1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/toolkit/crashreporter/google-breakpad/src/processor/disassembler_x86_unittest.cc Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,243 @@
1.4 +// All rights reserved.
1.5 +//
1.6 +// Redistribution and use in source and binary forms, with or without
1.7 +// modification, are permitted provided that the following conditions are
1.8 +// met:
1.9 +//
1.10 +// * Redistributions of source code must retain the above copyright
1.11 +// notice, this list of conditions and the following disclaimer.
1.12 +// * Redistributions in binary form must reproduce the above
1.13 +// copyright notice, this list of conditions and the following disclaimer
1.14 +// in the documentation and/or other materials provided with the
1.15 +// distribution.
1.16 +// * Neither the name of Google Inc. nor the names of its
1.17 +// contributors may be used to endorse or promote products derived from
1.18 +// this software without specific prior written permission.
1.19 +//
1.20 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.21 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.22 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
1.23 +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
1.24 +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.25 +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1.26 +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1.27 +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.28 +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.29 +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
1.30 +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE//
1.31 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.32 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.33 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
1.34 +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
1.35 +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.36 +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1.37 +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1.38 +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.39 +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.40 +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
1.41 +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.42 +
1.43 +#include <unistd.h>
1.44 +
1.45 +#include "breakpad_googletest_includes.h"
1.46 +#include "processor/disassembler_x86.h"
1.47 +#include "third_party/libdisasm/libdis.h"
1.48 +
1.49 +namespace {
1.50 +
1.51 +using google_breakpad::DisassemblerX86;
1.52 +
1.53 +unsigned char just_return[] = "\xc3"; // retn
1.54 +
1.55 +unsigned char invalid_instruction[] = "\x00"; // invalid
1.56 +
1.57 +unsigned char read_eax_jmp_eax[] =
1.58 + "\x8b\x18" // mov ebx, [eax];
1.59 + "\x33\xc9" // xor ebx, ebx;
1.60 + "\xff\x20" // jmp eax;
1.61 + "\xc3"; // retn;
1.62 +
1.63 +unsigned char write_eax_arg_to_call[] =
1.64 + "\x89\xa8\x00\x02\x00\x00" // mov [eax+200], ebp;
1.65 + "\xc1\xeb\x02" // shr ebx, 2;
1.66 + "\x50" // push eax;
1.67 + "\xe8\xd1\x24\x77\x88" // call something;
1.68 + "\xc3"; // retn;
1.69 +
1.70 +unsigned char read_edi_stosb[] =
1.71 + "\x8b\x07" // mov eax, [edi];
1.72 + "\x8b\xc8" // mov ecx, eax;
1.73 + "\xf3\xaa" // rep stosb;
1.74 + "\xc3"; // retn;
1.75 +
1.76 +unsigned char read_clobber_write[] =
1.77 + "\x03\x18" // add ebx, [eax];
1.78 + "\x8b\xc1" // mov eax, ecx;
1.79 + "\x89\x10" // mov [eax], edx;
1.80 + "\xc3"; // retn;
1.81 +
1.82 +unsigned char read_xchg_write[] =
1.83 + "\x03\x18" // add ebx, [eax];
1.84 + "\x91" // xchg eax, ecx;
1.85 + "\x89\x18" // mov [eax], ebx;
1.86 + "\x89\x11" // mov [ecx], edx;
1.87 + "\xc3"; // retn;
1.88 +
1.89 +unsigned char read_cmp[] =
1.90 + "\x03\x18" // add ebx, [eax];
1.91 + "\x83\xf8\x00" // cmp eax, 0;
1.92 + "\x74\x04" // je +4;
1.93 + "\xc3"; // retn;
1.94 +
1.95 +TEST(DisassemblerX86Test, SimpleReturnInstruction) {
1.96 + DisassemblerX86 dis(just_return, sizeof(just_return)-1, 0);
1.97 + EXPECT_EQ(1U, dis.NextInstruction());
1.98 + EXPECT_TRUE(dis.currentInstructionValid());
1.99 + EXPECT_EQ(0U, dis.flags());
1.100 + EXPECT_TRUE(dis.endOfBlock());
1.101 + EXPECT_EQ(libdis::insn_controlflow, dis.currentInstructionGroup());
1.102 + const libdis::x86_insn_t* instruction = dis.currentInstruction();
1.103 + EXPECT_EQ(libdis::insn_controlflow, instruction->group);
1.104 + EXPECT_EQ(libdis::insn_return, instruction->type);
1.105 + EXPECT_EQ(0U, dis.NextInstruction());
1.106 + EXPECT_FALSE(dis.currentInstructionValid());
1.107 + EXPECT_EQ(NULL, dis.currentInstruction());
1.108 +}
1.109 +
1.110 +TEST(DisassemblerX86Test, SimpleInvalidInstruction) {
1.111 + DisassemblerX86 dis(invalid_instruction, sizeof(invalid_instruction)-1, 0);
1.112 + EXPECT_EQ(0U, dis.NextInstruction());
1.113 + EXPECT_FALSE(dis.currentInstructionValid());
1.114 +}
1.115 +
1.116 +TEST(DisassemblerX86Test, BadReadLeadsToBranch) {
1.117 + DisassemblerX86 dis(read_eax_jmp_eax, sizeof(read_eax_jmp_eax)-1, 0);
1.118 + EXPECT_EQ(2U, dis.NextInstruction());
1.119 + EXPECT_TRUE(dis.currentInstructionValid());
1.120 + EXPECT_EQ(0U, dis.flags());
1.121 + EXPECT_FALSE(dis.endOfBlock());
1.122 + EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup());
1.123 + EXPECT_TRUE(dis.setBadRead());
1.124 + EXPECT_EQ(2U, dis.NextInstruction());
1.125 + EXPECT_TRUE(dis.currentInstructionValid());
1.126 + EXPECT_EQ(0U, dis.flags());
1.127 + EXPECT_FALSE(dis.endOfBlock());
1.128 + EXPECT_EQ(libdis::insn_logic, dis.currentInstructionGroup());
1.129 + EXPECT_EQ(2U, dis.NextInstruction());
1.130 + EXPECT_TRUE(dis.currentInstructionValid());
1.131 + EXPECT_EQ(google_breakpad::DISX86_BAD_BRANCH_TARGET, dis.flags());
1.132 + EXPECT_FALSE(dis.endOfBlock());
1.133 + EXPECT_EQ(libdis::insn_controlflow, dis.currentInstructionGroup());
1.134 +}
1.135 +
1.136 +TEST(DisassemblerX86Test, BadWriteLeadsToPushedArg) {
1.137 + DisassemblerX86 dis(write_eax_arg_to_call,
1.138 + sizeof(write_eax_arg_to_call)-1, 0);
1.139 + EXPECT_EQ(6U, dis.NextInstruction());
1.140 + EXPECT_TRUE(dis.currentInstructionValid());
1.141 + EXPECT_EQ(0U, dis.flags());
1.142 + EXPECT_FALSE(dis.endOfBlock());
1.143 + EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup());
1.144 + EXPECT_TRUE(dis.setBadWrite());
1.145 + EXPECT_EQ(3U, dis.NextInstruction());
1.146 + EXPECT_TRUE(dis.currentInstructionValid());
1.147 + EXPECT_EQ(0U, dis.flags());
1.148 + EXPECT_FALSE(dis.endOfBlock());
1.149 + EXPECT_EQ(libdis::insn_arithmetic, dis.currentInstructionGroup());
1.150 + EXPECT_EQ(1U, dis.NextInstruction());
1.151 + EXPECT_TRUE(dis.currentInstructionValid());
1.152 + EXPECT_EQ(0U, dis.flags());
1.153 + EXPECT_FALSE(dis.endOfBlock());
1.154 + EXPECT_EQ(5U, dis.NextInstruction());
1.155 + EXPECT_TRUE(dis.currentInstructionValid());
1.156 + EXPECT_EQ(google_breakpad::DISX86_BAD_ARGUMENT_PASSED, dis.flags());
1.157 + EXPECT_EQ(libdis::insn_controlflow, dis.currentInstructionGroup());
1.158 + EXPECT_FALSE(dis.endOfBlock());
1.159 +}
1.160 +
1.161 +
1.162 +TEST(DisassemblerX86Test, BadReadLeadsToBlockWrite) {
1.163 + DisassemblerX86 dis(read_edi_stosb, sizeof(read_edi_stosb)-1, 0);
1.164 + EXPECT_EQ(2U, dis.NextInstruction());
1.165 + EXPECT_TRUE(dis.currentInstructionValid());
1.166 + EXPECT_EQ(0U, dis.flags());
1.167 + EXPECT_FALSE(dis.endOfBlock());
1.168 + EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup());
1.169 + EXPECT_TRUE(dis.setBadRead());
1.170 + EXPECT_EQ(2U, dis.NextInstruction());
1.171 + EXPECT_TRUE(dis.currentInstructionValid());
1.172 + EXPECT_EQ(0U, dis.flags());
1.173 + EXPECT_FALSE(dis.endOfBlock());
1.174 + EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup());
1.175 + EXPECT_EQ(2U, dis.NextInstruction());
1.176 + EXPECT_TRUE(dis.currentInstructionValid());
1.177 + EXPECT_EQ(google_breakpad::DISX86_BAD_BLOCK_WRITE, dis.flags());
1.178 + EXPECT_FALSE(dis.endOfBlock());
1.179 + EXPECT_EQ(libdis::insn_string, dis.currentInstructionGroup());
1.180 +}
1.181 +
1.182 +TEST(DisassemblerX86Test, BadReadClobberThenWrite) {
1.183 + DisassemblerX86 dis(read_clobber_write, sizeof(read_clobber_write)-1, 0);
1.184 + EXPECT_EQ(2U, dis.NextInstruction());
1.185 + EXPECT_TRUE(dis.currentInstructionValid());
1.186 + EXPECT_EQ(0U, dis.flags());
1.187 + EXPECT_FALSE(dis.endOfBlock());
1.188 + EXPECT_EQ(libdis::insn_arithmetic, dis.currentInstructionGroup());
1.189 + EXPECT_TRUE(dis.setBadRead());
1.190 + EXPECT_EQ(2U, dis.NextInstruction());
1.191 + EXPECT_TRUE(dis.currentInstructionValid());
1.192 + EXPECT_EQ(0U, dis.flags());
1.193 + EXPECT_FALSE(dis.endOfBlock());
1.194 + EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup());
1.195 + EXPECT_EQ(2U, dis.NextInstruction());
1.196 + EXPECT_TRUE(dis.currentInstructionValid());
1.197 + EXPECT_EQ(0U, dis.flags());
1.198 + EXPECT_FALSE(dis.endOfBlock());
1.199 + EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup());
1.200 +}
1.201 +
1.202 +TEST(DisassemblerX86Test, BadReadXCHGThenWrite) {
1.203 + DisassemblerX86 dis(read_xchg_write, sizeof(read_xchg_write)-1, 0);
1.204 + EXPECT_EQ(2U, dis.NextInstruction());
1.205 + EXPECT_TRUE(dis.currentInstructionValid());
1.206 + EXPECT_EQ(0U, dis.flags());
1.207 + EXPECT_FALSE(dis.endOfBlock());
1.208 + EXPECT_EQ(libdis::insn_arithmetic, dis.currentInstructionGroup());
1.209 + EXPECT_TRUE(dis.setBadRead());
1.210 + EXPECT_EQ(1U, dis.NextInstruction());
1.211 + EXPECT_TRUE(dis.currentInstructionValid());
1.212 + EXPECT_EQ(0U, dis.flags());
1.213 + EXPECT_FALSE(dis.endOfBlock());
1.214 + EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup());
1.215 + EXPECT_EQ(2U, dis.NextInstruction());
1.216 + EXPECT_TRUE(dis.currentInstructionValid());
1.217 + EXPECT_EQ(0U, dis.flags());
1.218 + EXPECT_FALSE(dis.endOfBlock());
1.219 + EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup());
1.220 + EXPECT_EQ(2U, dis.NextInstruction());
1.221 + EXPECT_TRUE(dis.currentInstructionValid());
1.222 + EXPECT_EQ(google_breakpad::DISX86_BAD_WRITE, dis.flags());
1.223 + EXPECT_FALSE(dis.endOfBlock());
1.224 + EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup());
1.225 +}
1.226 +
1.227 +TEST(DisassemblerX86Test, BadReadThenCMP) {
1.228 + DisassemblerX86 dis(read_cmp, sizeof(read_cmp)-1, 0);
1.229 + EXPECT_EQ(2U, dis.NextInstruction());
1.230 + EXPECT_TRUE(dis.currentInstructionValid());
1.231 + EXPECT_EQ(0U, dis.flags());
1.232 + EXPECT_FALSE(dis.endOfBlock());
1.233 + EXPECT_EQ(libdis::insn_arithmetic, dis.currentInstructionGroup());
1.234 + EXPECT_TRUE(dis.setBadRead());
1.235 + EXPECT_EQ(3U, dis.NextInstruction());
1.236 + EXPECT_TRUE(dis.currentInstructionValid());
1.237 + EXPECT_EQ(google_breakpad::DISX86_BAD_COMPARISON, dis.flags());
1.238 + EXPECT_FALSE(dis.endOfBlock());
1.239 + EXPECT_EQ(libdis::insn_comparison, dis.currentInstructionGroup());
1.240 + EXPECT_EQ(2U, dis.NextInstruction());
1.241 + EXPECT_TRUE(dis.currentInstructionValid());
1.242 + EXPECT_EQ(google_breakpad::DISX86_BAD_COMPARISON, dis.flags());
1.243 + EXPECT_FALSE(dis.endOfBlock());
1.244 + EXPECT_EQ(libdis::insn_controlflow, dis.currentInstructionGroup());
1.245 +}
1.246 +}
