1fdb6b69dSkamil# Copyright (c) 2018 The NetBSD Foundation, Inc. 2fdb6b69dSkamil# All rights reserved. 3fdb6b69dSkamil# 4fdb6b69dSkamil# This code is derived from software contributed to The NetBSD Foundation 5fdb6b69dSkamil# by Yang Zheng. 6fdb6b69dSkamil# 7fdb6b69dSkamil# Redistribution and use in source and binary forms, with or without 8fdb6b69dSkamil# modification, are permitted provided that the following conditions 9fdb6b69dSkamil# are met: 10fdb6b69dSkamil# 1. Redistributions of source code must retain the above copyright 11fdb6b69dSkamil# notice, this list of conditions and the following disclaimer. 12fdb6b69dSkamil# 2. Redistributions in binary form must reproduce the above copyright 13fdb6b69dSkamil# notice, this list of conditions and the following disclaimer in the 14fdb6b69dSkamil# documentation and/or other materials provided with the distribution. 15fdb6b69dSkamil# 16fdb6b69dSkamil# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17fdb6b69dSkamil# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18fdb6b69dSkamil# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19fdb6b69dSkamil# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20fdb6b69dSkamil# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21fdb6b69dSkamil# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22fdb6b69dSkamil# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23fdb6b69dSkamil# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24fdb6b69dSkamil# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25fdb6b69dSkamil# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26fdb6b69dSkamil# POSSIBILITY OF SUCH DAMAGE. 27fdb6b69dSkamil# 28fdb6b69dSkamil 29fdb6b69dSkamiltest_target() 30fdb6b69dSkamil{ 31fdb6b69dSkamil SUPPORT='n' 32fdb6b69dSkamil if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \ 33fdb6b69dSkamil ! echo __clang__ | c++ -E - | grep -q __clang__; then 34fdb6b69dSkamil # only clang with major version newer than 7 is supported 35fdb6b69dSkamil CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'` 36fdb6b69dSkamil if [ "$CLANG_MAJOR" -ge "7" ]; then 37fdb6b69dSkamil SUPPORT='y' 38fdb6b69dSkamil fi 39fdb6b69dSkamil fi 40fdb6b69dSkamil} 41fdb6b69dSkamil 42fdb6b69dSkamilatf_test_case timeout 43fdb6b69dSkamiltimeout_head() { 44fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for timeout condition" 45fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 46fdb6b69dSkamil} 47fdb6b69dSkamil 48fdb6b69dSkamilatf_test_case timeout_profile 49fdb6b69dSkamiltimeout_profile_head() { 50fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for timeout with profiling option" 51fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 52fdb6b69dSkamil} 53fdb6b69dSkamilatf_test_case timeout_pic 54fdb6b69dSkamiltimeout_pic_head() { 55fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for timeout with position independent code (PIC) flag" 56fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 57fdb6b69dSkamil} 58fdb6b69dSkamilatf_test_case timeout_pie 59fdb6b69dSkamiltimeout_pie_head() { 60fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for timeout with position independent execution (PIE) flag" 61fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 62fdb6b69dSkamil} 63fdb6b69dSkamil 64fdb6b69dSkamiltimeout_body(){ 65fdb6b69dSkamil cat > test.cc << EOF 66fdb6b69dSkamil#include <stddef.h> 67fdb6b69dSkamil#include <stdint.h> 68fdb6b69dSkamil 69fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 70fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) ; 71fdb6b69dSkamil return 0; 72fdb6b69dSkamil} 73fdb6b69dSkamilEOF 74fdb6b69dSkamil 75fdb6b69dSkamil c++ -fsanitize=fuzzer -o test test.cc 76fdb6b69dSkamil paxctl +a test 77fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: timeout" ./test -timeout=5 78fdb6b69dSkamil} 79fdb6b69dSkamil 80fdb6b69dSkamiltimeout_profile_body(){ 81fdb6b69dSkamil cat > test.cc << EOF 82fdb6b69dSkamil#include <stddef.h> 83fdb6b69dSkamil#include <stdint.h> 84fdb6b69dSkamil 85fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 86fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) ; 87fdb6b69dSkamil return 0; 88fdb6b69dSkamil} 89fdb6b69dSkamilEOF 90fdb6b69dSkamil 91*d3d203ebSskrll c++ -fsanitize=fuzzer -static -o test -pg test.cc 92fdb6b69dSkamil paxctl +a test 93fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: timeout" ./test -timeout=5 94fdb6b69dSkamil} 95fdb6b69dSkamil 96fdb6b69dSkamiltimeout_pic_body(){ 97fdb6b69dSkamil cat > test.cc << EOF 98fdb6b69dSkamil#include <stddef.h> 99fdb6b69dSkamil#include <stdint.h> 100fdb6b69dSkamilint help(const uint8_t *data, size_t size); 101fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 102fdb6b69dSkamil return help(data, size); 103fdb6b69dSkamil} 104fdb6b69dSkamilEOF 105fdb6b69dSkamil 106fdb6b69dSkamil cat > pic.cc << EOF 107fdb6b69dSkamil#include <stddef.h> 108fdb6b69dSkamil#include <stdint.h> 109fdb6b69dSkamil 110fdb6b69dSkamilint help(const uint8_t *data, size_t size) { 111fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) ; 112fdb6b69dSkamil return 0; 113fdb6b69dSkamil} 114fdb6b69dSkamilEOF 115fdb6b69dSkamil 116fdb6b69dSkamil c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc 117fdb6b69dSkamil c++ -o test test.cc -fsanitize=fuzzer -L. -ltest 118fdb6b69dSkamil paxctl +a test 119fdb6b69dSkamil 120fdb6b69dSkamil export LD_LIBRARY_PATH=. 121fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: timeout" ./test -timeout=5 122fdb6b69dSkamil} 123fdb6b69dSkamiltimeout_pie_body(){ 124fdb6b69dSkamil 125fdb6b69dSkamil #check whether -pie flag is supported on this architecture 126fdb6b69dSkamil if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 127fdb6b69dSkamil atf_set_skip "c++ -pie not supported on this architecture" 128fdb6b69dSkamil fi 129fdb6b69dSkamil cat > test.cc << EOF 130fdb6b69dSkamil#include <stddef.h> 131fdb6b69dSkamil#include <stdint.h> 132fdb6b69dSkamil 133fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 134fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) ; 135fdb6b69dSkamil return 0; 136fdb6b69dSkamil} 137fdb6b69dSkamilEOF 138fdb6b69dSkamil 139fdb6b69dSkamil c++ -fsanitize=fuzzer -o test -fpie -pie test.cc 140fdb6b69dSkamil paxctl +a test 141fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: timeout" ./test -timeout=5 142fdb6b69dSkamil} 143fdb6b69dSkamil 144fdb6b69dSkamil 145fdb6b69dSkamilatf_test_case target_not_supported 146fdb6b69dSkamiltarget_not_supported_head() 147fdb6b69dSkamil{ 148fdb6b69dSkamil atf_set "descr" "Test forced skip" 149fdb6b69dSkamil} 150fdb6b69dSkamil 151c52a0032Skamiltarget_not_supported_body() 152c52a0032Skamil{ 153c52a0032Skamil atf_skip "Target is not supported" 154c52a0032Skamil} 155c52a0032Skamil 156fdb6b69dSkamilatf_init_test_cases() 157fdb6b69dSkamil{ 158fdb6b69dSkamil test_target 159fdb6b69dSkamil test $SUPPORT = 'n' && { 160fdb6b69dSkamil atf_add_test_case target_not_supported 161fdb6b69dSkamil return 0 162fdb6b69dSkamil } 163fdb6b69dSkamil atf_add_test_case timeout 164fdb6b69dSkamil atf_add_test_case timeout_profile 165fdb6b69dSkamil atf_add_test_case timeout_pie 166fdb6b69dSkamil atf_add_test_case timeout_pic 167fdb6b69dSkamil} 168