Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Julien Palard
committed
May 23, 2012
0 parents
commit 3063085
Showing
2 changed files
with
182 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
malloc_stress.sh is a shell script that try to find the shortest way to hurt your malloc implementation. | ||
|
||
Exemple : | ||
|
||
$ ./malloc_stress.sh ./a_bugged_malloc.so | ||
Can hurt your malloc in 212 steps, you can Ctrl-C to see it. | ||
Can hurt your malloc in 177 steps, you can Ctrl-C to see it. | ||
Can hurt your malloc in 96 steps, you can Ctrl-C to see it. | ||
Can hurt your malloc in 84 steps, you can Ctrl-C to see it. | ||
Can hurt your malloc in 58 steps, you can Ctrl-C to see it. | ||
Can hurt your malloc in 51 steps, you can Ctrl-C to see it. | ||
Can hurt your malloc in 21 steps, you can Ctrl-C to see it. | ||
Can hurt your malloc in 17 steps, you can Ctrl-C to see it. | ||
Can hurt your malloc in 7 steps, you can Ctrl-C to see it. | ||
^C | ||
char *pointers[4096]; | ||
pointers[1091] = malloc(582); | ||
pointers[2922] = malloc(196); | ||
pointers[624] = malloc(622); | ||
pointers[3491] = malloc(503); | ||
pointers[1727] = malloc(63); | ||
pointers[1623] = malloc(375); | ||
pointers[1727] = remalloc(448); | ||
Memory corruption, in your realloc at pointers[1727][63] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,158 @@ | ||
#!/bin/sh | ||
|
||
usage() | ||
{ | ||
cat <<EOF | ||
Usage: $0 ./your_malloc.so | ||
$0 is a shell script that try to find the shortest way to hurt your malloc implementation. | ||
This script does not end, just kill it (Ctrl-C) when you want. | ||
EOF | ||
exit 1 | ||
} | ||
|
||
[ -z "$1" ] && usage | ||
|
||
tail -n 115 $0 > malloc_test.c | ||
cc malloc_test.c -o malloc_test | ||
rm -f malloc_test.c | ||
atexit() | ||
{ | ||
LD_PRELOAD="$1" ./malloc_test $SHORTEST_SEED | ||
rm -f malloc_test | ||
exit 0 | ||
} | ||
trap atexit INT | ||
|
||
SHORTEST="" | ||
SHORTEST_SEED="" | ||
i=0 | ||
while : | ||
do | ||
result="$(LD_PRELOAD="$1" ./malloc_test $i | head -n 1000)" | ||
INSTRUCTIONS="$(printf "%s" "$result" | wc -l)" | ||
if [ -z "$SHORTEST" ] || [ "$INSTRUCTIONS" -lt "$SHORTEST" ] | ||
then | ||
SHORTEST="$INSTRUCTIONS" | ||
SHORTEST_SEED="$i" | ||
echo "Can hurt your malloc in $SHORTEST steps, you can Ctrl-C to see it." | ||
fi | ||
i=$((i + 1)) | ||
done | ||
|
||
|
||
#include <string.h> | ||
#include <stdio.h> | ||
#include <stdlib.h> | ||
#include <unistd.h> | ||
|
||
#define _stringify(a) #a | ||
#define stringify(a) _stringify(a) | ||
|
||
int nbr(int value, char *base) | ||
{ | ||
int len; | ||
int neg_flag; | ||
|
||
len = -1; | ||
neg_flag = 1; | ||
while (*(base + ++len)); | ||
if (len < 2) | ||
return -1; | ||
if (value < 0) | ||
{ | ||
write(1, "-", 1); | ||
neg_flag = -1; | ||
} | ||
if (value / len) | ||
nbr((value / len) * neg_flag, base); | ||
write(1, &base[(value % len) * neg_flag], 1); | ||
return value; | ||
} | ||
void hex(int value) | ||
{ | ||
nbr(value, "0123456789ABCDEF"); | ||
} | ||
void dec(int value) | ||
{ | ||
nbr(value, "0123456789"); | ||
} | ||
void str(char *str) | ||
{ | ||
write(1, str, strlen(str)); | ||
} | ||
|
||
void stress() | ||
{ | ||
#define LENGTH 4096 | ||
#define LENGTH_AS_STRING stringify(LENGTH) | ||
char *pointers[LENGTH]; | ||
int sizes[LENGTH]; | ||
int malloked[LENGTH]; | ||
int i, offset, size; | ||
|
||
memset(malloked, 0, LENGTH * sizeof(int)); | ||
str("char *pointers[" LENGTH_AS_STRING "];\n"); | ||
while (1) | ||
{ | ||
offset = rand() % LENGTH; | ||
size = rand() % 666; | ||
if (malloked[offset]) | ||
{ | ||
for (i = 0; i < sizes[offset]; i++) | ||
if (pointers[offset][i] != offset % 127) | ||
{ | ||
str("Memory corruption at pointers[");dec(offset);str("][");dec(i);str("]\n"); | ||
exit(EXIT_FAILURE); | ||
} | ||
if (rand() % 2 == 0) | ||
{ | ||
str("free(pointers[");dec(offset);str("]);\n"); | ||
free(pointers[offset]); | ||
malloked[offset] = 0; | ||
} | ||
else | ||
{ | ||
str("pointers[");dec(offset);str("] = remalloc(");dec(size);str(");\n"); | ||
if (malloked[offset]) | ||
{ | ||
pointers[offset] = realloc(pointers[offset], size); | ||
for (i = 0; i < size; i++) | ||
if (pointers[offset][i] != offset % 127) | ||
{ | ||
str("Memory corruption, in your realloc at pointers[");dec(offset);str("][");dec(i);str("]\n"); | ||
exit(EXIT_FAILURE); | ||
} | ||
memset(pointers[offset], offset % 127, size); | ||
sizes[offset] = size; | ||
} | ||
} | ||
} | ||
else | ||
{ | ||
str("pointers[");dec(offset);str("] = malloc(");dec(size);str(");\n"); | ||
pointers[offset] = malloc(size); | ||
malloked[offset] = 1; | ||
sizes[offset] = size; | ||
memset(pointers[offset], offset % 127, size); | ||
} | ||
} | ||
} | ||
|
||
int main(int ac, char **av) | ||
{ | ||
if (ac == 1) | ||
{ | ||
#define USAGE "Missing argument: please provide a seed\n" \ | ||
"The seed make your test reproductible:\n" \ | ||
"Giving the same seed will run the same tests.\n" | ||
write(2, USAGE, strlen(USAGE)); | ||
return EXIT_FAILURE; | ||
} | ||
srand(atoi(av[1])); | ||
stress(); | ||
return EXIT_SUCCESS; | ||
} |