xref: /netbsd-src/tests/usr.bin/cc/t_asan_poison.sh (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1#	$NetBSD: t_asan_poison.sh,v 1.2 2018/07/16 07:25:58 kamil Exp $
2#
3# Copyright (c) 2018 The NetBSD Foundation, Inc.
4# All rights reserved.
5#
6# This code is derived from software contributed to The NetBSD Foundation
7# by Siddharth Muralee.
8#
9# Redistribution and use in source and binary forms, with or without
10# modification, are permitted provided that the following conditions
11# are met:
12# 1. Redistributions of source code must retain the above copyright
13#    notice, this list of conditions and the following disclaimer.
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in the
16#    documentation and/or other materials provided with the distribution.
17#
18# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28# POSSIBILITY OF SUCH DAMAGE.
29#
30
31SUPPORT='n'
32test_target() {
33	if uname -m | grep -q "amd64"; then
34		SUPPORT='y'
35	fi
36
37	if uname -m | grep -q "i386"; then
38		SUPPORT='y'
39	fi
40}
41
42atf_test_case poison
43poison_head() {
44	atf_set "descr" "compile and run \"Use after Poison example\""
45	atf_set "require.progs" "cc paxctl"
46}
47
48atf_test_case poison_profile
49poison_profile_head() {
50	atf_set "descr" "compile and run \"Use after Poison example\" with profiling option"
51	atf_set "require.progs" "cc paxctl"
52}
53
54atf_test_case poison_pic
55poison_pic_head() {
56	atf_set "descr" "compile and run PIC \"Use after Poison example\""
57	atf_set "require.progs" "cc paxctl"
58}
59
60atf_test_case poison_pie
61poison_pie_head() {
62	atf_set "descr" "compile and run position independent (PIE) \"Use after Poison example\""
63	atf_set "require.progs" "cc paxctl"
64}
65
66atf_test_case poison32
67poison32_head() {
68	atf_set "descr" "compile and run \"Use after Poison example\" for/in netbsd32 emulation"
69	atf_set "require.progs" "cc paxctl file diff cat"
70}
71
72atf_test_case target_not_supported
73target_not_supported_head()
74{
75	atf_set "descr" "Test forced skip"
76}
77
78poison_body() {
79	cat > test.c << EOF
80#include <stdio.h>
81#include <stdlib.h>
82#include <sanitizer/asan_interface.h>
83int foo() {
84	int p = 2;
85	int *a;
86	ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
87	a=&p;
88	printf("%d", *a);
89}
90
91int main() {
92	foo();
93	printf("CHECK\n");
94	exit(0);
95}
96EOF
97	cc -fsanitize=address -o test test.c
98	paxctl +a test
99	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
100}
101
102poison_profile_body() {
103	cat > test.c << EOF
104#include <stdio.h>
105#include <stdlib.h>
106#include <sanitizer/asan_interface.h>
107int foo() {
108	int p = 2;
109	int *a;
110	ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
111	a=&p;
112	printf("%d", *a);
113}
114
115int main() {
116	foo();
117	printf("CHECK\n");
118	exit(0);
119}
120EOF
121	cc -fsanitize=address -o test -pg test.c
122	paxctl +a test
123	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
124}
125
126poison_pic_body() {
127	cat > test.c << EOF
128#include <stdio.h>
129#include <stdlib.h>
130#include <sanitizer/asan_interface.h>
131int foo();
132int main() {
133	foo();
134	printf("CHECK\n");
135	exit(0);
136}
137EOF
138	cat > pic.c << EOF
139#include <stdio.h>
140#include <stdlib.h>
141#include <sanitizer/asan_interface.h>
142int foo() {
143	int p = 2;
144	int *a;
145	ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
146	a=&p;
147	printf("%d", *a);
148}
149EOF
150
151	cc -fPIC -fsanitize=address -shared -o libtest.so pic.c
152	cc -o test test.c -fsanitize=address -L. -ltest
153	paxctl +a test
154
155	export LD_LIBRARY_PATH=.
156	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
157}
158
159poison_pie_body() {
160	# check whether this arch supports -pice
161	if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
162		atf_set_skip "cc -pie not supported on this architecture"
163	fi
164	cat > test.c << EOF
165#include <stdio.h>
166#include <stdlib.h>
167#include <sanitizer/asan_interface.h>
168int foo() {
169	int p = 2;
170	int *a;
171	ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
172	 a=&p;
173	printf("%d", *a);
174}
175
176int main() {
177	foo();
178	printf("CHECK\n");
179	exit(0);
180}
181EOF
182	cc -fsanitize=address -fpie -pie -o test test.c
183	paxctl +a test
184	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
185}
186
187poison32_body() {
188	# check whether this arch is 64bit
189	if ! cc -dM -E - < /dev/null | fgrep -q _LP64; then
190		atf_skip "this is not a 64 bit architecture"
191	fi
192	if ! cc -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
193		atf_skip "cc -m32 not supported on this architecture"
194	else
195		if fgrep -q _LP64 ./def32; then
196		atf_fail "cc -m32 does not generate netbsd32 binaries"
197	fi
198fi
199
200	cat > test.c << EOF
201#include <stdio.h>
202#include <stdlib.h>
203#include <sanitizer/asan_interface.h>
204int foo() {
205	int p = 2;
206	int *a;
207	ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
208	a=&p;
209	printf("%d", *a);
210}
211
212int main() {
213	foo();
214	printf("CHECK\n");
215	exit(0);
216}
217EOF
218	cc -fsanitize=address -o psn32 -m32 test.c
219	cc -fsanitize=address -o psn64 test.c
220	file -b ./psn32 > ./ftype32
221	file -b ./psn64 > ./ftype64
222	if diff ./ftype32 ./ftype64 >/dev/null; then
223		atf_fail "generated binaries do not differ"
224	fi
225	echo "32bit binaries on this platform are:"
226	cat ./ftype32
227	echo "While native (64bit) binaries are:"
228	cat ./ftype64
229	paxctl +a psn32
230	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./psn32
231
232# and another test with profile 32bit binaries
233	cat > test.c << EOF
234#include <stdio.h>
235#include <stdlib.h>
236#include <sanitizer/asan_interface.h>
237int foo() {
238	int p = 2;
239	int *a;
240	ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
241	a=&p;
242	printf("%d", *a);
243}
244
245int main() {
246	foo();
247	printf("CHECK\n");
248	exit(0);
249}
250EOF
251	cc -o test -m32 -fsanitize=address -pg test.c
252	paxctl +a test
253	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
254}
255
256target_not_supported_body()
257{
258	atf_skip "Target is not supported"
259}
260
261atf_init_test_cases()
262{
263	test_target
264	test $SUPPORT = 'n' && {
265		atf_add_test_case target_not_supported
266		return 0
267	}
268
269	atf_add_test_case poison
270#	atf_add_test_case poison_profile
271	atf_add_test_case poison_pic
272	atf_add_test_case poison_pie
273#	atf_add_test_case poison32
274	# static option not supported
275	# -static and -fsanitize=address can't be used together for compilation
276	# (gcc version  5.4.0 and clang 7.1) tested on April 2nd 2018.
277}
278