Home | History | Annotate | Line # | Download | only in cc
t_tsan_heap_use_after_free.sh revision 1.6
      1 # Copyright (c) 2018 The NetBSD Foundation, Inc.
      2 # All rights reserved.
      3 #
      4 # This code is derived from software contributed to The NetBSD Foundation
      5 # by Yang Zheng.
      6 #
      7 # Redistribution and use in source and binary forms, with or without
      8 # modification, are permitted provided that the following conditions
      9 # are met:
     10 # 1. Redistributions of source code must retain the above copyright
     11 #    notice, this list of conditions and the following disclaimer.
     12 # 2. Redistributions in binary form must reproduce the above copyright
     13 #    notice, this list of conditions and the following disclaimer in the
     14 #    documentation and/or other materials provided with the distribution.
     15 #
     16 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
     17 # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
     18 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     19 # PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
     20 # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     21 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
     22 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
     23 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
     24 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     25 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
     26 # POSSIBILITY OF SUCH DAMAGE.
     27 #
     28 
     29 tsan_available_archs()
     30 {
     31 	atf_set "require.arch" "x86_64"
     32 }
     33 
     34 atf_test_case heap_use_after_free
     35 heap_use_after_free_head() {
     36 	atf_set "descr" "Test thread sanitizer for use-after-free condition"
     37 	atf_set "require.progs" "cc paxctl"
     38 	tsan_available_archs
     39 }
     40 
     41 atf_test_case heap_use_after_free_profile
     42 heap_use_after_free_profile_head() {
     43 	atf_set "descr" "Test thread sanitizer for use-after-free with profiling option"
     44 	atf_set "require.progs" "cc paxctl"
     45 	tsan_available_archs
     46 }
     47 atf_test_case heap_use_after_free_pic
     48 heap_use_after_free_pic_head() {
     49 	atf_set "descr" "Test thread sanitizer for use-after-free with position independent code (PIC) flag"
     50 	atf_set "require.progs" "cc paxctl"
     51 	tsan_available_archs
     52 }
     53 atf_test_case heap_use_after_free_pie
     54 heap_use_after_free_pie_head() {
     55 	atf_set "descr" "Test thread sanitizer for use-after-free with position independent execution (PIE) flag"
     56 	atf_set "require.progs" "cc paxctl"
     57 	tsan_available_archs
     58 }
     59 
     60 heap_use_after_free_body(){
     61 	cat > test.c << EOF
     62 #include <pthread.h>
     63 #include <stdlib.h>
     64 
     65 int *ptr;
     66 pthread_barrier_t barrier;
     67 void *Thread(void *a) {
     68   pthread_barrier_wait(&barrier);
     69   *ptr = 42;
     70   return 0;
     71 }
     72 
     73 int main() {
     74   pthread_t t;
     75   pthread_barrier_init(&barrier, NULL, 2);
     76   ptr = (int *)malloc(sizeof(int));
     77   pthread_create(&t, NULL, Thread, NULL);
     78   free(ptr);
     79   pthread_barrier_wait(&barrier);
     80   pthread_join(t, NULL);
     81   return 0;
     82 }
     83 EOF
     84 
     85 	cc -fsanitize=thread -o test test.c
     86 	paxctl +a test
     87 	atf_check -s ignore -o ignore -e match:"WARNING: ThreadSanitizer: heap-use-after-free" ./test
     88 }
     89 
     90 heap_use_after_free_profile_body(){
     91 	atf_expect_fail "PR toolchain/55760"
     92 	cat > test.c << EOF
     93 #include <pthread.h>
     94 #include <stdlib.h>
     95 
     96 int *ptr;
     97 pthread_barrier_t barrier;
     98 void *Thread(void *a) {
     99   pthread_barrier_wait(&barrier);
    100   *ptr = 42;
    101   return 0;
    102 }
    103 
    104 int main() {
    105   pthread_t t;
    106   pthread_barrier_init(&barrier, NULL, 2);
    107   ptr = (int *)malloc(sizeof(int));
    108   pthread_create(&t, NULL, Thread, NULL);
    109   free(ptr);
    110   pthread_barrier_wait(&barrier);
    111   pthread_join(t, NULL);
    112   return 0;
    113 }
    114 EOF
    115 
    116 	cc -fsanitize=thread -o test -pg test.c
    117 	paxctl +a test
    118 	atf_check -s ignore -o ignore -e match:"WARNING: ThreadSanitizer: heap-use-after-free" ./test
    119 }
    120 
    121 heap_use_after_free_pic_body(){
    122 	cat > test.c << EOF
    123 #include <stdio.h>
    124 #include <stdlib.h>
    125 int help(int);
    126 int main(int argc, char **argv) {return help(argc);}
    127 EOF
    128 
    129 	cat > pic.c << EOF
    130 #include <pthread.h>
    131 #include <stdlib.h>
    132 
    133 int *ptr;
    134 pthread_barrier_t barrier;
    135 void *Thread(void *a) {
    136   pthread_barrier_wait(&barrier);
    137   *ptr = 42;
    138   return 0;
    139 }
    140 
    141 int help(int argc) {
    142   pthread_t t;
    143   pthread_barrier_init(&barrier, NULL, 2);
    144   ptr = (int *)malloc(sizeof(int));
    145   pthread_create(&t, NULL, Thread, NULL);
    146   free(ptr);
    147   pthread_barrier_wait(&barrier);
    148   pthread_join(t, NULL);
    149   return 0;
    150 }
    151 EOF
    152 
    153 	cc -fsanitize=thread -fPIC -shared -o libtest.so pic.c
    154 	cc -o test test.c -fsanitize=thread -L. -ltest
    155 	paxctl +a test
    156 
    157 	export LD_LIBRARY_PATH=.
    158 	atf_check -s ignore -o ignore -e match:"WARNING: ThreadSanitizer: heap-use-after-free" ./test
    159 }
    160 heap_use_after_free_pie_body(){
    161 
    162 	#check whether -pie flag is supported on this architecture
    163 	if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
    164 		atf_set_skip "cc -pie not supported on this architecture"
    165 	fi
    166 	cat > test.c << EOF
    167 #include <pthread.h>
    168 #include <stdlib.h>
    169 
    170 int *ptr;
    171 pthread_barrier_t barrier;
    172 void *Thread(void *a) {
    173   pthread_barrier_wait(&barrier);
    174   *ptr = 42;
    175   return 0;
    176 }
    177 
    178 int main() {
    179   pthread_t t;
    180   pthread_barrier_init(&barrier, NULL, 2);
    181   ptr = (int *)malloc(sizeof(int));
    182   pthread_create(&t, NULL, Thread, NULL);
    183   free(ptr);
    184   pthread_barrier_wait(&barrier);
    185   pthread_join(t, NULL);
    186   return 0;
    187 }
    188 EOF
    189 
    190 	cc -fsanitize=thread -o test -fpie -pie test.c
    191 	paxctl +a test
    192 	atf_check -s ignore -o ignore -e match:"WARNING: ThreadSanitizer: heap-use-after-free" ./test
    193 }
    194 
    195 atf_init_test_cases()
    196 {
    197 	atf_add_test_case heap_use_after_free
    198 	atf_add_test_case heap_use_after_free_profile
    199 	atf_add_test_case heap_use_after_free_pie
    200 	atf_add_test_case heap_use_after_free_pic
    201 }
    202