xref: /netbsd/tests/usr.bin/c++/t_fuzzer_oom.sh (revision fdb6b69d) 
1*fdb6b69dSkamil# Copyright (c) 2018 The NetBSD Foundation, Inc.
2*fdb6b69dSkamil# All rights reserved.
3*fdb6b69dSkamil#
4*fdb6b69dSkamil# This code is derived from software contributed to The NetBSD Foundation
5*fdb6b69dSkamil# by Yang Zheng.
6*fdb6b69dSkamil#
7*fdb6b69dSkamil# Redistribution and use in source and binary forms, with or without
8*fdb6b69dSkamil# modification, are permitted provided that the following conditions
9*fdb6b69dSkamil# are met:
10*fdb6b69dSkamil# 1. Redistributions of source code must retain the above copyright
11*fdb6b69dSkamil#    notice, this list of conditions and the following disclaimer.
12*fdb6b69dSkamil# 2. Redistributions in binary form must reproduce the above copyright
13*fdb6b69dSkamil#    notice, this list of conditions and the following disclaimer in the
14*fdb6b69dSkamil#    documentation and/or other materials provided with the distribution.
15*fdb6b69dSkamil#
16*fdb6b69dSkamil# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
17*fdb6b69dSkamil# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18*fdb6b69dSkamil# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19*fdb6b69dSkamil# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20*fdb6b69dSkamil# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21*fdb6b69dSkamil# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22*fdb6b69dSkamil# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23*fdb6b69dSkamil# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24*fdb6b69dSkamil# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25*fdb6b69dSkamil# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26*fdb6b69dSkamil# POSSIBILITY OF SUCH DAMAGE.
27*fdb6b69dSkamil#
28*fdb6b69dSkamil
29*fdb6b69dSkamiltest_target()
30*fdb6b69dSkamil{
31*fdb6b69dSkamil	SUPPORT='n'
32*fdb6b69dSkamil	if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \
33*fdb6b69dSkamil		   ! echo __clang__ | c++ -E - | grep -q __clang__; then
34*fdb6b69dSkamil		# only clang with major version newer than 7 is supported
35*fdb6b69dSkamil		CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'`
36*fdb6b69dSkamil		if [ "$CLANG_MAJOR" -ge "7" ]; then
37*fdb6b69dSkamil			SUPPORT='y'
38*fdb6b69dSkamil		fi
39*fdb6b69dSkamil	fi
40*fdb6b69dSkamil}
41*fdb6b69dSkamil
42*fdb6b69dSkamilatf_test_case oom
43*fdb6b69dSkamiloom_head() {
44*fdb6b69dSkamil	atf_set "descr" "Test thread sanitizer for out-of-memory condition"
45*fdb6b69dSkamil	atf_set "require.progs" "c++ paxctl"
46*fdb6b69dSkamil}
47*fdb6b69dSkamil
48*fdb6b69dSkamilatf_test_case oom_profile
49*fdb6b69dSkamiloom_profile_head() {
50*fdb6b69dSkamil	atf_set "descr" "Test thread sanitizer for out-of-memory with profiling option"
51*fdb6b69dSkamil	atf_set "require.progs" "c++ paxctl"
52*fdb6b69dSkamil}
53*fdb6b69dSkamilatf_test_case oom_pic
54*fdb6b69dSkamiloom_pic_head() {
55*fdb6b69dSkamil	atf_set "descr" "Test thread sanitizer for out-of-memory with position independent code (PIC) flag"
56*fdb6b69dSkamil	atf_set "require.progs" "c++ paxctl"
57*fdb6b69dSkamil}
58*fdb6b69dSkamilatf_test_case oom_pie
59*fdb6b69dSkamiloom_pie_head() {
60*fdb6b69dSkamil	atf_set "descr" "Test thread sanitizer for out-of-memory with position independent execution (PIE) flag"
61*fdb6b69dSkamil	atf_set "require.progs" "c++ paxctl"
62*fdb6b69dSkamil}
63*fdb6b69dSkamil
64*fdb6b69dSkamiloom_body(){
65*fdb6b69dSkamil	cat > test.cc << EOF
66*fdb6b69dSkamil#include <stddef.h>
67*fdb6b69dSkamil#include <stdint.h>
68*fdb6b69dSkamil#include <stdlib.h>
69*fdb6b69dSkamil
70*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
71*fdb6b69dSkamil  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
72*fdb6b69dSkamil  return 0;
73*fdb6b69dSkamil}
74*fdb6b69dSkamilEOF
75*fdb6b69dSkamil
76*fdb6b69dSkamil	c++ -fsanitize=fuzzer -o test test.cc
77*fdb6b69dSkamil	paxctl +a test
78*fdb6b69dSkamil	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
79*fdb6b69dSkamil}
80*fdb6b69dSkamil
81*fdb6b69dSkamiloom_profile_body(){
82*fdb6b69dSkamil	cat > test.cc << EOF
83*fdb6b69dSkamil#include <stddef.h>
84*fdb6b69dSkamil#include <stdint.h>
85*fdb6b69dSkamil#include <stdlib.h>
86*fdb6b69dSkamil
87*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
88*fdb6b69dSkamil  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
89*fdb6b69dSkamil  return 0;
90*fdb6b69dSkamil}
91*fdb6b69dSkamilEOF
92*fdb6b69dSkamil
93*fdb6b69dSkamil	c++ -fsanitize=fuzzer -o test -pg test.cc
94*fdb6b69dSkamil	paxctl +a test
95*fdb6b69dSkamil	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
96*fdb6b69dSkamil}
97*fdb6b69dSkamil
98*fdb6b69dSkamiloom_pic_body(){
99*fdb6b69dSkamil	cat > test.cc << EOF
100*fdb6b69dSkamil#include <stddef.h>
101*fdb6b69dSkamil#include <stdint.h>
102*fdb6b69dSkamilint help(const uint8_t *data, size_t size);
103*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
104*fdb6b69dSkamil    return help(data, size);
105*fdb6b69dSkamil}
106*fdb6b69dSkamilEOF
107*fdb6b69dSkamil
108*fdb6b69dSkamil	cat > pic.cc << EOF
109*fdb6b69dSkamil#include <stddef.h>
110*fdb6b69dSkamil#include <stdint.h>
111*fdb6b69dSkamil#include <stdlib.h>
112*fdb6b69dSkamil
113*fdb6b69dSkamilint help(const uint8_t *data, size_t size) {
114*fdb6b69dSkamil  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
115*fdb6b69dSkamil  return 0;
116*fdb6b69dSkamil}
117*fdb6b69dSkamilEOF
118*fdb6b69dSkamil
119*fdb6b69dSkamil	c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc
120*fdb6b69dSkamil	c++ -o test test.cc -fsanitize=fuzzer -L. -ltest
121*fdb6b69dSkamil	paxctl +a test
122*fdb6b69dSkamil
123*fdb6b69dSkamil	export LD_LIBRARY_PATH=.
124*fdb6b69dSkamil	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
125*fdb6b69dSkamil}
126*fdb6b69dSkamiloom_pie_body(){
127*fdb6b69dSkamil
128*fdb6b69dSkamil	#check whether -pie flag is supported on this architecture
129*fdb6b69dSkamil	if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
130*fdb6b69dSkamil		atf_set_skip "c++ -pie not supported on this architecture"
131*fdb6b69dSkamil	fi
132*fdb6b69dSkamil	cat > test.cc << EOF
133*fdb6b69dSkamil#include <stddef.h>
134*fdb6b69dSkamil#include <stdint.h>
135*fdb6b69dSkamil#include <stdlib.h>
136*fdb6b69dSkamil
137*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
138*fdb6b69dSkamil  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
139*fdb6b69dSkamil  return 0;
140*fdb6b69dSkamil}
141*fdb6b69dSkamilEOF
142*fdb6b69dSkamil
143*fdb6b69dSkamil	c++ -fsanitize=fuzzer -o test -fpie -pie test.cc
144*fdb6b69dSkamil	paxctl +a test
145*fdb6b69dSkamil	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
146*fdb6b69dSkamil}
147*fdb6b69dSkamil
148*fdb6b69dSkamil
149*fdb6b69dSkamilatf_test_case target_not_supported
150*fdb6b69dSkamiltarget_not_supported_head()
151*fdb6b69dSkamil{
152*fdb6b69dSkamil	atf_set "descr" "Test forced skip"
153*fdb6b69dSkamil}
154*fdb6b69dSkamil
155*fdb6b69dSkamilatf_init_test_cases()
156*fdb6b69dSkamil{
157*fdb6b69dSkamil	test_target
158*fdb6b69dSkamil	test $SUPPORT = 'n' && {
159*fdb6b69dSkamil		atf_add_test_case target_not_supported
160*fdb6b69dSkamil		return 0
161*fdb6b69dSkamil	}
162*fdb6b69dSkamil	atf_add_test_case oom
163*fdb6b69dSkamil	atf_add_test_case oom_profile
164*fdb6b69dSkamil	atf_add_test_case oom_pie
165*fdb6b69dSkamil	atf_add_test_case oom_pic
166*fdb6b69dSkamil}
167