1*fdb6b69dSkamil# Copyright (c) 2018 The NetBSD Foundation, Inc. 2*fdb6b69dSkamil# All rights reserved. 3*fdb6b69dSkamil# 4*fdb6b69dSkamil# This code is derived from software contributed to The NetBSD Foundation 5*fdb6b69dSkamil# by Yang Zheng. 6*fdb6b69dSkamil# 7*fdb6b69dSkamil# Redistribution and use in source and binary forms, with or without 8*fdb6b69dSkamil# modification, are permitted provided that the following conditions 9*fdb6b69dSkamil# are met: 10*fdb6b69dSkamil# 1. Redistributions of source code must retain the above copyright 11*fdb6b69dSkamil# notice, this list of conditions and the following disclaimer. 12*fdb6b69dSkamil# 2. Redistributions in binary form must reproduce the above copyright 13*fdb6b69dSkamil# notice, this list of conditions and the following disclaimer in the 14*fdb6b69dSkamil# documentation and/or other materials provided with the distribution. 15*fdb6b69dSkamil# 16*fdb6b69dSkamil# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17*fdb6b69dSkamil# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18*fdb6b69dSkamil# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19*fdb6b69dSkamil# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20*fdb6b69dSkamil# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21*fdb6b69dSkamil# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22*fdb6b69dSkamil# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23*fdb6b69dSkamil# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24*fdb6b69dSkamil# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25*fdb6b69dSkamil# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26*fdb6b69dSkamil# POSSIBILITY OF SUCH DAMAGE. 27*fdb6b69dSkamil# 28*fdb6b69dSkamil 29*fdb6b69dSkamiltest_target() 30*fdb6b69dSkamil{ 31*fdb6b69dSkamil SUPPORT='n' 32*fdb6b69dSkamil if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \ 33*fdb6b69dSkamil ! echo __clang__ | c++ -E - | grep -q __clang__; then 34*fdb6b69dSkamil # only clang with major version newer than 7 is supported 35*fdb6b69dSkamil CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'` 36*fdb6b69dSkamil if [ "$CLANG_MAJOR" -ge "7" ]; then 37*fdb6b69dSkamil SUPPORT='y' 38*fdb6b69dSkamil fi 39*fdb6b69dSkamil fi 40*fdb6b69dSkamil} 41*fdb6b69dSkamil 42*fdb6b69dSkamilatf_test_case simple 43*fdb6b69dSkamilsimple_head() { 44*fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for error exit condition" 45*fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 46*fdb6b69dSkamil} 47*fdb6b69dSkamil 48*fdb6b69dSkamilatf_test_case simple_profile 49*fdb6b69dSkamilsimple_profile_head() { 50*fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for simple with profiling option" 51*fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 52*fdb6b69dSkamil} 53*fdb6b69dSkamilatf_test_case simple_pic 54*fdb6b69dSkamilsimple_pic_head() { 55*fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for simple with position independent code (PIC) flag" 56*fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 57*fdb6b69dSkamil} 58*fdb6b69dSkamilatf_test_case simple_pie 59*fdb6b69dSkamilsimple_pie_head() { 60*fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for simple with position independent execution (PIE) flag" 61*fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 62*fdb6b69dSkamil} 63*fdb6b69dSkamil 64*fdb6b69dSkamilsimple_body(){ 65*fdb6b69dSkamil cat > test.cc << EOF 66*fdb6b69dSkamil#include <stdlib.h> 67*fdb6b69dSkamil#include <stdio.h> 68*fdb6b69dSkamil#include <stdint.h> 69*fdb6b69dSkamil 70*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 71*fdb6b69dSkamil if (size > 0 && data[0] == 'b') { 72*fdb6b69dSkamil fprintf(stderr, "BINGO\n"); 73*fdb6b69dSkamil exit(1); 74*fdb6b69dSkamil } 75*fdb6b69dSkamil 76*fdb6b69dSkamil return 0; 77*fdb6b69dSkamil} 78*fdb6b69dSkamilEOF 79*fdb6b69dSkamil 80*fdb6b69dSkamil c++ -fsanitize=fuzzer -o test test.cc 81*fdb6b69dSkamil paxctl +a test 82*fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"BINGO" ./test 83*fdb6b69dSkamil} 84*fdb6b69dSkamil 85*fdb6b69dSkamilsimple_profile_body(){ 86*fdb6b69dSkamil cat > test.cc << EOF 87*fdb6b69dSkamil#include <stdlib.h> 88*fdb6b69dSkamil#include <stdio.h> 89*fdb6b69dSkamil#include <stdint.h> 90*fdb6b69dSkamil 91*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 92*fdb6b69dSkamil if (size > 0 && data[0] == 'b') { 93*fdb6b69dSkamil fprintf(stderr, "BINGO\n"); 94*fdb6b69dSkamil exit(1); 95*fdb6b69dSkamil } 96*fdb6b69dSkamil 97*fdb6b69dSkamil return 0; 98*fdb6b69dSkamil} 99*fdb6b69dSkamilEOF 100*fdb6b69dSkamil 101*fdb6b69dSkamil c++ -fsanitize=fuzzer -o test -pg test.cc 102*fdb6b69dSkamil paxctl +a test 103*fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"BINGO" ./test 104*fdb6b69dSkamil} 105*fdb6b69dSkamil 106*fdb6b69dSkamilsimple_pic_body(){ 107*fdb6b69dSkamil cat > test.cc << EOF 108*fdb6b69dSkamil#include <stddef.h> 109*fdb6b69dSkamil#include <stdint.h> 110*fdb6b69dSkamilint help(const uint8_t *data, size_t size); 111*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 112*fdb6b69dSkamil return help(data, size); 113*fdb6b69dSkamil} 114*fdb6b69dSkamilEOF 115*fdb6b69dSkamil 116*fdb6b69dSkamil cat > pic.cc << EOF 117*fdb6b69dSkamil#include <stdlib.h> 118*fdb6b69dSkamil#include <stdio.h> 119*fdb6b69dSkamil#include <stdint.h> 120*fdb6b69dSkamil 121*fdb6b69dSkamilint help(const uint8_t *data, size_t size) { 122*fdb6b69dSkamil if (size > 0 && data[0] == 'b') { 123*fdb6b69dSkamil fprintf(stderr, "BINGO\n"); 124*fdb6b69dSkamil exit(1); 125*fdb6b69dSkamil } 126*fdb6b69dSkamil 127*fdb6b69dSkamil return 0; 128*fdb6b69dSkamil} 129*fdb6b69dSkamilEOF 130*fdb6b69dSkamil 131*fdb6b69dSkamil c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc 132*fdb6b69dSkamil c++ -o test test.cc -fsanitize=fuzzer -L. -ltest 133*fdb6b69dSkamil paxctl +a test 134*fdb6b69dSkamil 135*fdb6b69dSkamil export LD_LIBRARY_PATH=. 136*fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"BINGO" ./test 137*fdb6b69dSkamil} 138*fdb6b69dSkamilsimple_pie_body(){ 139*fdb6b69dSkamil 140*fdb6b69dSkamil #check whether -pie flag is supported on this architecture 141*fdb6b69dSkamil if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 142*fdb6b69dSkamil atf_set_skip "c++ -pie not supported on this architecture" 143*fdb6b69dSkamil fi 144*fdb6b69dSkamil cat > test.cc << EOF 145*fdb6b69dSkamil#include <stdlib.h> 146*fdb6b69dSkamil#include <stdio.h> 147*fdb6b69dSkamil#include <stdint.h> 148*fdb6b69dSkamil 149*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 150*fdb6b69dSkamil if (size > 0 && data[0] == 'b') { 151*fdb6b69dSkamil fprintf(stderr, "BINGO\n"); 152*fdb6b69dSkamil exit(1); 153*fdb6b69dSkamil } 154*fdb6b69dSkamil 155*fdb6b69dSkamil return 0; 156*fdb6b69dSkamil} 157*fdb6b69dSkamilEOF 158*fdb6b69dSkamil 159*fdb6b69dSkamil c++ -fsanitize=fuzzer -o test -fpie -pie test.cc 160*fdb6b69dSkamil paxctl +a test 161*fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"BINGO" ./test 162*fdb6b69dSkamil} 163*fdb6b69dSkamil 164*fdb6b69dSkamil 165*fdb6b69dSkamilatf_test_case target_not_supported 166*fdb6b69dSkamiltarget_not_supported_head() 167*fdb6b69dSkamil{ 168*fdb6b69dSkamil atf_set "descr" "Test forced skip" 169*fdb6b69dSkamil} 170*fdb6b69dSkamil 171*fdb6b69dSkamilatf_init_test_cases() 172*fdb6b69dSkamil{ 173*fdb6b69dSkamil test_target 174*fdb6b69dSkamil test $SUPPORT = 'n' && { 175*fdb6b69dSkamil atf_add_test_case target_not_supported 176*fdb6b69dSkamil return 0 177*fdb6b69dSkamil } 178*fdb6b69dSkamil atf_add_test_case simple 179*fdb6b69dSkamil atf_add_test_case simple_profile 180*fdb6b69dSkamil atf_add_test_case simple_pie 181*fdb6b69dSkamil atf_add_test_case simple_pic 182*fdb6b69dSkamil} 183