FCL/sf/os/kernelhwsrv: comparison kerneltest/e32test/debug/t

equal deleted inserted replaced

-:ef2a444a7410
+:b3a1d9898418
 #include "t_heapcorruption.h"
 #include <e32base.h>
 #include <e32base_private.h>
 #include <e32cmn.h>
 #include <e32cmn_private.h>
+#include "dla.h"
+#include "slab.h"
-#define __NEXT_CELL(p)				((SCell*)(((TUint8*)p)+p->len))
+#include "page_alloc.h"
+#include "heap_hybrid.h"
 TBool gEnableMemoryMonitor = EFalse;
+#ifdef _DEBUG
+const TInt KDbgHeaderSize = (TInt)RHeap::EDebugHdrSize;
+#else
+const TInt KDbgHeaderSize = 0;
+#endif
 /**
-Test heap that will corrupt some cells to generate BTrace events.
+Friend class of RHeapHybrid to access to hybrid heap metadata
 */
-class RMyDummyHeap : public RHeap
+class TestHybridHeap
 {
-public:
+	public:
-	//EBadFreeCellAddress
+		TBool Init();
-	void CorruptFreeMemory1()
+		TBool Check();
-		{
+		TInt  AllocLen(TAny* aBfr);
-		SCell* f = (SCell*)&iFree;
+		void  EnableHeavyMemoryMonitoring();
-		f->next = (SCell*)iTop;
+		void  CorruptFreeDLBfr(TAny* aBfr);
-		f->next += sizeof(TUint8);
+		void  CorruptFreeDLBfrLth(TAny* aBfr);
-		}
+		void  CorruptAllocatedDLBfrSize(TAny* aBfr);
+		TAny* CorruptAllocatedDLMemoryAddress(TAny* aBfr);
-	//EBadFreeCellSize
-	void CorruptFreeMemory2()
+	private:
-		{
+		RHybridHeap* iHybridHeap;
-		SCell* p = (SCell*)&iFree;
-		SCell* n = p->next;
-		n->len = iMinCell-1;
-		}
-	//EBadAllocatedCellAddress
-	void CorruptAllocatedMemory1()
-		{
-		SCell* c = (SCell*)iBase;
-		SCell* f = (SCell*)&iFree;
-		f = f->next;
-		f = f->next;
-		c->len = (TInt)f->next - (TInt)c;
-		}
-	//additional utilities
-	void CorruptAllocatedMemorySize(void* aAddress)
-		{
-		SCell* addres = GetAddress(aAddress);
-		SCell* c = (SCell*)iBase;
-		for(;;)
-			{
-			if(c == addres)
-				{
-				c->len = iMinCell-1;
-				break;
-				}
-			c = __NEXT_CELL(c);
-			}
-		}
-	void CorruptAllocatedMemoryAddress(void* aAddress)
-		{
-		SCell* pF = &iFree;				// free cells
-		pF = pF->next;				// next free cell
-		if (!pF)
-			pF = (SCell*)iTop;
-		SCell* addres = GetAddress(aAddress);
-		SCell* c = (SCell*)iBase;
-		for(;;)
-			{
-			if(c == addres)
-				{
-				c->len = (TInt)pF->next - (TInt)c;
-				break;
-				}
-			c = __NEXT_CELL(c);
-			}
-		}
-	void EnableHeavyMemoryMonitoring()
-		{
-		iFlags |= EMonitorMemory;
-		}
 };
+TBool TestHybridHeap::Init()
+{
+	RHybridHeap::STestCommand cmd;
+	cmd.iCommand = RHybridHeap::EHeapMetaData;
+	RAllocator& heap = User::Allocator();
+	TInt ret = heap.DebugFunction(RHeap::EHybridHeap, &cmd, 0);
+	if (ret != KErrNone)
+		return EFalse;
+	iHybridHeap = (RHybridHeap*) cmd.iData;
+	return ETrue;
+}
+TBool TestHybridHeap::Check()
+{
+	if ( iHybridHeap )
+		{
+		iHybridHeap->Check();
+		}
+	return EFalse;
+}
+TInt TestHybridHeap::AllocLen(TAny* aBfr)
+{
+	if ( iHybridHeap )
+		{
+		return iHybridHeap->AllocLen(aBfr);
+		}
+	return 0;
+}
+void TestHybridHeap::EnableHeavyMemoryMonitoring()
+{
+	if ( iHybridHeap )
+		{
+		iHybridHeap->iFlags |= RAllocator::EMonitorMemory;
+		}
+}
+void TestHybridHeap::CorruptFreeDLBfr(TAny* aBfr)
+{
+	if ( aBfr )
+		{
+		mchunkptr p	= MEM2CHUNK((TUint8*)aBfr-KDbgHeaderSize);
+		p->iHead |= CINUSE_BIT;
+		}
+}
+void TestHybridHeap::CorruptFreeDLBfrLth(TAny* aBfr)
+{
+	if ( aBfr )
+		{
+		mchunkptr p	= MEM2CHUNK((TUint8*)aBfr-KDbgHeaderSize);
+		p->iHead &= INUSE_BITS; // Set zero length
+		}
+}
+void TestHybridHeap::CorruptAllocatedDLBfrSize(TAny* aBfr)
+{
+	if ( aBfr )
+		{
+		mchunkptr p	= MEM2CHUNK((TUint8*)aBfr-KDbgHeaderSize);
+		TInt size = CHUNKSIZE(p);
+		size  >>= 1;  // Set double length
+		p->iHead = size | INUSE_BITS;
+		}
+}
+TAny* TestHybridHeap::CorruptAllocatedDLMemoryAddress(TAny* aBfr)
+{
+	if ( aBfr )
+		{
+		TUint8* p = (TUint8*)aBfr;
+		p += 3;
+		aBfr = (TAny*)p;
+		}
+	return aBfr;
+}
 /**
-Heap corruption 2:
+Heap corruption 0:
-- Overrunning an array using memset
+- Allocate (DL) buffer, corrupt it and free
-(EHeapCorruption - EBadAllocatedCellSize)
 */
-void Memory_Corruption2()
+void Memory_Corruption0(TestHybridHeap& aHeap)
 	{
 	if(gEnableMemoryMonitor)
-		{
+		aHeap.EnableHeavyMemoryMonitoring();
-		RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
-		h->EnableHeavyMemoryMonitoring();
-		}
 	char* buf = new char[10];  //will be aligned to 12
 	char* buf2 = new char[10]; //will be aligned to 12
-	TInt a = User::Heap().AllocLen(buf);
+	TInt a = aHeap.AllocLen(buf);
-	memset(buf, 255, a+1); //memory corruption
+	memset(buf, 0xfc, a+a); //memory corruption
 	if(!gEnableMemoryMonitor)
-			User::Heap().Check(); //force 'heap walker' to check the heap
+		aHeap.Check(); //force 'heap walker' to check the heap
 	delete buf2;
-	delete buf; //when heavy monitoring is ON should send trace
+	delete buf; //when heavy monitoring is ON should send trace and panic
 	}
+//Corrupt free DL memory and Check()
-//causes EBadFreeCellAddress corruption type
+void Memory_Corruption1(TestHybridHeap& aHeap)
-void Memory_Corruption3()
 	{
 	TInt* p1 = new TInt();
 	TInt* p2 = new TInt();
 	TInt* p3 = new TInt();
 	TInt* p4 = new TInt();
 	TInt* p6 = new TInt();
 	delete p2;
 	delete p4;
 	delete p6;
-	RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
+	aHeap.CorruptFreeDLBfr(p4);
-	h->CorruptFreeMemory1();
+	aHeap.Check();  // Should panic here
-	User::Heap().Check();
 	delete p5;
 	delete p3;
 	delete p1;
 	}
-//causes EBadFreeCellSize RHeap corruption type
+//corrupt free DL buffer length
-void Memory_Corruption4()
+void Memory_Corruption2(TestHybridHeap& aHeap)
 	{
 	TInt* p1 = new TInt();
 	TInt* p2 = new TInt();
 	TInt* p3 = new TInt();
 	delete p2;
-	RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
+	aHeap.CorruptFreeDLBfrLth(p2);
-	h->CorruptFreeMemory2();
+	aHeap.Check(); // Should panic here
-	User::Heap().Check();
 	delete p3;
 	delete p1;
 	}
-//causes EBadAllocatedCellAddress corruption type
+//Corrupt allocated DL buffer size
-void Memory_Corruption5()
+void Memory_Corruption3(TestHybridHeap& aHeap)
 	{
 	TInt* p1 = new TInt;
 	TInt* p2 = new TInt;
 	TInt* p3 = new TInt;
 	TInt* p4 = new TInt;
 	TInt* p7 = new TInt;
 	delete p2;
 	delete p4;
 	delete p6;
-	RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
+	aHeap.CorruptAllocatedDLBfrSize(p7);
-	//h->CorruptAllocatedMemory1();
+	aHeap.Check();
-	h->CorruptAllocatedMemoryAddress((void*)p7);
-	User::Heap().Check();
 	delete p7;
 	delete p5;
 	delete p3;
 	delete p1;
 	}
-void Memory_Corruption_Special1()
+void Memory_Corruption4(TestHybridHeap& aHeap)
 	{
 	char* buf = new char;
-	RMyDummyHeap* h = (RMyDummyHeap*)&User::Heap();
+	aHeap.EnableHeavyMemoryMonitoring();
-	h->EnableHeavyMemoryMonitoring();
+	buf = (char*)aHeap.CorruptAllocatedDLMemoryAddress((TAny*)buf);
-	h->CorruptAllocatedMemoryAddress((void*)buf);
 	delete buf;// should output EHeapCorruption trace
 	}
 //  Local Functions
 LOCAL_D TInt threadTraceHeapCorruptionTestThread(TAny* param)
 	{
+	TestHybridHeap heap;
+	heap.Init();
 	TInt t = *((TInt*)param);
 	switch(t)
 		{
-		case RHeap::EBadAllocatedCellSize:
+		case 0:  // Corrupt allocated buffer and free it
-			Memory_Corruption2();
+			Memory_Corruption0(heap);
 			break;
-		case RHeap::EBadFreeCellAddress:
+		case 1:
-			Memory_Corruption3();
+			Memory_Corruption1(heap);
 			break;
-		case RHeap::EBadFreeCellSize:
+		case 2:
-			Memory_Corruption4();
+			Memory_Corruption2(heap);
 			break;
-		case RHeap::EBadAllocatedCellAddress:
+		case 3:
-			Memory_Corruption5();
+			Memory_Corruption3(heap);
 			break;
 		case 1000:
-			Memory_Corruption_Special1();
+			Memory_Corruption4(heap);
 			break;
 		default:
 			User::Invariant();
 			break;
 		}
 	TInt r = KErrNone;
 	gEnableMemoryMonitor = EFalse;
 	switch(aTestType)
 		{
-		case 0: ////RHeap::EBadAllocatedCellSize with heavy monitoring enabled
+		case 0: ////Corrupt allocated DL buffer and free it with heavy monitoring enabled
-			type = RHeap::EBadAllocatedCellSize;
+			type = 0;
 			gEnableMemoryMonitor = ETrue;
 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
 					               KDefaultStackSize, 0x2000, 0x2000, &type);
 			thread.Logon(stat);
 			thread.Resume();
 			User::WaitForRequest(stat);
 			thread.Close();
 			break;
 		case 1: //RHeap::EBadFreeCellAddress:
-			type = RHeap::EBadFreeCellAddress;
+			type = 1;
 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
 					               KDefaultStackSize, 0x2000, 0x2000, &type);
 			thread.Logon(stat);
 			thread.Resume();
 			User::WaitForRequest(stat);
 			thread.Close();
 		break;
 		case 2: //RHeap::EBadFreeCellSize:
-			type = RHeap::EBadFreeCellSize;
+			type = 2;
 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
 			                KDefaultStackSize, 0x2000, 0x2000, &type);
 			thread.Logon(stat);
 			thread.Resume();
 			User::WaitForRequest(stat);
 			thread.Close();
 		break;
 		case 3: //RHeap::EBadAllocatedCellSize:
-			type = RHeap::EBadAllocatedCellSize;
+			type = 0;    // Without memory monitorin this time
 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
 						               KDefaultStackSize, 0x2000, 0x2000, &type);
 			thread.Logon(stat);
 			thread.Resume();
 			User::WaitForRequest(stat);
 			thread.Close();
 		break;
 		case 4: //RHeap::EBadAllocatedCellAddress:
-			type = RHeap::EBadAllocatedCellAddress;
+			type = 3;
 			r = thread.Create(_L("t_tbrace_heapcorruption"), threadTraceHeapCorruptionTestThread,
 						               KDefaultStackSize, 0x2000, 0x2000, &type);
 			thread.Logon(stat);
 			thread.Resume();
 			User::WaitForRequest(stat);

changeset 109	b3a1d9898418
parent 0	a41df078684a
child 257	3e88ff8f41d5