MercurialSymaptic / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
os/kernelhwsrv/kerneltest/e32test/debug/t_heapcorruption.cpp
author sl
Tue, 10 Jun 2014 14:32:02 +0200
changeset 1 260cb5ec6c19
permissions -rw-r--r--
Update contrib. 
     1 // Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies).

     2 // All rights reserved.

     3 // This component and the accompanying materials are made available

     4 // under the terms of the License "Eclipse Public License v1.0"

     5 // which accompanies this distribution, and is available

     6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".

     7 //

     8 // Initial Contributors:

     9 // Nokia Corporation - initial contribution.

    10 //

    11 // Contributors:

    12 //

    13 // Description:

    14 // e32test\debug\t_heapcorruption.cpp

    15 // This is a test application that will cause heap corruption 

    16 // to generate BTrace events (EHeapCorruption).

    17 // 

    18 //

    19 

    20 //  Include Files  

    21 #include "t_heapcorruption.h"

    22 #include <e32base.h>

    23 #include <e32base_private.h>

    24 #include <e32cmn.h>

    25 #include <e32cmn_private.h>

    26 

    27 

    28 #define __NEXT_CELL(p)				((SCell*)(((TUint8*)p)+p->len))

    29 

    30 TBool gEnableMemoryMonitor = EFalse;

    31 

    32 

    33 /**

    34 Test heap that will corrupt some cells to generate BTrace events.

    35 */

    36 class RMyDummyHeap : public RHeap

    37 {

    38 public:

    39 	//EBadFreeCellAddress

    40 	void CorruptFreeMemory1()

    41 		{

    42 		SCell* f = (SCell*)&iFree;

    43 		f->next = (SCell*)iTop;

    44 		f->next += sizeof(TUint8);

    45 		}

    46 	

    47 	//EBadFreeCellSize

    48 	void CorruptFreeMemory2()

    49 		{

    50 		SCell* p = (SCell*)&iFree;

    51 		SCell* n = p->next; 

    52 		n->len = iMinCell-1;

    53 		}

    54 	

    55 	//EBadAllocatedCellAddress

    56 	void CorruptAllocatedMemory1()

    57 		{

    58 		SCell* c = (SCell*)iBase;

    59 		SCell* f = (SCell*)&iFree;

    60 		

    61 		f = f->next;

    62 		f = f->next;

    63 		c->len = (TInt)f->next - (TInt)c;

    64 		}

    65 	

    66 	//additional utilities

    67 	void CorruptAllocatedMemorySize(void* aAddress)

    68 		{

    69 		SCell* addres = GetAddress(aAddress);

    70 		SCell* c = (SCell*)iBase;

    71 		for(;;)

    72 			{

    73 			if(c == addres)

    74 				{

    75 				c->len = iMinCell-1;

    76 				break;

    77 				}

    78 			c = __NEXT_CELL(c);

    79 			}

    80 		}

    81 		

    82 	void CorruptAllocatedMemoryAddress(void* aAddress)

    83 		{

    84 		SCell* pF = &iFree;				// free cells

    85 		pF = pF->next;				// next free cell

    86 		if (!pF)

    87 			pF = (SCell*)iTop;	

    88 		SCell* addres = GetAddress(aAddress);

    89 		SCell* c = (SCell*)iBase;

    90 		for(;;)

    91 			{

    92 			if(c == addres)

    93 				{

    94 				c->len = (TInt)pF->next - (TInt)c;

    95 				break;

    96 				}

    97 			c = __NEXT_CELL(c);

    98 			}

    99 		}

   100 	

   101 	void EnableHeavyMemoryMonitoring()

   102 		{

   103 		iFlags |= EMonitorMemory;

   104 		}

   105 };

   106 

   107 

   108 /**

   109 Heap corruption 2:

   110 - Overrunning an array using memset 

   111 (EHeapCorruption - EBadAllocatedCellSize)

   112 */

   113 void Memory_Corruption2()

   114 	{

   115 	if(gEnableMemoryMonitor)

   116 		{

   117 		RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();

   118 		h->EnableHeavyMemoryMonitoring();	

   119 		}

   120 	

   121 	char* buf = new char[10];  //will be aligned to 12

   122 	char* buf2 = new char[10]; //will be aligned to 12

   123 	TInt a = User::Heap().AllocLen(buf);

   124 	memset(buf, 255, a+1); //memory corruption

   125 	

   126 	if(!gEnableMemoryMonitor)

   127 			User::Heap().Check(); //force 'heap walker' to check the heap

   128 	

   129 	delete buf2;

   130 	delete buf; //when heavy monitoring is ON should send trace

   131 	}

   132 

   133 

   134 //causes EBadFreeCellAddress corruption type

   135 void Memory_Corruption3()

   136 	{

   137 	TInt* p1 = new TInt();

   138 	TInt* p2 = new TInt();

   139 	TInt* p3 = new TInt();

   140 	TInt* p4 = new TInt();

   141 	TInt* p5 = new TInt();

   142 	TInt* p6 = new TInt();

   143 	delete p2;

   144 	delete p4;

   145 	delete p6;

   146 	

   147 	RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();

   148 	h->CorruptFreeMemory1();

   149 	User::Heap().Check();

   150 	

   151 	delete p5;

   152 	delete p3;

   153 	delete p1;

   154 	}

   155 

   156 

   157 //causes EBadFreeCellSize RHeap corruption type

   158 void Memory_Corruption4()

   159 	{

   160 	TInt* p1 = new TInt();

   161 	TInt* p2 = new TInt();

   162 	TInt* p3 = new TInt();

   163 	delete p2;

   164 	

   165 	RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();

   166 	h->CorruptFreeMemory2();

   167 	User::Heap().Check();

   168 	

   169 	delete p3;

   170 	

   171 	delete p1;

   172 	}

   173 

   174 

   175 //causes EBadAllocatedCellAddress corruption type

   176 void Memory_Corruption5()

   177 	{

   178 	TInt* p1 = new TInt;

   179 	TInt* p2 = new TInt;

   180 	TInt* p3 = new TInt;

   181 	TInt* p4 = new TInt;

   182 	TInt* p5 = new TInt;

   183 	TInt* p6 = new TInt;

   184 	TInt* p7 = new TInt;

   185 	delete p2;

   186 	delete p4;

   187 	delete p6;

   188 	

   189 	RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();

   190 	//h->CorruptAllocatedMemory1();

   191 	h->CorruptAllocatedMemoryAddress((void*)p7);

   192 	User::Heap().Check();

   193 	

   194 	delete p7;

   195 	delete p5;

   196 	delete p3;

   197 	delete p1;

   198 	}

   199 

   200 

   201 void Memory_Corruption_Special1()

   202 	{

   203 	char* buf = new char;

   204 	RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();

   205 	h->EnableHeavyMemoryMonitoring();

   206 	h->CorruptAllocatedMemoryAddress((void*)buf);

   207 	delete buf;// should output EHeapCorruption trace

   208 	}

   209 

   210 

   211 

   212 //  Local Functions

   213 LOCAL_D TInt threadTraceHeapCorruptionTestThread(TAny* param)

   214 	{

   215 	TInt t = *((TInt*)param);

   216 	switch(t)

   217 		{

   218 		case RHeap::EBadAllocatedCellSize:

   219 			Memory_Corruption2();

   220 			break;

   221 		case RHeap::EBadFreeCellAddress:

   222 			Memory_Corruption3();

   223 			break;

   224 		case RHeap::EBadFreeCellSize:

   225 			Memory_Corruption4();

   226 			break;

   227 		case RHeap::EBadAllocatedCellAddress:

   228 			Memory_Corruption5();

   229 			break;

   230 		case 1000:

   231 			Memory_Corruption_Special1();

   232 			break;

   233 		default:

   234 			User::Invariant();

   235 			break;

   236 		}

   237 	return 0;

   238 	}

   239 

   240 

   241 //Function to execute corruption cases.

   242 TInt ExecuteTest(TInt aTestType)

   243 	{

   244 	RThread thread;

   245 	TInt type;

   246 	TRequestStatus stat;

   247 	TInt r = KErrNone;

   248 	gEnableMemoryMonitor = EFalse;

   249 	

   250 	switch(aTestType)

   251 		{

   252 		case 0: ////RHeap::EBadAllocatedCellSize with heavy monitoring enabled

   253 			type = RHeap::EBadAllocatedCellSize;

   254 			gEnableMemoryMonitor = ETrue;

   255 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread, 

   256 					               KDefaultStackSize, 0x2000, 0x2000, &type);

   257 			thread.Logon(stat);

   258 			thread.Resume();

   259 			User::WaitForRequest(stat);

   260 			thread.Close();

   261 			break;

   262 			

   263 		case 1: //RHeap::EBadFreeCellAddress:

   264 			type = RHeap::EBadFreeCellAddress;

   265 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread, 

   266 					               KDefaultStackSize, 0x2000, 0x2000, &type);

   267 			thread.Logon(stat);

   268 			thread.Resume();

   269 			User::WaitForRequest(stat);

   270 			thread.Close();

   271 		break;

   272 		

   273 		case 2: //RHeap::EBadFreeCellSize:

   274 			type = RHeap::EBadFreeCellSize;

   275 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread, 

   276 			                KDefaultStackSize, 0x2000, 0x2000, &type);

   277 			thread.Logon(stat);

   278 			thread.Resume();

   279 			User::WaitForRequest(stat);

   280 			thread.Close();

   281 		break;

   282 		

   283 		case 3: //RHeap::EBadAllocatedCellSize:

   284 			type = RHeap::EBadAllocatedCellSize;

   285 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread, 

   286 						               KDefaultStackSize, 0x2000, 0x2000, &type);

   287 			thread.Logon(stat);

   288 			thread.Resume();

   289 			User::WaitForRequest(stat);

   290 			thread.Close();

   291 		break;

   292 		

   293 		case 4: //RHeap::EBadAllocatedCellAddress:

   294 			type = RHeap::EBadAllocatedCellAddress;

   295 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread, 

   296 						               KDefaultStackSize, 0x2000, 0x2000, &type);

   297 			thread.Logon(stat);

   298 			thread.Resume();

   299 			User::WaitForRequest(stat);

   300 			thread.Close();

   301 		break;

   302 		

   303 		case 1000:

   304 			type = 1000;

   305 			gEnableMemoryMonitor = ETrue;

   306 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread, 

   307 			                 KDefaultStackSize, 0x2000, 0x2000, &type);

   308 			thread.Logon(stat);

   309 			thread.Resume();

   310 			User::WaitForRequest(stat);

   311 			thread.Close();

   312 		break;

   313 		

   314 		default:

   315 			User::Invariant();

   316 			break;

   317 		}

   318 	

   319 	return r;

   320 	}

   321 

   322 

   323 LOCAL_C void MainL ()

   324 	{

   325 	//reading command line

   326 	TInt testType = 0; //unknown test

   327 	TInt cmdLength = User::CommandLineLength();

   328 	HBufC* cmdLine = HBufC::NewLC(cmdLength);

   329 	TPtr clp(cmdLine->Des());

   330 	User::CommandLine(clp);

   331 	TLex argv(clp);

   332 	for(TInt i=0; !argv.Eos(); i++)

   333 		{

   334 		TPtrC token(argv.NextToken());

   335 

   336 		if(token.Compare(_L("0")) == 0)

   337 			testType = 0;

   338 		if(token.Compare(_L("1")) == 0)

   339 			testType = 1;

   340 		else if(token.Compare(_L("2")) == 0)

   341 			testType = 2;

   342 		else if(token.Compare(_L("3")) == 0)

   343 			testType = 3;

   344 		else if(token.Compare(_L("4")) == 0)

   345 			testType = 4;

   346 		else if(token.Compare(_L("1000")) == 0)

   347 			testType = 1000;

   348 		}

   349 	CleanupStack::PopAndDestroy(); //cmdLine

   350 	

   351 	ExecuteTest(testType);

   352 	}

   353 

   354 LOCAL_C void DoStartL ()

   355 	{

   356 	// Create active scheduler (to run active objects)

   357 	CActiveScheduler* scheduler = new (ELeave) CActiveScheduler();

   358 	CleanupStack::PushL (scheduler);

   359 	CActiveScheduler::Install (scheduler);

   360 

   361 	MainL ();

   362 

   363 	// Delete active scheduler

   364 	CleanupStack::PopAndDestroy (scheduler);

   365 	}

   366 

   367 //  Global Functions

   368 

   369 GLDEF_C TInt E32Main()

   370 	{

   371 	// Create cleanup stack

   372 	CTrapCleanup* cleanup = CTrapCleanup::New();

   373 

   374 	// Run application code inside TRAP harness, wait keypress when terminated

   375 	TRAPD(mainError, DoStartL());

   376 	if (mainError)

   377 		return mainError;

   378 

   379 	delete cleanup;

   380 	return KErrNone;

   381 	}

   382
Symaptic