diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c714733..e4ed186 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -60,3 +60,7 @@ jobs: working-directory: ${{github.workspace}}/build # Build your program with the given configuration run: NINJA_STATUS="%p [%f:%s/%t] %o/s, %es" && ninja + - name: Test + working-directory: ${{github.workspace}}/build + # Build your program with the given configuration + run: ctest -j4 --output-on-failure diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt index 7369f93..f9fe241 100644 --- a/Tests/CMakeLists.txt +++ b/Tests/CMakeLists.txt @@ -1,5 +1,5 @@ message(STATUS "Adding tests") -file(GLOB TESTS "*.query" CONFIGURE_DEPENDS "*.query") +file(GLOB TESTS CONFIGURE_DEPENDS "*.query") message(STATUS "Tests: ${TESTS}") diff --git a/Tests/compartment_check.query b/Tests/compartment_check.query new file mode 100644 index 0000000..932a7d6 --- /dev/null +++ b/Tests/compartment_check.query @@ -0,0 +1,3 @@ +# Check that we can demangle a library export correctly. +--board inputs/sail.json -j inputs/test-suite.json -q 'data.compartment.compartment_call_allow_list("allocator_test", `test_allocator\(\)`, {"test_runner"})' + diff --git a/Tests/compartment_check.query.expected b/Tests/compartment_check.query.expected new file mode 100644 index 0000000..27ba77d --- /dev/null +++ b/Tests/compartment_check.query.expected @@ -0,0 +1 @@ +true diff --git a/Tests/demangle_compartment_call.query b/Tests/demangle_compartment_call.query new file mode 100644 index 0000000..080fec1 --- /dev/null +++ b/Tests/demangle_compartment_call.query @@ -0,0 +1,4 @@ +# Check that we can demangle a compartment export correctly. +--board inputs/sail.json -j inputs/test-suite.json -q 'export_entry_demangle("alloc", input.compartments.allocator.exports[6].export_symbol)' + + diff --git a/Tests/demangle_compartment_call.query.expected b/Tests/demangle_compartment_call.query.expected new file mode 100644 index 0000000..646534c --- /dev/null +++ b/Tests/demangle_compartment_call.query.expected @@ -0,0 +1 @@ +"heap_free(SObjStruct*, void*)" diff --git a/Tests/demangle_libcall.query b/Tests/demangle_libcall.query new file mode 100644 index 0000000..e22cf99 --- /dev/null +++ b/Tests/demangle_libcall.query @@ -0,0 +1,3 @@ +# Check that we can demangle a library export correctly. +--board inputs/sail.json -j inputs/test-suite.json -q 'export_entry_demangle("token_library", input.compartments.token_library.exports[0].export_symbol)' + diff --git a/Tests/demangle_libcall.query.expected b/Tests/demangle_libcall.query.expected new file mode 100644 index 0000000..27b02b2 --- /dev/null +++ b/Tests/demangle_libcall.query.expected @@ -0,0 +1 @@ +"token_obj_unseal(SKeyStruct*, SObjStruct*)" diff --git a/Tests/mmio_check.query b/Tests/mmio_check.query new file mode 100644 index 0000000..9e3b6d9 --- /dev/null +++ b/Tests/mmio_check.query @@ -0,0 +1,3 @@ +# Check that we can demangle a library export correctly. +--board inputs/sail.json -j inputs/test-suite.json -q 'data.compartment.mmio_allow_list("clint", {"scheduler"})' + diff --git a/Tests/mmio_check.query.expected b/Tests/mmio_check.query.expected new file mode 100644 index 0000000..27ba77d --- /dev/null +++ b/Tests/mmio_check.query.expected @@ -0,0 +1 @@ +true diff --git a/Tests/sum_quotas.query b/Tests/sum_quotas.query new file mode 100644 index 0000000..1e80653 --- /dev/null +++ b/Tests/sum_quotas.query @@ -0,0 +1,3 @@ +# Check that we can demangle a library export correctly. +--board inputs/sail.json -j inputs/test-suite.json -q 'sum([ data.rtos.decode_allocator_capability(c).quota | c = input.compartments[_].imports[_] ; data.rtos.is_allocator_capability(c) ])' + diff --git a/Tests/sum_quotas.query.expected b/Tests/sum_quotas.query.expected new file mode 100644 index 0000000..318b6fa --- /dev/null +++ b/Tests/sum_quotas.query.expected @@ -0,0 +1 @@ +1070080 diff --git a/audit.cc b/audit.cc index 8145755..f2e46ba 100644 --- a/audit.cc +++ b/audit.cc @@ -101,23 +101,34 @@ namespace } auto string = get_string(exportName); auto compartmentNameString = get_string(compartmentName); + const std::string_view LibraryExportPrefix = "__library_export_libcalls"; const std::string_view ExportPrefix = "__export_"; - if (!string.starts_with(ExportPrefix)) + if (string.starts_with(LibraryExportPrefix)) { - return scalar(false); + string = string.substr(LibraryExportPrefix.size()); } - string = string.substr(ExportPrefix.size()); - if (!string.starts_with(compartmentNameString)) + else { - return scalar(false); + if (!string.starts_with(ExportPrefix)) + { + return scalar(false); + } + string = string.substr(ExportPrefix.size()); + if (!string.starts_with(compartmentNameString)) + { + return scalar(false); + } + string = string.substr(compartmentNameString.size()); } - string = string.substr(compartmentNameString.size()); if (!string.starts_with("_")) { return scalar(false); } string = string.substr(1); - size_t bufferSize = 128; + // The way that rego-cpp exposes snmalloc can cause the realloc here to + // crash. Try to allocate a buffer that's large enough that we don't + // care. + size_t bufferSize = strlen(string.c_str()) * 8; char *buffer = static_cast(malloc(bufferSize)); int error; buffer =