1fdb6b69dSkamil# Copyright (c) 2018 The NetBSD Foundation, Inc. 2fdb6b69dSkamil# All rights reserved. 3fdb6b69dSkamil# 4fdb6b69dSkamil# This code is derived from software contributed to The NetBSD Foundation 5fdb6b69dSkamil# by Yang Zheng. 6fdb6b69dSkamil# 7fdb6b69dSkamil# Redistribution and use in source and binary forms, with or without 8fdb6b69dSkamil# modification, are permitted provided that the following conditions 9fdb6b69dSkamil# are met: 10fdb6b69dSkamil# 1. Redistributions of source code must retain the above copyright 11fdb6b69dSkamil# notice, this list of conditions and the following disclaimer. 12fdb6b69dSkamil# 2. Redistributions in binary form must reproduce the above copyright 13fdb6b69dSkamil# notice, this list of conditions and the following disclaimer in the 14fdb6b69dSkamil# documentation and/or other materials provided with the distribution. 15fdb6b69dSkamil# 16fdb6b69dSkamil# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17fdb6b69dSkamil# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18fdb6b69dSkamil# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19fdb6b69dSkamil# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20fdb6b69dSkamil# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21fdb6b69dSkamil# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22fdb6b69dSkamil# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23fdb6b69dSkamil# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24fdb6b69dSkamil# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25fdb6b69dSkamil# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26fdb6b69dSkamil# POSSIBILITY OF SUCH DAMAGE. 27fdb6b69dSkamil# 28fdb6b69dSkamil 29fdb6b69dSkamiltest_target() 30fdb6b69dSkamil{ 31fdb6b69dSkamil SUPPORT='n' 32fdb6b69dSkamil if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \ 33fdb6b69dSkamil ! echo __clang__ | c++ -E - | grep -q __clang__; then 34fdb6b69dSkamil # only clang with major version newer than 7 is supported 35fdb6b69dSkamil CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'` 36fdb6b69dSkamil if [ "$CLANG_MAJOR" -ge "7" ]; then 37fdb6b69dSkamil SUPPORT='y' 38fdb6b69dSkamil fi 39fdb6b69dSkamil fi 40fdb6b69dSkamil} 41fdb6b69dSkamil 42fdb6b69dSkamilatf_test_case oom 43fdb6b69dSkamiloom_head() { 44fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for out-of-memory condition" 45fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 46fdb6b69dSkamil} 47fdb6b69dSkamil 48fdb6b69dSkamilatf_test_case oom_profile 49fdb6b69dSkamiloom_profile_head() { 50fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for out-of-memory with profiling option" 51fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 52fdb6b69dSkamil} 53fdb6b69dSkamilatf_test_case oom_pic 54fdb6b69dSkamiloom_pic_head() { 55fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for out-of-memory with position independent code (PIC) flag" 56fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 57fdb6b69dSkamil} 58fdb6b69dSkamilatf_test_case oom_pie 59fdb6b69dSkamiloom_pie_head() { 60fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for out-of-memory with position independent execution (PIE) flag" 61fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 62fdb6b69dSkamil} 63fdb6b69dSkamil 64fdb6b69dSkamiloom_body(){ 65fdb6b69dSkamil cat > test.cc << EOF 66fdb6b69dSkamil#include <stddef.h> 67fdb6b69dSkamil#include <stdint.h> 68fdb6b69dSkamil#include <stdlib.h> 69fdb6b69dSkamil 70fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 71fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 72fdb6b69dSkamil return 0; 73fdb6b69dSkamil} 74fdb6b69dSkamilEOF 75fdb6b69dSkamil 76fdb6b69dSkamil c++ -fsanitize=fuzzer -o test test.cc 77fdb6b69dSkamil paxctl +a test 78fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 79fdb6b69dSkamil} 80fdb6b69dSkamil 81fdb6b69dSkamiloom_profile_body(){ 82fdb6b69dSkamil cat > test.cc << EOF 83fdb6b69dSkamil#include <stddef.h> 84fdb6b69dSkamil#include <stdint.h> 85fdb6b69dSkamil#include <stdlib.h> 86fdb6b69dSkamil 87fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 88fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 89fdb6b69dSkamil return 0; 90fdb6b69dSkamil} 91fdb6b69dSkamilEOF 92fdb6b69dSkamil 93*d3d203ebSskrll c++ -fsanitize=fuzzer -static -o test -pg test.cc 94fdb6b69dSkamil paxctl +a test 95fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 96fdb6b69dSkamil} 97fdb6b69dSkamil 98fdb6b69dSkamiloom_pic_body(){ 99fdb6b69dSkamil cat > test.cc << EOF 100fdb6b69dSkamil#include <stddef.h> 101fdb6b69dSkamil#include <stdint.h> 102fdb6b69dSkamilint help(const uint8_t *data, size_t size); 103fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 104fdb6b69dSkamil return help(data, size); 105fdb6b69dSkamil} 106fdb6b69dSkamilEOF 107fdb6b69dSkamil 108fdb6b69dSkamil cat > pic.cc << EOF 109fdb6b69dSkamil#include <stddef.h> 110fdb6b69dSkamil#include <stdint.h> 111fdb6b69dSkamil#include <stdlib.h> 112fdb6b69dSkamil 113fdb6b69dSkamilint help(const uint8_t *data, size_t size) { 114fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 115fdb6b69dSkamil return 0; 116fdb6b69dSkamil} 117fdb6b69dSkamilEOF 118fdb6b69dSkamil 119fdb6b69dSkamil c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc 120fdb6b69dSkamil c++ -o test test.cc -fsanitize=fuzzer -L. -ltest 121fdb6b69dSkamil paxctl +a test 122fdb6b69dSkamil 123fdb6b69dSkamil export LD_LIBRARY_PATH=. 124fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 125fdb6b69dSkamil} 126fdb6b69dSkamiloom_pie_body(){ 127fdb6b69dSkamil 128fdb6b69dSkamil #check whether -pie flag is supported on this architecture 129fdb6b69dSkamil if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 130fdb6b69dSkamil atf_set_skip "c++ -pie not supported on this architecture" 131fdb6b69dSkamil fi 132fdb6b69dSkamil cat > test.cc << EOF 133fdb6b69dSkamil#include <stddef.h> 134fdb6b69dSkamil#include <stdint.h> 135fdb6b69dSkamil#include <stdlib.h> 136fdb6b69dSkamil 137fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 138fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 139fdb6b69dSkamil return 0; 140fdb6b69dSkamil} 141fdb6b69dSkamilEOF 142fdb6b69dSkamil 143fdb6b69dSkamil c++ -fsanitize=fuzzer -o test -fpie -pie test.cc 144fdb6b69dSkamil paxctl +a test 145fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 146fdb6b69dSkamil} 147fdb6b69dSkamil 148fdb6b69dSkamil 149fdb6b69dSkamilatf_test_case target_not_supported 150fdb6b69dSkamiltarget_not_supported_head() 151fdb6b69dSkamil{ 152fdb6b69dSkamil atf_set "descr" "Test forced skip" 153fdb6b69dSkamil} 154fdb6b69dSkamil 155c52a0032Skamiltarget_not_supported_body() 156c52a0032Skamil{ 157c52a0032Skamil atf_skip "Target is not supported" 158c52a0032Skamil} 159c52a0032Skamil 160fdb6b69dSkamilatf_init_test_cases() 161fdb6b69dSkamil{ 162fdb6b69dSkamil test_target 163fdb6b69dSkamil test $SUPPORT = 'n' && { 164fdb6b69dSkamil atf_add_test_case target_not_supported 165fdb6b69dSkamil return 0 166fdb6b69dSkamil } 167fdb6b69dSkamil atf_add_test_case oom 168fdb6b69dSkamil atf_add_test_case oom_profile 169fdb6b69dSkamil atf_add_test_case oom_pie 170fdb6b69dSkamil atf_add_test_case oom_pic 171fdb6b69dSkamil} 172