11.1Skamil# Copyright (c) 2018 The NetBSD Foundation, Inc.
21.1Skamil# All rights reserved.
31.1Skamil#
41.1Skamil# This code is derived from software contributed to The NetBSD Foundation
51.1Skamil# by Yang Zheng.
61.1Skamil#
71.1Skamil# Redistribution and use in source and binary forms, with or without
81.1Skamil# modification, are permitted provided that the following conditions
91.1Skamil# are met:
101.1Skamil# 1. Redistributions of source code must retain the above copyright
111.1Skamil#    notice, this list of conditions and the following disclaimer.
121.1Skamil# 2. Redistributions in binary form must reproduce the above copyright
131.1Skamil#    notice, this list of conditions and the following disclaimer in the
141.1Skamil#    documentation and/or other materials provided with the distribution.
151.1Skamil#
161.1Skamil# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
171.1Skamil# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
181.1Skamil# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
191.1Skamil# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
201.1Skamil# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
211.1Skamil# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
221.1Skamil# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
231.1Skamil# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
241.1Skamil# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
251.1Skamil# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
261.1Skamil# POSSIBILITY OF SUCH DAMAGE.
271.1Skamil#
281.1Skamil
291.1Skamiltest_target()
301.1Skamil{
311.1Skamil	SUPPORT='n'
321.1Skamil	if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \
331.1Skamil		   ! echo __clang__ | c++ -E - | grep -q __clang__; then
341.1Skamil		# only clang with major version newer than 7 is supported
351.1Skamil		CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'`
361.1Skamil		if [ "$CLANG_MAJOR" -ge "7" ]; then
371.1Skamil			SUPPORT='y'
381.1Skamil		fi
391.1Skamil	fi
401.1Skamil}
411.1Skamil
421.1Skamilatf_test_case oom
431.1Skamiloom_head() {
441.1Skamil	atf_set "descr" "Test thread sanitizer for out-of-memory condition"
451.1Skamil	atf_set "require.progs" "c++ paxctl"
461.1Skamil}
471.1Skamil
481.1Skamilatf_test_case oom_profile
491.1Skamiloom_profile_head() {
501.1Skamil	atf_set "descr" "Test thread sanitizer for out-of-memory with profiling option"
511.1Skamil	atf_set "require.progs" "c++ paxctl"
521.1Skamil}
531.1Skamilatf_test_case oom_pic
541.1Skamiloom_pic_head() {
551.1Skamil	atf_set "descr" "Test thread sanitizer for out-of-memory with position independent code (PIC) flag"
561.1Skamil	atf_set "require.progs" "c++ paxctl"
571.1Skamil}
581.1Skamilatf_test_case oom_pie
591.1Skamiloom_pie_head() {
601.1Skamil	atf_set "descr" "Test thread sanitizer for out-of-memory with position independent execution (PIE) flag"
611.1Skamil	atf_set "require.progs" "c++ paxctl"
621.1Skamil}
631.1Skamil
641.1Skamiloom_body(){
651.1Skamil	cat > test.cc << EOF
661.1Skamil#include <stddef.h>
671.1Skamil#include <stdint.h>
681.1Skamil#include <stdlib.h>
691.1Skamil
701.1Skamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
711.1Skamil  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
721.1Skamil  return 0;
731.1Skamil}
741.1SkamilEOF
751.1Skamil
761.1Skamil	c++ -fsanitize=fuzzer -o test test.cc
771.1Skamil	paxctl +a test
781.1Skamil	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
791.1Skamil}
801.1Skamil
811.1Skamiloom_profile_body(){
821.1Skamil	cat > test.cc << EOF
831.1Skamil#include <stddef.h>
841.1Skamil#include <stdint.h>
851.1Skamil#include <stdlib.h>
861.1Skamil
871.1Skamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
881.1Skamil  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
891.1Skamil  return 0;
901.1Skamil}
911.1SkamilEOF
921.1Skamil
931.4Sskrll	c++ -fsanitize=fuzzer -static -o test -pg test.cc
941.1Skamil	paxctl +a test
951.1Skamil	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
961.1Skamil}
971.1Skamil
981.1Skamiloom_pic_body(){
991.1Skamil	cat > test.cc << EOF
1001.1Skamil#include <stddef.h>
1011.1Skamil#include <stdint.h>
1021.1Skamilint help(const uint8_t *data, size_t size);
1031.1Skamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
1041.1Skamil    return help(data, size);
1051.1Skamil}
1061.1SkamilEOF
1071.1Skamil
1081.1Skamil	cat > pic.cc << EOF
1091.1Skamil#include <stddef.h>
1101.1Skamil#include <stdint.h>
1111.1Skamil#include <stdlib.h>
1121.1Skamil
1131.1Skamilint help(const uint8_t *data, size_t size) {
1141.1Skamil  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
1151.1Skamil  return 0;
1161.1Skamil}
1171.1SkamilEOF
1181.1Skamil
1191.1Skamil	c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc
1201.1Skamil	c++ -o test test.cc -fsanitize=fuzzer -L. -ltest
1211.1Skamil	paxctl +a test
1221.1Skamil
1231.1Skamil	export LD_LIBRARY_PATH=.
1241.1Skamil	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
1251.1Skamil}
1261.1Skamiloom_pie_body(){
1271.3Sskrll
1281.1Skamil	#check whether -pie flag is supported on this architecture
1291.3Sskrll	if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
1301.1Skamil		atf_set_skip "c++ -pie not supported on this architecture"
1311.1Skamil	fi
1321.1Skamil	cat > test.cc << EOF
1331.1Skamil#include <stddef.h>
1341.1Skamil#include <stdint.h>
1351.1Skamil#include <stdlib.h>
1361.1Skamil
1371.1Skamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
1381.1Skamil  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
1391.1Skamil  return 0;
1401.1Skamil}
1411.1SkamilEOF
1421.1Skamil
1431.1Skamil	c++ -fsanitize=fuzzer -o test -fpie -pie test.cc
1441.1Skamil	paxctl +a test
1451.1Skamil	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
1461.1Skamil}
1471.1Skamil
1481.1Skamil
1491.1Skamilatf_test_case target_not_supported
1501.1Skamiltarget_not_supported_head()
1511.1Skamil{
1521.1Skamil	atf_set "descr" "Test forced skip"
1531.1Skamil}
1541.1Skamil
1551.2Skamiltarget_not_supported_body()
1561.2Skamil{
1571.2Skamil	atf_skip "Target is not supported"
1581.2Skamil}
1591.2Skamil
1601.1Skamilatf_init_test_cases()
1611.1Skamil{
1621.1Skamil	test_target
1631.1Skamil	test $SUPPORT = 'n' && {
1641.1Skamil		atf_add_test_case target_not_supported
1651.1Skamil		return 0
1661.1Skamil	}
1671.1Skamil	atf_add_test_case oom
1681.1Skamil	atf_add_test_case oom_profile
1691.1Skamil	atf_add_test_case oom_pie
1701.1Skamil	atf_add_test_case oom_pic
1711.1Skamil}
172