Merge pull request #14 from jfrimmel/code-coverage

jfrimmel · web-flow · commit 95e3df33443f · 2022-08-21T17:02:07.000+02:00
Add more tests to improve code coverage
diff --git a/src/lib.rs b/src/lib.rs
@@ -64,15 +64,14 @@
 //! # Testing
 //! As mentioned before: an allocator is a very critical part in the overall
 //! system; a misbehaving allocator can break the whole program. Therefore this
-//! create is tested extensively:
+//! create is tested extensively[^note]:
 //! - there are unit tests and integration tests
 //! - the unit tests are run under `miri` to detect undefined behavior, both on
 //!   a little-endian and big-endian system
 //! - a real-world test using the allocator in the popular `ripgrep` program was
 //!   done (see [here][gist_hosted-test])
 //!
-//! Note, that the test coverage is not yet high enough and work is done to
-//! increase it.
+//! [^note]: The test coverage of different metrics and tools is over 96%.
 //!
 //! # Implementation
 //! This algorithm does a linear scan for free blocks. The basic algorithm is as
@@ -350,7 +349,7 @@ mod tests {
 
     #[test]
     fn small_alignments() {
-        let allocator = Allocator::<32>::new();
+        let allocator = Allocator::<128>::new();
 
         let ptr = unsafe { allocator.alloc(Layout::from_size_align(8, 2).unwrap()) };
         assert_alignment!(ptr, 1);
@@ -382,6 +381,24 @@ mod tests {
         assert_alignment!(ptr, FOUR_MEG);
     }
 
+    #[test]
+    fn allocation_failure() {
+        let allocator = Allocator::<128>::new();
+
+        // try an allocation, that exceeds the total memory size
+        let ptr = unsafe { allocator.alloc(Layout::from_size_align(129, 1).unwrap()) };
+        assert_eq!(ptr, ptr::null_mut());
+    }
+
+    #[test]
+    fn allocation_failure_due_to_alignment() {
+        let allocator = Allocator::<128>::new();
+
+        // try an allocation, that exceeds the total memory size
+        let ptr = unsafe { allocator.alloc(Layout::from_size_align(8, 128).unwrap()) };
+        assert_eq!(ptr, ptr::null_mut());
+    }
+
     #[test]
     fn example_usage() {
         // do some example allocations. There is an intermediate deallocation,
diff --git a/src/raw_allocator/buffer.rs b/src/raw_allocator/buffer.rs
@@ -30,7 +30,8 @@ impl<const N: usize> Buffer<N> {
     /// This function panics if the buffer is less than 4 bytes in size, i.e. if
     /// `N < 4`.
     pub const fn new() -> Self {
-        assert!(N >= 4, "buffer too small, use N >= 4");
+        assert!(N >= HEADER_SIZE, "buffer too small, use N >= 4");
+        assert!(N % HEADER_SIZE == 0, "memory size has to be divisible by 4");
         let remaining_size = N - HEADER_SIZE;
         let initial_entry = Entry::free(remaining_size).as_raw();
 
@@ -240,7 +241,24 @@ impl<'buffer, const N: usize> Iterator for EntryIter<'buffer, N> {
 
 #[cfg(test)]
 mod tests {
-    use super::{Buffer, Entry, ValidatedOffset};
+    use super::{Buffer, Entry, ValidatedOffset, HEADER_SIZE};
+
+    #[test]
+    fn validated_offset_debug() {
+        assert_eq!(format!("{:?}", ValidatedOffset(12)), "ValidatedOffset(12)");
+    }
+
+    #[test]
+    fn validated_offset_equality() {
+        assert_eq!(ValidatedOffset(12), ValidatedOffset(12));
+        assert_ne!(ValidatedOffset(12), ValidatedOffset(24));
+        // as this test is primarily to make the code coverage happy, let's test
+        // something else here: cloning. Since the type is `Copy`, it has to be
+        // `Clone` as well, despite `clone()` never being called. So let's do it
+        // here, so that the coverage testing is happy.
+        assert_eq!(ValidatedOffset(12).clone(), ValidatedOffset(12));
+        assert_ne!(ValidatedOffset(12).clone(), ValidatedOffset(24));
+    }
 
     #[test]
     fn empty_allocator() {
@@ -250,6 +268,30 @@ mod tests {
         assert_eq!(expected, actual);
     }
 
+    #[test]
+    fn header_size() {
+        // the codebase assumes, that the header size is `4`, so make sure that
+        // assumption holds.
+        assert_eq!(HEADER_SIZE, 4);
+    }
+
+    #[test]
+    #[should_panic(expected = "buffer too small")]
+    fn too_small_buffer() {
+        // this test ensures, that there is no out of bounds writing when
+        // setting up the initial entry
+        Buffer::<3>::new();
+    }
+
+    #[test]
+    #[should_panic(expected = "memory size has to be divisible by 4")]
+    fn invalid_buffer_size() {
+        // the buffer size is not really an issue here, but the code is easier
+        // to write/read if the buffer size is always a multiple of the header
+        // size, i.e. the size of an entry, which is `4`.
+        Buffer::<13>::new();
+    }
+
     #[test]
     fn entry_iter() {
         let buffer = Buffer::<32>::new();
@@ -278,6 +320,34 @@ mod tests {
         assert_eq!(buffer[ValidatedOffset(8)], Entry::free(12));
     }
 
+    #[test]
+    #[should_panic]
+    fn at_out_of_bounds() {
+        let buffer = Buffer::<32>::new();
+        buffer.at(64); // panic here
+    }
+
+    #[test]
+    #[should_panic]
+    fn at_mut_out_of_bounds() {
+        let mut buffer = Buffer::<32>::new();
+        buffer.at_mut(64); // panic here
+    }
+
+    #[test]
+    #[should_panic]
+    fn at_unaligned() {
+        let buffer = Buffer::<32>::new();
+        buffer.at(2); // panic here
+    }
+
+    #[test]
+    #[should_panic]
+    fn at_mut_unaligned() {
+        let mut buffer = Buffer::<32>::new();
+        buffer.at_mut(2); // panic here
+    }
+
     #[test]
     fn following_free_entry() {
         let mut buffer = Buffer::<24>::new();
diff --git a/src/raw_allocator/entry.rs b/src/raw_allocator/entry.rs
@@ -101,6 +101,18 @@ impl Debug for Entry {
 mod tests {
     use super::{Entry, State};
 
+    #[test]
+    fn equality() {
+        assert_eq!(Entry::used(4), Entry::used(4));
+        assert_ne!(Entry::used(4), Entry::used(5));
+
+        assert_eq!(Entry::free(4), Entry::free(4));
+        assert_ne!(Entry::free(4), Entry::free(5));
+
+        assert_ne!(Entry::used(4), Entry::free(4));
+        assert_ne!(Entry::used(4), Entry::free(5));
+    }
+
     #[test]
     fn entry_bitpacking_state() {
         assert_eq!(Entry::free(5).state(), State::Free);
@@ -131,4 +143,16 @@ mod tests {
         // alignment as a `u32`, i.e. `4`
         assert_eq!(mem::align_of::<Entry>(), mem::align_of::<u32>());
     }
+
+    #[test]
+    fn debug_representation() {
+        assert_eq!(
+            format!("{:?}", Entry::used(123)),
+            "Entry { state: Used, size: 123 }"
+        );
+        assert_eq!(
+            format!("{:?}", Entry::free(456)),
+            "Entry { state: Free, size: 456 }"
+        );
+    }
 }
