1fdb6b69dSkamil# Copyright (c) 2018 The NetBSD Foundation, Inc. 2fdb6b69dSkamil# All rights reserved. 3fdb6b69dSkamil# 4fdb6b69dSkamil# This code is derived from software contributed to The NetBSD Foundation 5fdb6b69dSkamil# by Yang Zheng. 6fdb6b69dSkamil# 7fdb6b69dSkamil# Redistribution and use in source and binary forms, with or without 8fdb6b69dSkamil# modification, are permitted provided that the following conditions 9fdb6b69dSkamil# are met: 10fdb6b69dSkamil# 1. Redistributions of source code must retain the above copyright 11fdb6b69dSkamil# notice, this list of conditions and the following disclaimer. 12fdb6b69dSkamil# 2. Redistributions in binary form must reproduce the above copyright 13fdb6b69dSkamil# notice, this list of conditions and the following disclaimer in the 14fdb6b69dSkamil# documentation and/or other materials provided with the distribution. 15fdb6b69dSkamil# 16fdb6b69dSkamil# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17fdb6b69dSkamil# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18fdb6b69dSkamil# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19fdb6b69dSkamil# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20fdb6b69dSkamil# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21fdb6b69dSkamil# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22fdb6b69dSkamil# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23fdb6b69dSkamil# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24fdb6b69dSkamil# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25fdb6b69dSkamil# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26fdb6b69dSkamil# POSSIBILITY OF SUCH DAMAGE. 27fdb6b69dSkamil# 28fdb6b69dSkamil 29fdb6b69dSkamiltest_target() 30fdb6b69dSkamil{ 31fdb6b69dSkamil SUPPORT='n' 32fdb6b69dSkamil if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \ 33fdb6b69dSkamil ! echo __clang__ | c++ -E - | grep -q __clang__; then 34fdb6b69dSkamil # only clang with major version newer than 7 is supported 35fdb6b69dSkamil CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'` 36fdb6b69dSkamil if [ "$CLANG_MAJOR" -ge "7" ]; then 37fdb6b69dSkamil SUPPORT='y' 38fdb6b69dSkamil fi 39fdb6b69dSkamil fi 40fdb6b69dSkamil} 41fdb6b69dSkamil 42fdb6b69dSkamilatf_test_case simple 43fdb6b69dSkamilsimple_head() { 44fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for error exit condition" 45fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 46fdb6b69dSkamil} 47fdb6b69dSkamil 48fdb6b69dSkamilatf_test_case simple_profile 49fdb6b69dSkamilsimple_profile_head() { 50fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for simple with profiling option" 51fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 52fdb6b69dSkamil} 53fdb6b69dSkamilatf_test_case simple_pic 54fdb6b69dSkamilsimple_pic_head() { 55fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for simple with position independent code (PIC) flag" 56fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 57fdb6b69dSkamil} 58fdb6b69dSkamilatf_test_case simple_pie 59fdb6b69dSkamilsimple_pie_head() { 60fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for simple with position independent execution (PIE) flag" 61fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 62fdb6b69dSkamil} 63fdb6b69dSkamil 64fdb6b69dSkamilsimple_body(){ 65fdb6b69dSkamil cat > test.cc << EOF 66fdb6b69dSkamil#include <stdlib.h> 67fdb6b69dSkamil#include <stdio.h> 68fdb6b69dSkamil#include <stdint.h> 69fdb6b69dSkamil 70fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 71fdb6b69dSkamil if (size > 0 && data[0] == 'b') { 72fdb6b69dSkamil fprintf(stderr, "BINGO\n"); 73fdb6b69dSkamil exit(1); 74fdb6b69dSkamil } 75fdb6b69dSkamil 76fdb6b69dSkamil return 0; 77fdb6b69dSkamil} 78fdb6b69dSkamilEOF 79fdb6b69dSkamil 80fdb6b69dSkamil c++ -fsanitize=fuzzer -o test test.cc 81fdb6b69dSkamil paxctl +a test 82fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"BINGO" ./test 83fdb6b69dSkamil} 84fdb6b69dSkamil 85fdb6b69dSkamilsimple_profile_body(){ 86fdb6b69dSkamil cat > test.cc << EOF 87fdb6b69dSkamil#include <stdlib.h> 88fdb6b69dSkamil#include <stdio.h> 89fdb6b69dSkamil#include <stdint.h> 90fdb6b69dSkamil 91fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 92fdb6b69dSkamil if (size > 0 && data[0] == 'b') { 93fdb6b69dSkamil fprintf(stderr, "BINGO\n"); 94fdb6b69dSkamil exit(1); 95fdb6b69dSkamil } 96fdb6b69dSkamil 97fdb6b69dSkamil return 0; 98fdb6b69dSkamil} 99fdb6b69dSkamilEOF 100fdb6b69dSkamil 101*d3d203ebSskrll c++ -fsanitize=fuzzer -static -o test -pg test.cc 102fdb6b69dSkamil paxctl +a test 103fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"BINGO" ./test 104fdb6b69dSkamil} 105fdb6b69dSkamil 106fdb6b69dSkamilsimple_pic_body(){ 107fdb6b69dSkamil cat > test.cc << EOF 108fdb6b69dSkamil#include <stddef.h> 109fdb6b69dSkamil#include <stdint.h> 110fdb6b69dSkamilint help(const uint8_t *data, size_t size); 111fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 112fdb6b69dSkamil return help(data, size); 113fdb6b69dSkamil} 114fdb6b69dSkamilEOF 115fdb6b69dSkamil 116fdb6b69dSkamil cat > pic.cc << EOF 117fdb6b69dSkamil#include <stdlib.h> 118fdb6b69dSkamil#include <stdio.h> 119fdb6b69dSkamil#include <stdint.h> 120fdb6b69dSkamil 121fdb6b69dSkamilint help(const uint8_t *data, size_t size) { 122fdb6b69dSkamil if (size > 0 && data[0] == 'b') { 123fdb6b69dSkamil fprintf(stderr, "BINGO\n"); 124fdb6b69dSkamil exit(1); 125fdb6b69dSkamil } 126fdb6b69dSkamil 127fdb6b69dSkamil return 0; 128fdb6b69dSkamil} 129fdb6b69dSkamilEOF 130fdb6b69dSkamil 131fdb6b69dSkamil c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc 132fdb6b69dSkamil c++ -o test test.cc -fsanitize=fuzzer -L. -ltest 133fdb6b69dSkamil paxctl +a test 134fdb6b69dSkamil 135fdb6b69dSkamil export LD_LIBRARY_PATH=. 136fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"BINGO" ./test 137fdb6b69dSkamil} 138fdb6b69dSkamilsimple_pie_body(){ 139fdb6b69dSkamil 140fdb6b69dSkamil #check whether -pie flag is supported on this architecture 141fdb6b69dSkamil if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 142fdb6b69dSkamil atf_set_skip "c++ -pie not supported on this architecture" 143fdb6b69dSkamil fi 144fdb6b69dSkamil cat > test.cc << EOF 145fdb6b69dSkamil#include <stdlib.h> 146fdb6b69dSkamil#include <stdio.h> 147fdb6b69dSkamil#include <stdint.h> 148fdb6b69dSkamil 149fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 150fdb6b69dSkamil if (size > 0 && data[0] == 'b') { 151fdb6b69dSkamil fprintf(stderr, "BINGO\n"); 152fdb6b69dSkamil exit(1); 153fdb6b69dSkamil } 154fdb6b69dSkamil 155fdb6b69dSkamil return 0; 156fdb6b69dSkamil} 157fdb6b69dSkamilEOF 158fdb6b69dSkamil 159fdb6b69dSkamil c++ -fsanitize=fuzzer -o test -fpie -pie test.cc 160fdb6b69dSkamil paxctl +a test 161fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"BINGO" ./test 162fdb6b69dSkamil} 163fdb6b69dSkamil 164fdb6b69dSkamil 165fdb6b69dSkamilatf_test_case target_not_supported 166fdb6b69dSkamiltarget_not_supported_head() 167fdb6b69dSkamil{ 168fdb6b69dSkamil atf_set "descr" "Test forced skip" 169fdb6b69dSkamil} 170fdb6b69dSkamil 171c52a0032Skamiltarget_not_supported_body() 172c52a0032Skamil{ 173c52a0032Skamil atf_skip "Target is not supported" 174c52a0032Skamil} 175c52a0032Skamil 176fdb6b69dSkamilatf_init_test_cases() 177fdb6b69dSkamil{ 178fdb6b69dSkamil test_target 179fdb6b69dSkamil test $SUPPORT = 'n' && { 180fdb6b69dSkamil atf_add_test_case target_not_supported 181fdb6b69dSkamil return 0 182fdb6b69dSkamil } 183fdb6b69dSkamil atf_add_test_case simple 184fdb6b69dSkamil atf_add_test_case simple_profile 185fdb6b69dSkamil atf_add_test_case simple_pie 186fdb6b69dSkamil atf_add_test_case simple_pic 187fdb6b69dSkamil} 188