Permalink
Browse files

Add new ATF Undefined Behavior Sanitizer tests

Add new cc and c++ tests to check whether UBSan works.
These tests are prepared for GCC (in base) and Clang (with external patches).

Enable these tests for all ports by default, just verify whether we are
using GCC/Clang or a compatible compiler.

Add five equivalent C and C++ tests:
 - Integer addition overflow
 - Integer divide by zero
 - Integer negation overflow
 - Integer subtraction overflow
 - VLA out of bounds

All tests pass on NetBSD/amd64.

Patch submitted by <Harry Pantazis>
Minor cleanup by <myself>
  • Loading branch information...
krytarowski committed May 2, 2018
1 parent 57e99b7 commit 705eaea77da05c69f594f2dd727c4f2524e6460b
@@ -1,4 +1,4 @@
# $NetBSD: mi,v 1.781 2018/04/11 03:25:25 kamil Exp $
# $NetBSD: mi,v 1.782 2018/05/02 18:46:05 kamil Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -3641,6 +3641,11 @@
./usr/tests/usr.bin/c++/t_asan_off_by_one tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_asan_poison tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_asan_uaf tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_ubsan_int_add_overflow tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_ubsan_int_sub_overflow tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_ubsan_int_neg_overflow tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_ubsan_int_divzero tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_ubsan_vla_out_of_bounds tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_call_once tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_call_once2 tests-usr.bin-tests compattestfile,atf,cxx
./usr/tests/usr.bin/c++/t_cxxruntime tests-usr.bin-tests compattestfile,atf,cxx
@@ -3657,6 +3662,11 @@
./usr/tests/usr.bin/cc/t_asan_off_by_one tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cc/t_asan_poison tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cc/t_asan_uaf tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cc/t_ubsan_int_add_overflow tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cc/t_ubsan_int_sub_overflow tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cc/t_ubsan_int_neg_overflow tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cc/t_ubsan_int_divzero tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cc/t_ubsan_vla_out_of_bounds tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cmp tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cmp/Atffile tests-usr.bin-tests compattestfile,atf
./usr/tests/usr.bin/cmp/Kyuafile tests-usr.bin-tests compattestfile,atf,kyua
@@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.8 2018/04/11 03:25:25 kamil Exp $
# $NetBSD: Makefile,v 1.9 2018/05/02 18:46:05 kamil Exp $
.include <bsd.own.mk>
@@ -11,6 +11,11 @@ TESTS_SH+= t_asan_heap_overflow
TESTS_SH+= t_asan_off_by_one
TESTS_SH+= t_asan_poison
TESTS_SH+= t_asan_uaf
TESTS_SH+= t_ubsan_int_add_overflow
TESTS_SH+= t_ubsan_int_sub_overflow
TESTS_SH+= t_ubsan_int_neg_overflow
TESTS_SH+= t_ubsan_int_divzero
TESTS_SH+= t_ubsan_vla_out_of_bounds
TESTS_SH+= t_call_once
TESTS_SH+= t_call_once2
TESTS_SH+= t_cxxruntime
@@ -0,0 +1,197 @@
# Copyright (c) 2018 The NetBSD Foundation, Inc.
# All rights reserved.
#
# This code is derived from software contributed to The NetBSD Foundation
# by Harry Pantazis.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
test_target()
{
SUPPORT='n'
if ! echo __GNUC__ | c++ -E - | grep -q __GNUC__; then
SUPPORT='y'
fi
if ! echo __clang__ | c++ -E - | grep -q __clang__; then
SUPPORT='y'
fi
}
atf_test_case int_add_overflow
int_add_overflow_head() {
atf_set "descr" "Test Undefined Behavior for int addition overflows"
atf_set "require.progs" "c++"
}
atf_test_case int_add_overflow_profile
int_add_overflow_profile_head() {
atf_set "descr" "Test Undefined Behavior for int addition overflows with profiling option"
atf_set "require.progs" "c++"
}
atf_test_case int_add_overflow_pic
int_add_overflow_pic_head() {
atf_set "descr" "Test Undefined Behavior for int addition overflows with position independent code (PIC) flag"
atf_set "require.progs" "c++"
}
atf_test_case int_add_overflow_pie
int_add_overflow_pie_head() {
atf_set "descr" "Test Undefined Behavior for int addition overflows with position independent execution (PIE) flag"
atf_set "require.progs" "c++"
}
atf_test_case int_add_overflow32
int_add_overflow32_head() {
atf_set "descr" "Test Undefined Behavior for int addition overflows in NetBSD_32 emulation"
atf_set "require.progs" "c++ file diff cat"
}
int_add_overflow_body(){
cat > test.c << EOF
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {volatile int l = INT_MAX; l+=argc; return l;}
EOF
c++ -fsanitize=undefined -o test test.c
atf_check -e match:"signed integer overflow" ./test
}
int_add_overflow_profile_body(){
cat > test.c << EOF
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {volatile int l = INT_MAX; l+=argc; return l;}
EOF
c++ -fsanitize=undefined -o test -pg test.c
atf_check -e match:"signed integer overflow" ./test
}
int_add_overflow_pic_body(){
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
int help(int);
int main(int argc, char **argv) {volatile int k = help(argc); return k;}
EOF
cat > pic.c << EOF
#include <stdlib.h>
#include <stdio.h>
#include <limits.h>
int help(int count) {volatile int l = INT_MAX; l+= count; return l;}
EOF
c++ -fsanitize=undefined -fPIC -shared -o libtest.so pic.c
c++ -o test test.c -fsanitize=undefined -L. -ltest
export LD_LIBRARY_PATH=.
atf_check -e match:"signed integer overflow" ./test
}
int_add_overflow_pie_body(){
#check whether -pie flag is supported on this architecture
if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
atf_set_skip "c++ -pie not supported on this architecture"
fi
cat > test.c << EOF
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {volatile int l = INT_MAX; l+= argc; return l;}
EOF
c++ -fsanitize=undefined -o test -fpie -pie test.c
atf_check -e match:"signed integer overflow" ./test
}
int_add_overflow32_body(){
# check what this architecture is, after all
if ! c++ -dM -E - < /dev/null | grep -F -q _LP64; then
atf_skip "This is not a 64 bit architecture"
fi
if ! c++ -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
atf_skip "c++ -m32 Not supported on this architecture"
else
if grep -F -q _LP64 ./def32; then
atf_fail "c++ -m32 Does not generate NetBSD32 binaries"
fi
fi
cat > test.c << EOF
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {volatile int l = INT_MAX; l+= argc; return l;}
EOF
c++ -fsanitize=undefined -o md32 -m32 test.c
c++ -fsanitize=undefined -o md64 test.c
file -b ./md32 > ./ftype32
file -b ./md64 > ./ftype64
if diff ./ftype32 ./ftype64 >/dev/null; then
atf_fail "Generated binz ain't no different"
fi
echo "32bit Binz on this platform are:"
cat ./ftype32
echo "64bit Binz are on the other hand:"
cat ./ftype64
atf_check -e match:"signed integer overflow" ./md32
# Another test with profile 32bit binaries, just to make sure everything has been thoroughly done
cat > test.c << EOF
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {volatile int l = INT_MAX; l+= argc; return l;}
EOF
c++ -fsanitize=undefined -pg -m32 -o test test.c
atf_check -e match:"signed integer overflow" ./test
}
atf_test_case target_not_supported
target_not_supported_head()
{
atf_set "descr" "Test forced skip"
}
atf_init_test_cases()
{
test_target
test $SUPPORT = 'n' && {
atf_add_test_case target_not_supported
return 0
}
atf_add_test_case int_add_overflow
atf_add_test_case int_add_overflow_profile
atf_add_test_case int_add_overflow_pie
atf_add_test_case int_add_overflow_pic
atf_add_test_case int_add_overflow32
}
Oops, something went wrong.

0 comments on commit 705eaea

Please sign in to comment.