mirror of
https://github.com/google/pebble.git
synced 2025-05-29 14:33:12 +00:00
Import of the watch repository from Pebble
This commit is contained in:
Matthieu Jeanson
Katharine Berry
commit
3b92768480
10334 changed files with 2564465 additions and 0 deletions
153
checkers/test-programs/mutex-test.c
Normal file
153
checkers/test-programs/mutex-test.c
Normal file
|
|
@ -0,0 +1,153 @@
|
|||
/*
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
struct Mutex;
|
||||
struct RecursiveMutex;
|
||||
|
||||
typedef struct Mutex * restrict mutex_t;
|
||||
typedef struct RecursiveMutex * recursive_mutex_t;
|
||||
|
||||
extern void mutex_lock(mutex_t);
|
||||
extern void mutex_unlock(mutex_t);
|
||||
|
||||
extern bool mutex_lock_with_timeout(mutex_t);
|
||||
|
||||
extern void mutex_lock_recursive(recursive_mutex_t);
|
||||
extern void mutex_unlock_recursive(recursive_mutex_t);
|
||||
|
||||
static mutex_t global_lock = 0;
|
||||
static mutex_t global_lock2;
|
||||
mutex_t recursive_lock;
|
||||
|
||||
void nounlock() {
|
||||
mutex_lock(global_lock);
|
||||
}
|
||||
|
||||
void nolock() {
|
||||
mutex_unlock(global_lock);
|
||||
}
|
||||
|
||||
void normal() {
|
||||
mutex_lock(global_lock);
|
||||
mutex_unlock(global_lock);
|
||||
}
|
||||
|
||||
struct handle {
|
||||
mutex_t m;
|
||||
} m_wrapper;
|
||||
|
||||
extern int do_stuff(struct handle * h);
|
||||
|
||||
void structthing(struct handle * h) {
|
||||
mutex_lock(h->m);
|
||||
do_stuff(h);
|
||||
mutex_unlock(h->m);
|
||||
}
|
||||
|
||||
extern int do_stuff2();
|
||||
|
||||
void stuff() {
|
||||
mutex_lock(global_lock);
|
||||
|
||||
do_stuff2();
|
||||
|
||||
mutex_unlock(global_lock);
|
||||
}
|
||||
|
||||
void stuff2() {
|
||||
mutex_lock(m_wrapper.m);
|
||||
|
||||
do_stuff2();
|
||||
|
||||
mutex_unlock(m_wrapper.m);
|
||||
}
|
||||
|
||||
void nest2() {
|
||||
mutex_lock(global_lock);
|
||||
printf("blah %p", global_lock);
|
||||
mutex_unlock(global_lock);
|
||||
}
|
||||
|
||||
void nest() {
|
||||
nest2();
|
||||
}
|
||||
|
||||
void cond(void *glob_ptr) {
|
||||
mutex_lock(global_lock);
|
||||
|
||||
while (glob_ptr) {
|
||||
printf("blah %p", glob_ptr);
|
||||
}
|
||||
|
||||
mutex_unlock(global_lock);
|
||||
}
|
||||
|
||||
void timeout() {
|
||||
mutex_lock_with_timeout(global_lock);
|
||||
|
||||
mutex_unlock(global_lock);
|
||||
}
|
||||
|
||||
void good_timeout() {
|
||||
if (mutex_lock_with_timeout(global_lock)) {
|
||||
mutex_unlock(global_lock);
|
||||
}
|
||||
}
|
||||
|
||||
void stupid_timeout() {
|
||||
if (!mutex_lock_with_timeout(global_lock)) {
|
||||
mutex_unlock(global_lock);
|
||||
}
|
||||
}
|
||||
|
||||
void reversal() {
|
||||
mutex_lock(global_lock);
|
||||
mutex_lock(global_lock2);
|
||||
|
||||
mutex_unlock(global_lock);
|
||||
mutex_unlock(global_lock2);
|
||||
}
|
||||
|
||||
|
||||
// Trying to repro the false positives unsuccessfully...
|
||||
extern bool decision();
|
||||
|
||||
inline void __attribute__((always_inline)) locker() {
|
||||
mutex_lock(global_lock);
|
||||
}
|
||||
|
||||
inline void __attribute__((always_inline)) unlocker() {
|
||||
mutex_unlock(global_lock);
|
||||
}
|
||||
|
||||
static inline void __attribute__((always_inline)) lock_wrap() {
|
||||
locker();
|
||||
if (decision()) {
|
||||
unlocker();
|
||||
}
|
||||
}
|
||||
|
||||
static inline void __attribute__((always_inline)) unlock_wrap() {
|
||||
unlocker();
|
||||
}
|
||||
|
||||
void lockme() {
|
||||
lock_wrap();
|
||||
unlock_wrap();
|
||||
}
|
||||
133
checkers/test-programs/syscall-test.c
Normal file
133
checkers/test-programs/syscall-test.c
Normal file
|
|
@ -0,0 +1,133 @@
|
|||
/*
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
extern bool syscall_internal_elevate_privilege();
|
||||
extern void syscall_assert_userspace_buffer(const void * check_buffer, int size);
|
||||
|
||||
extern void * app_malloc(unsigned size);
|
||||
|
||||
void do_stuff(void * buffer, int size) {
|
||||
strncpy(buffer, "Woooooooo", size);
|
||||
}
|
||||
|
||||
void good_syscall(void * buffer, int size) {
|
||||
syscall_internal_elevate_privilege();
|
||||
|
||||
syscall_assert_userspace_buffer(buffer, size);
|
||||
|
||||
do_stuff(buffer, size);
|
||||
}
|
||||
|
||||
void bad_syscall(void * buffer, int size) {
|
||||
syscall_internal_elevate_privilege();
|
||||
do_stuff(buffer, size);
|
||||
}
|
||||
|
||||
void stupid_syscall(void * buffer, int size) {
|
||||
void * stupid = (char *)buffer + 1;
|
||||
syscall_internal_elevate_privilege();
|
||||
do_stuff(stupid, size);
|
||||
}
|
||||
|
||||
void not_syscall(void * buffer, int size) {
|
||||
do_stuff(buffer, size);
|
||||
}
|
||||
|
||||
void nested_syscall(void * buffer, int size) {
|
||||
syscall_internal_elevate_privilege();
|
||||
syscall_assert_userspace_buffer(buffer, size);
|
||||
bad_syscall(buffer, size);
|
||||
good_syscall(buffer, size);
|
||||
}
|
||||
|
||||
void bad_nested_syscall(void * buffer, int size) {
|
||||
syscall_internal_elevate_privilege();
|
||||
bad_syscall(buffer, size);
|
||||
}
|
||||
|
||||
void hidden_bad_syscall(void * buffer, int size) {
|
||||
syscall_internal_elevate_privilege();
|
||||
do_stuff(buffer, size);
|
||||
}
|
||||
|
||||
void if_syscall(void * buffer, int size) {
|
||||
if (syscall_internal_elevate_privilege()) {
|
||||
syscall_assert_userspace_buffer(buffer, size);
|
||||
}
|
||||
do_stuff(buffer, size);
|
||||
}
|
||||
|
||||
void wrapper() {
|
||||
void * buffer = NULL;
|
||||
int size = 0;
|
||||
|
||||
good_syscall(buffer, size);
|
||||
// This tests to make sure analysis continues through good_syscall
|
||||
hidden_bad_syscall(buffer, size);
|
||||
}
|
||||
|
||||
bool cond(const char *font_key) {
|
||||
return &cond == font_key;
|
||||
}
|
||||
|
||||
void conditional_syscall(const char *font_key) {
|
||||
syscall_internal_elevate_privilege();
|
||||
|
||||
if (font_key) {
|
||||
if (!cond(font_key)) {
|
||||
do_stuff(font_key, 5);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void store_syscall(char * buf, int size) {
|
||||
syscall_internal_elevate_privilege();
|
||||
|
||||
buf[0] = 'a';
|
||||
char * new = buf;
|
||||
|
||||
do_stuff(new, size);
|
||||
|
||||
}
|
||||
|
||||
void load_syscall(char * buf, int size) {
|
||||
syscall_internal_elevate_privilege();
|
||||
|
||||
char test = buf[0];
|
||||
|
||||
do_stuff(&test, size);
|
||||
}
|
||||
|
||||
void bind_syscall(char * buf, int size) {
|
||||
syscall_internal_elevate_privilege();
|
||||
|
||||
char * new = buf;
|
||||
|
||||
do_stuff(new, size);
|
||||
}
|
||||
|
||||
void malloc_syscall() {
|
||||
syscall_internal_elevate_privilege();
|
||||
void *buf = app_malloc(5);
|
||||
|
||||
syscall_assert_userspace_buffer(buf, 5);
|
||||
|
||||
do_stuff(buf, 5);
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue