1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "mojo/edk/system/options_validation.h"
6 
7 #include <stddef.h>
8 #include <stdint.h>
9 
10 #include "mojo/public/c/system/macros.h"
11 #include "testing/gtest/include/gtest/gtest.h"
12 
13 namespace mojo {
14 namespace edk {
15 namespace {
16 
17 // Declare a test options struct just as we do in actual public headers.
18 
19 using TestOptionsFlags = uint32_t;
20 
21 static_assert(MOJO_ALIGNOF(int64_t) == 8, "int64_t has weird alignment");
22 struct MOJO_ALIGNAS(8) TestOptions {
23   uint32_t struct_size;
24   TestOptionsFlags flags;
25   uint32_t member1;
26   uint32_t member2;
27 };
28 static_assert(sizeof(TestOptions) == 16, "TestOptions has wrong size");
29 
30 const uint32_t kSizeOfTestOptions = static_cast<uint32_t>(sizeof(TestOptions));
31 
TEST(OptionsValidationTest,Valid)32 TEST(OptionsValidationTest, Valid) {
33   {
34     const TestOptions kOptions = {kSizeOfTestOptions};
35     UserOptionsReader<TestOptions> reader(&kOptions);
36     EXPECT_TRUE(reader.is_valid());
37     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, flags, reader));
38     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member1, reader));
39     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member2, reader));
40   }
41   {
42     const TestOptions kOptions = {static_cast<uint32_t>(
43         offsetof(TestOptions, struct_size) + sizeof(uint32_t))};
44     UserOptionsReader<TestOptions> reader(&kOptions);
45     EXPECT_TRUE(reader.is_valid());
46     EXPECT_FALSE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, flags, reader));
47     EXPECT_FALSE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member1, reader));
48     EXPECT_FALSE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member2, reader));
49   }
50 
51   {
52     const TestOptions kOptions = {
53         static_cast<uint32_t>(offsetof(TestOptions, flags) + sizeof(uint32_t))};
54     UserOptionsReader<TestOptions> reader(&kOptions);
55     EXPECT_TRUE(reader.is_valid());
56     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, flags, reader));
57     EXPECT_FALSE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member1, reader));
58     EXPECT_FALSE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member2, reader));
59   }
60   {
61     MOJO_ALIGNAS(8) char buf[sizeof(TestOptions) + 100] = {};
62     TestOptions* options = reinterpret_cast<TestOptions*>(buf);
63     options->struct_size = kSizeOfTestOptions + 1;
64     UserOptionsReader<TestOptions> reader(options);
65     EXPECT_TRUE(reader.is_valid());
66     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, flags, reader));
67     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member1, reader));
68     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member2, reader));
69   }
70   {
71     MOJO_ALIGNAS(8) char buf[sizeof(TestOptions) + 100] = {};
72     TestOptions* options = reinterpret_cast<TestOptions*>(buf);
73     options->struct_size = kSizeOfTestOptions + 4;
74     UserOptionsReader<TestOptions> reader(options);
75     EXPECT_TRUE(reader.is_valid());
76     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, flags, reader));
77     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member1, reader));
78     EXPECT_TRUE(OPTIONS_STRUCT_HAS_MEMBER(TestOptions, member2, reader));
79   }
80 }
81 
TEST(OptionsValidationTest,Invalid)82 TEST(OptionsValidationTest, Invalid) {
83   // Size too small:
84   for (size_t i = 0; i < sizeof(uint32_t); i++) {
85     TestOptions options = {static_cast<uint32_t>(i)};
86     UserOptionsReader<TestOptions> reader(&options);
87     EXPECT_FALSE(reader.is_valid()) << i;
88   }
89 }
90 
91 // These test invalid arguments that should cause death if we're being paranoid
92 // about checking arguments (which we would want to do if, e.g., we were in a
93 // true "kernel" situation, but we might not want to do otherwise for
94 // performance reasons). Probably blatant errors like passing in null pointers
95 // (for required pointer arguments) will still cause death, but perhaps not
96 // predictably.
TEST(OptionsValidationTest,InvalidDeath)97 TEST(OptionsValidationTest, InvalidDeath) {
98 #if defined(OFFICIAL_BUILD)
99   const char kMemoryCheckFailedRegex[] = "";
100 #else
101   const char kMemoryCheckFailedRegex[] = "Check failed";
102 #endif
103 
104   // Null:
105   EXPECT_DEATH_IF_SUPPORTED(
106       { UserOptionsReader<TestOptions> reader((nullptr)); },
107       kMemoryCheckFailedRegex);
108 
109   // Unaligned:
110   EXPECT_DEATH_IF_SUPPORTED(
111       {
112         UserOptionsReader<TestOptions> reader(
113             reinterpret_cast<const TestOptions*>(1));
114       },
115       kMemoryCheckFailedRegex);
116   // Note: The current implementation checks the size only after checking the
117   // alignment versus that required for the |uint32_t| size, so it won't die in
118   // the expected way if you pass, e.g., 4. So we have to manufacture a valid
119   // pointer at an offset of alignment 4.
120   EXPECT_DEATH_IF_SUPPORTED(
121       {
122         uint32_t buffer[100] = {};
123         TestOptions* options = (reinterpret_cast<uintptr_t>(buffer) % 8 == 0)
124                                    ? reinterpret_cast<TestOptions*>(&buffer[1])
125                                    : reinterpret_cast<TestOptions*>(&buffer[0]);
126         options->struct_size = static_cast<uint32_t>(sizeof(TestOptions));
127         UserOptionsReader<TestOptions> reader(options);
128       },
129       kMemoryCheckFailedRegex);
130 }
131 
132 }  // namespace
133 }  // namespace edk
134 }  // namespace mojo
135