t_fuzzer_timeout.sh revision 1.4
1217309Snwhitehorn# Copyright (c) 2018 The NetBSD Foundation, Inc. 2217309Snwhitehorn# All rights reserved. 3217309Snwhitehorn# 4217309Snwhitehorn# This code is derived from software contributed to The NetBSD Foundation 5217309Snwhitehorn# by Yang Zheng. 6217309Snwhitehorn# 7217309Snwhitehorn# Redistribution and use in source and binary forms, with or without 8217309Snwhitehorn# modification, are permitted provided that the following conditions 9217309Snwhitehorn# are met: 10217309Snwhitehorn# 1. Redistributions of source code must retain the above copyright 11217309Snwhitehorn# notice, this list of conditions and the following disclaimer. 12217309Snwhitehorn# 2. Redistributions in binary form must reproduce the above copyright 13217309Snwhitehorn# notice, this list of conditions and the following disclaimer in the 14217309Snwhitehorn# documentation and/or other materials provided with the distribution. 15217309Snwhitehorn# 16217309Snwhitehorn# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17217309Snwhitehorn# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18217309Snwhitehorn# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19217309Snwhitehorn# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20217309Snwhitehorn# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21217309Snwhitehorn# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22217309Snwhitehorn# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23217309Snwhitehorn# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24217309Snwhitehorn# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25217309Snwhitehorn# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26217309Snwhitehorn# POSSIBILITY OF SUCH DAMAGE. 27217309Snwhitehorn# 28217309Snwhitehorn 29217309Snwhitehorntest_target() 30217309Snwhitehorn{ 31217309Snwhitehorn SUPPORT='n' 32217309Snwhitehorn if uname -m | grep -q "amd64" && command -v cc >/dev/null 2>&1 && \ 33217309Snwhitehorn ! echo __clang__ | cc -E - | grep -q __clang__; then 34217309Snwhitehorn # only clang with major version newer than 7 is supported 35217309Snwhitehorn CLANG_MAJOR=`echo __clang_major__ | cc -E - | grep -o '^[[:digit:]]'` 36217309Snwhitehorn if [ "$CLANG_MAJOR" -ge "7" ]; then 37217309Snwhitehorn SUPPORT='y' 38217309Snwhitehorn fi 39217309Snwhitehorn fi 40217309Snwhitehorn} 41217309Snwhitehorn 42217309Snwhitehornatf_test_case timeout 43217309Snwhitehorntimeout_head() { 44217309Snwhitehorn atf_set "descr" "Test thread sanitizer for timeout condition" 45217309Snwhitehorn atf_set "require.progs" "cc paxctl" 46217309Snwhitehorn} 47217309Snwhitehorn 48217309Snwhitehornatf_test_case timeout_profile 49217309Snwhitehorntimeout_profile_head() { 50217309Snwhitehorn atf_set "descr" "Test thread sanitizer for timeout with profiling option" 51217309Snwhitehorn atf_set "require.progs" "cc paxctl" 52217309Snwhitehorn} 53217309Snwhitehornatf_test_case timeout_pic 54217309Snwhitehorntimeout_pic_head() { 55217309Snwhitehorn atf_set "descr" "Test thread sanitizer for timeout with position independent code (PIC) flag" 56217309Snwhitehorn atf_set "require.progs" "cc paxctl" 57217309Snwhitehorn} 58217309Snwhitehornatf_test_case timeout_pie 59217309Snwhitehorntimeout_pie_head() { 60217309Snwhitehorn atf_set "descr" "Test thread sanitizer for timeout with position independent execution (PIE) flag" 61217309Snwhitehorn atf_set "require.progs" "cc paxctl" 62217309Snwhitehorn} 63217309Snwhitehorn 64217309Snwhitehorntimeout_body(){ 65217309Snwhitehorn cat > test.c << EOF 66217309Snwhitehorn#include <stddef.h> 67217309Snwhitehorn#include <stdint.h> 68217309Snwhitehorn 69217309Snwhitehornint LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 70217309Snwhitehorn if (size > 0 && data[0] == 'b') while (1) ; 71217309Snwhitehorn return 0; 72} 73EOF 74 75 cc -fsanitize=fuzzer -o test test.c 76 paxctl +a test 77 atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: timeout" ./test -timeout=5 78} 79 80timeout_profile_body(){ 81 cat > test.c << EOF 82#include <stddef.h> 83#include <stdint.h> 84 85int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 86 if (size > 0 && data[0] == 'b') while (1) ; 87 return 0; 88} 89EOF 90 91 cc -fsanitize=fuzzer -static -o test -pg test.c 92 paxctl +a test 93 atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: timeout" ./test -timeout=5 94} 95 96timeout_pic_body(){ 97 cat > test.c << EOF 98#include <stddef.h> 99#include <stdint.h> 100int help(const uint8_t *data, size_t size); 101int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 102 return help(data, size); 103} 104EOF 105 106 cat > pic.c << EOF 107#include <stddef.h> 108#include <stdint.h> 109 110int help(const uint8_t *data, size_t size) { 111 if (size > 0 && data[0] == 'b') while (1) ; 112 return 0; 113} 114EOF 115 116 cc -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.c 117 cc -o test test.c -fsanitize=fuzzer -L. -ltest 118 paxctl +a test 119 120 export LD_LIBRARY_PATH=. 121 atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: timeout" ./test -timeout=5 122} 123timeout_pie_body(){ 124 125 #check whether -pie flag is supported on this architecture 126 if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 127 atf_set_skip "cc -pie not supported on this architecture" 128 fi 129 cat > test.c << EOF 130#include <stddef.h> 131#include <stdint.h> 132 133int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 134 if (size > 0 && data[0] == 'b') while (1) ; 135 return 0; 136} 137EOF 138 139 cc -fsanitize=fuzzer -o test -fpie -pie test.c 140 paxctl +a test 141 atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: timeout" ./test -timeout=5 142} 143 144 145atf_test_case target_not_supported 146target_not_supported_head() 147{ 148 atf_set "descr" "Test forced skip" 149} 150 151target_not_supported_body() 152{ 153 atf_skip "Target is not supported" 154} 155 156atf_init_test_cases() 157{ 158 test_target 159 test $SUPPORT = 'n' && { 160 atf_add_test_case target_not_supported 161 return 0 162 } 163 atf_add_test_case timeout 164 atf_add_test_case timeout_profile 165 atf_add_test_case timeout_pie 166 atf_add_test_case timeout_pic 167} 168