 |
}
|
|
sl@0
|
366 |
|
|
sl@0
|
367 |
// Global Functions
|
|
sl@0
|
368 |
|
|
sl@0
|
369 |
GLDEF_C TInt E32Main()
|
|
sl@0
|
370 |
{
|
|
sl@0
|
371 |
// Create cleanup stack
|
|
sl@0
|
372 |
CTrapCleanup* cleanup = CTrapCleanup::New();
|
|
sl@0
|
373 |
|
|
sl@0
|
374 |
// Run application code inside TRAP harness, wait keypress when terminated
|
|
sl@0
|
375 |
TRAPD(mainError, DoStartL());
|
|
sl@0
|
376 |
if (mainError)
|
|
sl@0
|
377 |
return mainError;
|
|
sl@0
|
378 |
|
|
sl@0
|
379 |
delete cleanup;
|
|
sl@0
|
380 |
return KErrNone;
|
|
sl@0
|
381 |
}
|
|
sl@0
|
382 |
|