1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef SANDBOX_LINUX_TESTS_UNIT_TESTS_H_
6 #define SANDBOX_LINUX_TESTS_UNIT_TESTS_H_
7 
8 #include <sys/syscall.h>
9 
10 #include "base/macros.h"
11 #include "build/build_config.h"
12 #include "sandbox/linux/tests/sandbox_test_runner_function_pointer.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14 
15 namespace sandbox {
16 
17 // Different platforms use different symbols for the six-argument version
18 // of the mmap() system call. Test for the correct symbol at compile time.
19 #ifdef __NR_mmap2
20 const int kMMapNr = __NR_mmap2;
21 #else
22 const int kMMapNr = __NR_mmap;
23 #endif
24 
25 // Has this been compiled to run on Android?
26 bool IsAndroid();
27 
28 bool IsArchitectureArm();
29 
30 #if defined(ADDRESS_SANITIZER)
31 #define DISABLE_ON_ASAN(test_name) DISABLED_##test_name
32 #else
33 #define DISABLE_ON_ASAN(test_name) test_name
34 #endif  // defined(ADDRESS_SANITIZER)
35 
36 #if defined(LEAK_SANITIZER)
37 #define DISABLE_ON_LSAN(test_name) DISABLED_##test_name
38 #else
39 #define DISABLE_ON_LSAN(test_name) test_name
40 #endif
41 
42 #if defined(THREAD_SANITIZER)
43 #define DISABLE_ON_TSAN(test_name) DISABLED_##test_name
44 #else
45 #define DISABLE_ON_TSAN(test_name) test_name
46 #endif  // defined(THREAD_SANITIZER)
47 
48 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
49     defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) ||    \
50     defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE)
51 #define DISABLE_ON_SANITIZERS(test_name) DISABLED_##test_name
52 #else
53 #define DISABLE_ON_SANITIZERS(test_name) test_name
54 #endif
55 
56 #if defined(OS_ANDROID)
57 #define DISABLE_ON_ANDROID(test_name) DISABLED_##test_name
58 #else
59 #define DISABLE_ON_ANDROID(test_name) test_name
60 #endif
61 
62 // While it is perfectly OK for a complex test to provide its own DeathCheck
63 // function. Most death tests have very simple requirements. These tests should
64 // use one of the predefined DEATH_XXX macros as an argument to
65 // SANDBOX_DEATH_TEST(). You can check for a (sub-)string in the output of the
66 // test, for a particular exit code, or for a particular death signal.
67 // NOTE: If you do decide to write your own DeathCheck, make sure to use
68 //       gtests's ASSERT_XXX() macros instead of SANDBOX_ASSERT(). See
69 //       unit_tests.cc for examples.
70 #define DEATH_SUCCESS() sandbox::UnitTests::DeathSuccess, NULL
71 #define DEATH_SUCCESS_ALLOW_NOISE() \
72   sandbox::UnitTests::DeathSuccessAllowNoise, NULL
73 #define DEATH_MESSAGE(msg)          \
74   sandbox::UnitTests::DeathMessage, \
75       static_cast<const void*>(static_cast<const char*>(msg))
76 #define DEATH_SEGV_MESSAGE(msg)         \
77   sandbox::UnitTests::DeathSEGVMessage, \
78       static_cast<const void*>(static_cast<const char*>(msg))
79 #define DEATH_EXIT_CODE(rc)          \
80   sandbox::UnitTests::DeathExitCode, \
81       reinterpret_cast<void*>(static_cast<intptr_t>(rc))
82 #define DEATH_BY_SIGNAL(s)           \
83   sandbox::UnitTests::DeathBySignal, \
84       reinterpret_cast<void*>(static_cast<intptr_t>(s))
85 
86 // A SANDBOX_DEATH_TEST is just like a SANDBOX_TEST (see below), but it assumes
87 // that the test actually dies. The death test only passes if the death occurs
88 // in the expected fashion, as specified by "death" and "death_aux". These two
89 // parameters are typically set to one of the DEATH_XXX() macros.
90 #define SANDBOX_DEATH_TEST(test_case_name, test_name, death)                \
91   void TEST_##test_name(void);                                              \
92   TEST(test_case_name, test_name) {                                         \
93     SandboxTestRunnerFunctionPointer sandbox_test_runner(TEST_##test_name); \
94     sandbox::UnitTests::RunTestInProcess(&sandbox_test_runner, death);      \
95   }                                                                         \
96   void TEST_##test_name(void)
97 
98 // Define a new test case that runs inside of a GTest death test. This is
99 // necessary, as most of our tests by definition make global and irreversible
100 // changes to the system (i.e. they install a sandbox). GTest provides death
101 // tests as a tool to isolate global changes from the rest of the tests.
102 #define SANDBOX_TEST(test_case_name, test_name) \
103   SANDBOX_DEATH_TEST(test_case_name, test_name, DEATH_SUCCESS())
104 
105 // SANDBOX_TEST_ALLOW_NOISE is just like SANDBOX_TEST, except it does not
106 // consider log error messages printed by the test to be test failures.
107 #define SANDBOX_TEST_ALLOW_NOISE(test_case_name, test_name) \
108   SANDBOX_DEATH_TEST(test_case_name, test_name, DEATH_SUCCESS_ALLOW_NOISE())
109 
110 // Simple assertion macro that is compatible with running inside of a death
111 // test. We unfortunately cannot use any of the GTest macros.
112 #define SANDBOX_STR(x) #x
113 #define SANDBOX_ASSERT(expr)                                             \
114   ((expr) ? static_cast<void>(0) : sandbox::UnitTests::AssertionFailure( \
115                                        SANDBOX_STR(expr), __FILE__, __LINE__))
116 
117 #define SANDBOX_ASSERT_EQ(x, y) SANDBOX_ASSERT((x) == (y))
118 #define SANDBOX_ASSERT_NE(x, y) SANDBOX_ASSERT((x) != (y))
119 #define SANDBOX_ASSERT_LT(x, y) SANDBOX_ASSERT((x) < (y))
120 #define SANDBOX_ASSERT_GT(x, y) SANDBOX_ASSERT((x) > (y))
121 #define SANDBOX_ASSERT_LE(x, y) SANDBOX_ASSERT((x) <= (y))
122 #define SANDBOX_ASSERT_GE(x, y) SANDBOX_ASSERT((x) >= (y))
123 
124 // This class allows to run unittests in their own process. The main method is
125 // RunTestInProcess().
126 class UnitTests {
127  public:
128   typedef void (*DeathCheck)(int status,
129                              const std::string& msg,
130                              const void* aux);
131 
132   // Runs a test inside a short-lived process. Do not call this function
133   // directly. It is automatically invoked by SANDBOX_TEST(). Most sandboxing
134   // functions make global irreversible changes to the execution environment
135   // and must therefore execute in their own isolated process.
136   // |test_runner| must implement the SandboxTestRunner interface and will run
137   // in a subprocess.
138   // Note: since the child process (created with fork()) will never return from
139   // RunTestInProcess(), |test_runner| is guaranteed to exist for the lifetime
140   // of the child process.
141   static void RunTestInProcess(SandboxTestRunner* test_runner,
142                                DeathCheck death,
143                                const void* death_aux);
144 
145   // Report a useful error message and terminate the current SANDBOX_TEST().
146   // Calling this function from outside a SANDBOX_TEST() is unlikely to do
147   // anything useful.
148   static void AssertionFailure(const char* expr, const char* file, int line);
149 
150   // Sometimes we determine at run-time that a test should be disabled.
151   // Call this method if we want to return from a test and completely
152   // ignore its results.
153   // You should not call this method, if the test already ran any test-relevant
154   // code. Most notably, you should not call it, you already wrote any messages
155   // to stderr.
156   static void IgnoreThisTest();
157 
158   // A DeathCheck method that verifies that the test completed successfully.
159   // This is the default test mode for SANDBOX_TEST(). The "aux" parameter
160   // of this DeathCheck is unused (and thus unnamed)
161   static void DeathSuccess(int status, const std::string& msg, const void*);
162 
163   // A DeathCheck method that verifies that the test completed successfully
164   // allowing for log error messages.
165   static void DeathSuccessAllowNoise(int status,
166                                      const std::string& msg,
167                                      const void*);
168 
169   // A DeathCheck method that verifies that the test completed with error
170   // code "1" and printed a message containing a particular substring. The
171   // "aux" pointer should point to a C-string containing the expected error
172   // message. This method is useful for checking assertion failures such as
173   // in SANDBOX_ASSERT() and/or SANDBOX_DIE().
174   static void DeathMessage(int status, const std::string& msg, const void* aux);
175 
176   // Like DeathMessage() but the process must be terminated with a segmentation
177   // fault.
178   // Implementation detail: On Linux (but not on Android), this does check for
179   // the return value of our default signal handler rather than for the actual
180   // reception of a SIGSEGV.
181   // TODO(jln): make this more robust.
182   static void DeathSEGVMessage(int status,
183                                const std::string& msg,
184                                const void* aux);
185 
186   // A DeathCheck method that verifies that the test completed with a
187   // particular exit code. If the test output any messages to stderr, they are
188   // silently ignored. The expected exit code should be passed in by
189   // casting the its "int" value to a "void *", which is then used for "aux".
190   static void DeathExitCode(int status,
191                             const std::string& msg,
192                             const void* aux);
193 
194   // A DeathCheck method that verifies that the test was terminated by a
195   // particular signal. If the test output any messages to stderr, they are
196   // silently ignore. The expected signal number should be passed in by
197   // casting the its "int" value to a "void *", which is then used for "aux".
198   static void DeathBySignal(int status,
199                             const std::string& msg,
200                             const void* aux);
201 
202  private:
203   DISALLOW_IMPLICIT_CONSTRUCTORS(UnitTests);
204 };
205 
206 }  // namespace
207 
208 #endif  // SANDBOX_LINUX_TESTS_UNIT_TESTS_H_
209