1 // Copyright 2005, Google Inc.
2 // All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are
6 // met:
7 //
8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above
11 // copyright notice, this list of conditions and the following disclaimer
12 // in the documentation and/or other materials provided with the
13 // distribution.
14 // * Neither the name of Google Inc. nor the names of its
15 // contributors may be used to endorse or promote products derived from
16 // this software without specific prior written permission.
17 //
18 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
30 //
31 // This file implements death tests.
32
33 #include "gtest/gtest-death-test.h"
34
35 #include <stdlib.h>
36
37 #include <functional>
38 #include <memory>
39 #include <sstream>
40 #include <string>
41 #include <utility>
42 #include <vector>
43
44 #include "gtest/internal/custom/gtest.h"
45 #include "gtest/internal/gtest-port.h"
46
47 #ifdef GTEST_HAS_DEATH_TEST
48
49 #ifdef GTEST_OS_MAC
50 #include <crt_externs.h>
51 #endif // GTEST_OS_MAC
52
53 #include <errno.h>
54 #include <fcntl.h>
55 #include <limits.h>
56
57 #ifdef GTEST_OS_LINUX
58 #include <signal.h>
59 #endif // GTEST_OS_LINUX
60
61 #include <stdarg.h>
62
63 #ifdef GTEST_OS_WINDOWS
64 #include <windows.h>
65 #else
66 #include <sys/mman.h>
67 #include <sys/wait.h>
68 #endif // GTEST_OS_WINDOWS
69
70 #ifdef GTEST_OS_QNX
71 #include <spawn.h>
72 #endif // GTEST_OS_QNX
73
74 #ifdef GTEST_OS_FUCHSIA
75 #include <lib/fdio/fd.h>
76 #include <lib/fdio/io.h>
77 #include <lib/fdio/spawn.h>
78 #include <lib/zx/channel.h>
79 #include <lib/zx/port.h>
80 #include <lib/zx/process.h>
81 #include <lib/zx/socket.h>
82 #include <zircon/processargs.h>
83 #include <zircon/syscalls.h>
84 #include <zircon/syscalls/policy.h>
85 #include <zircon/syscalls/port.h>
86 #endif // GTEST_OS_FUCHSIA
87
88 #endif // GTEST_HAS_DEATH_TEST
89
90 #include "gtest/gtest-message.h"
91 #include "gtest/internal/gtest-string.h"
92 #include "src/gtest-internal-inl.h"
93
94 namespace testing {
95
96 // Constants.
97
98 // The default death test style.
99 //
100 // This is defined in internal/gtest-port.h as "fast", but can be overridden by
101 // a definition in internal/custom/gtest-port.h. The recommended value, which is
102 // used internally at Google, is "threadsafe".
103 static const char kDefaultDeathTestStyle[] = GTEST_DEFAULT_DEATH_TEST_STYLE;
104
105 } // namespace testing
106
107 GTEST_DEFINE_string_(
108 death_test_style,
109 testing::internal::StringFromGTestEnv("death_test_style",
110 testing::kDefaultDeathTestStyle),
111 "Indicates how to run a death test in a forked child process: "
112 "\"threadsafe\" (child process re-executes the test binary "
113 "from the beginning, running only the specific death test) or "
114 "\"fast\" (child process runs the death test immediately "
115 "after forking).");
116
117 GTEST_DEFINE_bool_(
118 death_test_use_fork,
119 testing::internal::BoolFromGTestEnv("death_test_use_fork", false),
120 "Instructs to use fork()/_Exit() instead of clone() in death tests. "
121 "Ignored and always uses fork() on POSIX systems where clone() is not "
122 "implemented. Useful when running under valgrind or similar tools if "
123 "those do not support clone(). Valgrind 3.3.1 will just fail if "
124 "it sees an unsupported combination of clone() flags. "
125 "It is not recommended to use this flag w/o valgrind though it will "
126 "work in 99% of the cases. Once valgrind is fixed, this flag will "
127 "most likely be removed.");
128
129 GTEST_DEFINE_string_(
130 internal_run_death_test, "",
131 "Indicates the file, line number, temporal index of "
132 "the single death test to run, and a file descriptor to "
133 "which a success code may be sent, all separated by "
134 "the '|' characters. This flag is specified if and only if the "
135 "current process is a sub-process launched for running a thread-safe "
136 "death test. FOR INTERNAL USE ONLY.");
137
138 namespace testing {
139
140 #ifdef GTEST_HAS_DEATH_TEST
141
142 namespace internal {
143
144 // Valid only for fast death tests. Indicates the code is running in the
145 // child process of a fast style death test.
146 #if !defined(GTEST_OS_WINDOWS) && !defined(GTEST_OS_FUCHSIA)
147 static bool g_in_fast_death_test_child = false;
148 #endif
149
150 // Returns a Boolean value indicating whether the caller is currently
151 // executing in the context of the death test child process. Tools such as
152 // Valgrind heap checkers may need this to modify their behavior in death
153 // tests. IMPORTANT: This is an internal utility. Using it may break the
154 // implementation of death tests. User code MUST NOT use it.
InDeathTestChild()155 bool InDeathTestChild() {
156 #if defined(GTEST_OS_WINDOWS) || defined(GTEST_OS_FUCHSIA)
157
158 // On Windows and Fuchsia, death tests are thread-safe regardless of the value
159 // of the death_test_style flag.
160 return !GTEST_FLAG_GET(internal_run_death_test).empty();
161
162 #else
163
164 if (GTEST_FLAG_GET(death_test_style) == "threadsafe")
165 return !GTEST_FLAG_GET(internal_run_death_test).empty();
166 else
167 return g_in_fast_death_test_child;
168 #endif
169 }
170
171 } // namespace internal
172
173 // ExitedWithCode constructor.
ExitedWithCode(int exit_code)174 ExitedWithCode::ExitedWithCode(int exit_code) : exit_code_(exit_code) {}
175
176 // ExitedWithCode function-call operator.
operator ()(int exit_status) const177 bool ExitedWithCode::operator()(int exit_status) const {
178 #if defined(GTEST_OS_WINDOWS) || defined(GTEST_OS_FUCHSIA)
179
180 return exit_status == exit_code_;
181
182 #else
183
184 return WIFEXITED(exit_status) && WEXITSTATUS(exit_status) == exit_code_;
185
186 #endif // GTEST_OS_WINDOWS || GTEST_OS_FUCHSIA
187 }
188
189 #if !defined(GTEST_OS_WINDOWS) && !defined(GTEST_OS_FUCHSIA)
190 // KilledBySignal constructor.
KilledBySignal(int signum)191 KilledBySignal::KilledBySignal(int signum) : signum_(signum) {}
192
193 // KilledBySignal function-call operator.
operator ()(int exit_status) const194 bool KilledBySignal::operator()(int exit_status) const {
195 #if defined(GTEST_KILLED_BY_SIGNAL_OVERRIDE_)
196 {
197 bool result;
198 if (GTEST_KILLED_BY_SIGNAL_OVERRIDE_(signum_, exit_status, &result)) {
199 return result;
200 }
201 }
202 #endif // defined(GTEST_KILLED_BY_SIGNAL_OVERRIDE_)
203 return WIFSIGNALED(exit_status) && WTERMSIG(exit_status) == signum_;
204 }
205 #endif // !GTEST_OS_WINDOWS && !GTEST_OS_FUCHSIA
206
207 namespace internal {
208
209 // Utilities needed for death tests.
210
211 // Generates a textual description of a given exit code, in the format
212 // specified by wait(2).
ExitSummary(int exit_code)213 static std::string ExitSummary(int exit_code) {
214 Message m;
215
216 #if defined(GTEST_OS_WINDOWS) || defined(GTEST_OS_FUCHSIA)
217
218 m << "Exited with exit status " << exit_code;
219
220 #else
221
222 if (WIFEXITED(exit_code)) {
223 m << "Exited with exit status " << WEXITSTATUS(exit_code);
224 } else if (WIFSIGNALED(exit_code)) {
225 m << "Terminated by signal " << WTERMSIG(exit_code);
226 }
227 #ifdef WCOREDUMP
228 if (WCOREDUMP(exit_code)) {
229 m << " (core dumped)";
230 }
231 #endif
232 #endif // GTEST_OS_WINDOWS || GTEST_OS_FUCHSIA
233
234 return m.GetString();
235 }
236
237 // Returns true if exit_status describes a process that was terminated
238 // by a signal, or exited normally with a nonzero exit code.
ExitedUnsuccessfully(int exit_status)239 bool ExitedUnsuccessfully(int exit_status) {
240 return !ExitedWithCode(0)(exit_status);
241 }
242
243 #if !defined(GTEST_OS_WINDOWS) && !defined(GTEST_OS_FUCHSIA)
244 // Generates a textual failure message when a death test finds more than
245 // one thread running, or cannot determine the number of threads, prior
246 // to executing the given statement. It is the responsibility of the
247 // caller not to pass a thread_count of 1.
DeathTestThreadWarning(size_t thread_count)248 static std::string DeathTestThreadWarning(size_t thread_count) {
249 Message msg;
250 msg << "Death tests use fork(), which is unsafe particularly"
251 << " in a threaded context. For this test, " << GTEST_NAME_ << " ";
252 if (thread_count == 0) {
253 msg << "couldn't detect the number of threads.";
254 } else {
255 msg << "detected " << thread_count << " threads.";
256 }
257 msg << " See "
258 "https://github.com/google/googletest/blob/main/docs/"
259 "advanced.md#death-tests-and-threads"
260 << " for more explanation and suggested solutions, especially if"
261 << " this is the last message you see before your test times out.";
262 return msg.GetString();
263 }
264 #endif // !GTEST_OS_WINDOWS && !GTEST_OS_FUCHSIA
265
266 // Flag characters for reporting a death test that did not die.
267 static const char kDeathTestLived = 'L';
268 static const char kDeathTestReturned = 'R';
269 static const char kDeathTestThrew = 'T';
270 static const char kDeathTestInternalError = 'I';
271
272 #ifdef GTEST_OS_FUCHSIA
273
274 // File descriptor used for the pipe in the child process.
275 static const int kFuchsiaReadPipeFd = 3;
276
277 #endif
278
279 // An enumeration describing all of the possible ways that a death test can
280 // conclude. DIED means that the process died while executing the test
281 // code; LIVED means that process lived beyond the end of the test code;
282 // RETURNED means that the test statement attempted to execute a return
283 // statement, which is not allowed; THREW means that the test statement
284 // returned control by throwing an exception. IN_PROGRESS means the test
285 // has not yet concluded.
286 enum DeathTestOutcome { IN_PROGRESS, DIED, LIVED, RETURNED, THREW };
287
288 // Routine for aborting the program which is safe to call from an
289 // exec-style death test child process, in which case the error
290 // message is propagated back to the parent process. Otherwise, the
291 // message is simply printed to stderr. In either case, the program
292 // then exits with status 1.
DeathTestAbort(const std::string & message)293 [[noreturn]] static void DeathTestAbort(const std::string& message) {
294 // On a POSIX system, this function may be called from a threadsafe-style
295 // death test child process, which operates on a very small stack. Use
296 // the heap for any additional non-minuscule memory requirements.
297 const InternalRunDeathTestFlag* const flag =
298 GetUnitTestImpl()->internal_run_death_test_flag();
299 if (flag != nullptr) {
300 FILE* parent = posix::FDOpen(flag->write_fd(), "w");
301 fputc(kDeathTestInternalError, parent);
302 fprintf(parent, "%s", message.c_str());
303 fflush(parent);
304 _Exit(1);
305 } else {
306 fprintf(stderr, "%s", message.c_str());
307 fflush(stderr);
308 posix::Abort();
309 }
310 }
311
312 // A replacement for CHECK that calls DeathTestAbort if the assertion
313 // fails.
314 #define GTEST_DEATH_TEST_CHECK_(expression) \
315 do { \
316 if (!::testing::internal::IsTrue(expression)) { \
317 DeathTestAbort(::std::string("CHECK failed: File ") + __FILE__ + \
318 ", line " + \
319 ::testing::internal::StreamableToString(__LINE__) + \
320 ": " + #expression); \
321 } \
322 } while (::testing::internal::AlwaysFalse())
323
324 // This macro is similar to GTEST_DEATH_TEST_CHECK_, but it is meant for
325 // evaluating any system call that fulfills two conditions: it must return
326 // -1 on failure, and set errno to EINTR when it is interrupted and
327 // should be tried again. The macro expands to a loop that repeatedly
328 // evaluates the expression as long as it evaluates to -1 and sets
329 // errno to EINTR. If the expression evaluates to -1 but errno is
330 // something other than EINTR, DeathTestAbort is called.
331 #define GTEST_DEATH_TEST_CHECK_SYSCALL_(expression) \
332 do { \
333 int gtest_retval; \
334 do { \
335 gtest_retval = (expression); \
336 } while (gtest_retval == -1 && errno == EINTR); \
337 if (gtest_retval == -1) { \
338 DeathTestAbort(::std::string("CHECK failed: File ") + __FILE__ + \
339 ", line " + \
340 ::testing::internal::StreamableToString(__LINE__) + \
341 ": " + #expression + " != -1"); \
342 } \
343 } while (::testing::internal::AlwaysFalse())
344
345 // Returns the message describing the last system error in errno.
GetLastErrnoDescription()346 std::string GetLastErrnoDescription() {
347 return errno == 0 ? "" : posix::StrError(errno);
348 }
349
350 // This is called from a death test parent process to read a failure
351 // message from the death test child process and log it with the FATAL
352 // severity. On Windows, the message is read from a pipe handle. On other
353 // platforms, it is read from a file descriptor.
FailFromInternalError(int fd)354 static void FailFromInternalError(int fd) {
355 Message error;
356 char buffer[256];
357 int num_read;
358
359 do {
360 while ((num_read = posix::Read(fd, buffer, 255)) > 0) {
361 buffer[num_read] = '\0';
362 error << buffer;
363 }
364 } while (num_read == -1 && errno == EINTR);
365
366 if (num_read == 0) {
367 GTEST_LOG_(FATAL) << error.GetString();
368 } else {
369 const int last_error = errno;
370 GTEST_LOG_(FATAL) << "Error while reading death test internal: "
371 << GetLastErrnoDescription() << " [" << last_error << "]";
372 }
373 }
374
375 // Death test constructor. Increments the running death test count
376 // for the current test.
DeathTest()377 DeathTest::DeathTest() {
378 TestInfo* const info = GetUnitTestImpl()->current_test_info();
379 if (info == nullptr) {
380 DeathTestAbort(
381 "Cannot run a death test outside of a TEST or "
382 "TEST_F construct");
383 }
384 }
385
386 // Creates and returns a death test by dispatching to the current
387 // death test factory.
Create(const char * statement,Matcher<const std::string &> matcher,const char * file,int line,DeathTest ** test)388 bool DeathTest::Create(const char* statement,
389 Matcher<const std::string&> matcher, const char* file,
390 int line, DeathTest** test) {
391 return GetUnitTestImpl()->death_test_factory()->Create(
392 statement, std::move(matcher), file, line, test);
393 }
394
LastMessage()395 const char* DeathTest::LastMessage() {
396 return last_death_test_message_.c_str();
397 }
398
set_last_death_test_message(const std::string & message)399 void DeathTest::set_last_death_test_message(const std::string& message) {
400 last_death_test_message_ = message;
401 }
402
403 std::string DeathTest::last_death_test_message_;
404
405 // Provides cross platform implementation for some death functionality.
406 class DeathTestImpl : public DeathTest {
407 protected:
DeathTestImpl(const char * a_statement,Matcher<const std::string &> matcher)408 DeathTestImpl(const char* a_statement, Matcher<const std::string&> matcher)
409 : statement_(a_statement),
410 matcher_(std::move(matcher)),
411 spawned_(false),
412 status_(-1),
413 outcome_(IN_PROGRESS),
414 read_fd_(-1),
415 write_fd_(-1) {}
416
417 // read_fd_ is expected to be closed and cleared by a derived class.
~DeathTestImpl()418 ~DeathTestImpl() override { GTEST_DEATH_TEST_CHECK_(read_fd_ == -1); }
419
420 void Abort(AbortReason reason) override;
421 bool Passed(bool status_ok) override;
422
statement() const423 const char* statement() const { return statement_; }
spawned() const424 bool spawned() const { return spawned_; }
set_spawned(bool is_spawned)425 void set_spawned(bool is_spawned) { spawned_ = is_spawned; }
status() const426 int status() const { return status_; }
set_status(int a_status)427 void set_status(int a_status) { status_ = a_status; }
outcome() const428 DeathTestOutcome outcome() const { return outcome_; }
set_outcome(DeathTestOutcome an_outcome)429 void set_outcome(DeathTestOutcome an_outcome) { outcome_ = an_outcome; }
read_fd() const430 int read_fd() const { return read_fd_; }
set_read_fd(int fd)431 void set_read_fd(int fd) { read_fd_ = fd; }
write_fd() const432 int write_fd() const { return write_fd_; }
set_write_fd(int fd)433 void set_write_fd(int fd) { write_fd_ = fd; }
434
435 // Called in the parent process only. Reads the result code of the death
436 // test child process via a pipe, interprets it to set the outcome_
437 // member, and closes read_fd_. Outputs diagnostics and terminates in
438 // case of unexpected codes.
439 void ReadAndInterpretStatusByte();
440
441 // Returns stderr output from the child process.
442 virtual std::string GetErrorLogs();
443
444 private:
445 // The textual content of the code this object is testing. This class
446 // doesn't own this string and should not attempt to delete it.
447 const char* const statement_;
448 // A matcher that's expected to match the stderr output by the child process.
449 Matcher<const std::string&> matcher_;
450 // True if the death test child process has been successfully spawned.
451 bool spawned_;
452 // The exit status of the child process.
453 int status_;
454 // How the death test concluded.
455 DeathTestOutcome outcome_;
456 // Descriptor to the read end of the pipe to the child process. It is
457 // always -1 in the child process. The child keeps its write end of the
458 // pipe in write_fd_.
459 int read_fd_;
460 // Descriptor to the child's write end of the pipe to the parent process.
461 // It is always -1 in the parent process. The parent keeps its end of the
462 // pipe in read_fd_.
463 int write_fd_;
464 };
465
466 // Called in the parent process only. Reads the result code of the death
467 // test child process via a pipe, interprets it to set the outcome_
468 // member, and closes read_fd_. Outputs diagnostics and terminates in
469 // case of unexpected codes.
ReadAndInterpretStatusByte()470 void DeathTestImpl::ReadAndInterpretStatusByte() {
471 char flag;
472 int bytes_read;
473
474 // The read() here blocks until data is available (signifying the
475 // failure of the death test) or until the pipe is closed (signifying
476 // its success), so it's okay to call this in the parent before
477 // the child process has exited.
478 do {
479 bytes_read = posix::Read(read_fd(), &flag, 1);
480 } while (bytes_read == -1 && errno == EINTR);
481
482 if (bytes_read == 0) {
483 set_outcome(DIED);
484 } else if (bytes_read == 1) {
485 switch (flag) {
486 case kDeathTestReturned:
487 set_outcome(RETURNED);
488 break;
489 case kDeathTestThrew:
490 set_outcome(THREW);
491 break;
492 case kDeathTestLived:
493 set_outcome(LIVED);
494 break;
495 case kDeathTestInternalError:
496 FailFromInternalError(read_fd()); // Does not return.
497 break;
498 default:
499 GTEST_LOG_(FATAL) << "Death test child process reported "
500 << "unexpected status byte ("
501 << static_cast<unsigned int>(flag) << ")";
502 }
503 } else {
504 GTEST_LOG_(FATAL) << "Read from death test child process failed: "
505 << GetLastErrnoDescription();
506 }
507 GTEST_DEATH_TEST_CHECK_SYSCALL_(posix::Close(read_fd()));
508 set_read_fd(-1);
509 }
510
GetErrorLogs()511 std::string DeathTestImpl::GetErrorLogs() { return GetCapturedStderr(); }
512
513 // Signals that the death test code which should have exited, didn't.
514 // Should be called only in a death test child process.
515 // Writes a status byte to the child's status file descriptor, then
516 // calls _Exit(1).
Abort(AbortReason reason)517 void DeathTestImpl::Abort(AbortReason reason) {
518 // The parent process considers the death test to be a failure if
519 // it finds any data in our pipe. So, here we write a single flag byte
520 // to the pipe, then exit.
521 const char status_ch = reason == TEST_DID_NOT_DIE ? kDeathTestLived
522 : reason == TEST_THREW_EXCEPTION ? kDeathTestThrew
523 : kDeathTestReturned;
524
525 GTEST_DEATH_TEST_CHECK_SYSCALL_(posix::Write(write_fd(), &status_ch, 1));
526 // We are leaking the descriptor here because on some platforms (i.e.,
527 // when built as Windows DLL), destructors of global objects will still
528 // run after calling _Exit(). On such systems, write_fd_ will be
529 // indirectly closed from the destructor of UnitTestImpl, causing double
530 // close if it is also closed here. On debug configurations, double close
531 // may assert. As there are no in-process buffers to flush here, we are
532 // relying on the OS to close the descriptor after the process terminates
533 // when the destructors are not run.
534 _Exit(1); // Exits w/o any normal exit hooks (we were supposed to crash)
535 }
536
537 // Returns an indented copy of stderr output for a death test.
538 // This makes distinguishing death test output lines from regular log lines
539 // much easier.
FormatDeathTestOutput(const::std::string & output)540 static ::std::string FormatDeathTestOutput(const ::std::string& output) {
541 ::std::string ret;
542 for (size_t at = 0;;) {
543 const size_t line_end = output.find('\n', at);
544 ret += "[ DEATH ] ";
545 if (line_end == ::std::string::npos) {
546 ret += output.substr(at);
547 break;
548 }
549 ret += output.substr(at, line_end + 1 - at);
550 at = line_end + 1;
551 }
552 return ret;
553 }
554
555 // Assesses the success or failure of a death test, using both private
556 // members which have previously been set, and one argument:
557 //
558 // Private data members:
559 // outcome: An enumeration describing how the death test
560 // concluded: DIED, LIVED, THREW, or RETURNED. The death test
561 // fails in the latter three cases.
562 // status: The exit status of the child process. On *nix, it is in the
563 // in the format specified by wait(2). On Windows, this is the
564 // value supplied to the ExitProcess() API or a numeric code
565 // of the exception that terminated the program.
566 // matcher_: A matcher that's expected to match the stderr output by the child
567 // process.
568 //
569 // Argument:
570 // status_ok: true if exit_status is acceptable in the context of
571 // this particular death test, which fails if it is false
572 //
573 // Returns true if and only if all of the above conditions are met. Otherwise,
574 // the first failing condition, in the order given above, is the one that is
575 // reported. Also sets the last death test message string.
Passed(bool status_ok)576 bool DeathTestImpl::Passed(bool status_ok) {
577 if (!spawned()) return false;
578
579 const std::string error_message = GetErrorLogs();
580
581 bool success = false;
582 Message buffer;
583
584 buffer << "Death test: " << statement() << "\n";
585 switch (outcome()) {
586 case LIVED:
587 buffer << " Result: failed to die.\n"
588 << " Error msg:\n"
589 << FormatDeathTestOutput(error_message);
590 break;
591 case THREW:
592 buffer << " Result: threw an exception.\n"
593 << " Error msg:\n"
594 << FormatDeathTestOutput(error_message);
595 break;
596 case RETURNED:
597 buffer << " Result: illegal return in test statement.\n"
598 << " Error msg:\n"
599 << FormatDeathTestOutput(error_message);
600 break;
601 case DIED:
602 if (status_ok) {
603 if (matcher_.Matches(error_message)) {
604 success = true;
605 } else {
606 std::ostringstream stream;
607 matcher_.DescribeTo(&stream);
608 buffer << " Result: died but not with expected error.\n"
609 << " Expected: " << stream.str() << "\n"
610 << "Actual msg:\n"
611 << FormatDeathTestOutput(error_message);
612 }
613 } else {
614 buffer << " Result: died but not with expected exit code:\n"
615 << " " << ExitSummary(status()) << "\n"
616 << "Actual msg:\n"
617 << FormatDeathTestOutput(error_message);
618 }
619 break;
620 case IN_PROGRESS:
621 default:
622 GTEST_LOG_(FATAL)
623 << "DeathTest::Passed somehow called before conclusion of test";
624 }
625
626 DeathTest::set_last_death_test_message(buffer.GetString());
627 return success;
628 }
629
630 #ifndef GTEST_OS_WINDOWS
631 // Note: The return value points into args, so the return value's lifetime is
632 // bound to that of args.
CreateArgvFromArgs(std::vector<std::string> & args)633 static std::vector<char*> CreateArgvFromArgs(std::vector<std::string>& args) {
634 std::vector<char*> result;
635 result.reserve(args.size() + 1);
636 for (auto& arg : args) {
637 result.push_back(&arg[0]);
638 }
639 result.push_back(nullptr); // Extra null terminator.
640 return result;
641 }
642 #endif
643
644 #ifdef GTEST_OS_WINDOWS
645 // WindowsDeathTest implements death tests on Windows. Due to the
646 // specifics of starting new processes on Windows, death tests there are
647 // always threadsafe, and Google Test considers the
648 // --gtest_death_test_style=fast setting to be equivalent to
649 // --gtest_death_test_style=threadsafe there.
650 //
651 // A few implementation notes: Like the Linux version, the Windows
652 // implementation uses pipes for child-to-parent communication. But due to
653 // the specifics of pipes on Windows, some extra steps are required:
654 //
655 // 1. The parent creates a communication pipe and stores handles to both
656 // ends of it.
657 // 2. The parent starts the child and provides it with the information
658 // necessary to acquire the handle to the write end of the pipe.
659 // 3. The child acquires the write end of the pipe and signals the parent
660 // using a Windows event.
661 // 4. Now the parent can release the write end of the pipe on its side. If
662 // this is done before step 3, the object's reference count goes down to
663 // 0 and it is destroyed, preventing the child from acquiring it. The
664 // parent now has to release it, or read operations on the read end of
665 // the pipe will not return when the child terminates.
666 // 5. The parent reads child's output through the pipe (outcome code and
667 // any possible error messages) from the pipe, and its stderr and then
668 // determines whether to fail the test.
669 //
670 // Note: to distinguish Win32 API calls from the local method and function
671 // calls, the former are explicitly resolved in the global namespace.
672 //
673 class WindowsDeathTest : public DeathTestImpl {
674 public:
WindowsDeathTest(const char * a_statement,Matcher<const std::string &> matcher,const char * file,int line)675 WindowsDeathTest(const char* a_statement, Matcher<const std::string&> matcher,
676 const char* file, int line)
677 : DeathTestImpl(a_statement, std::move(matcher)),
678 file_(file),
679 line_(line) {}
680
681 // All of these virtual functions are inherited from DeathTest.
682 virtual int Wait();
683 virtual TestRole AssumeRole();
684
685 private:
686 // The name of the file in which the death test is located.
687 const char* const file_;
688 // The line number on which the death test is located.
689 const int line_;
690 // Handle to the write end of the pipe to the child process.
691 AutoHandle write_handle_;
692 // Child process handle.
693 AutoHandle child_handle_;
694 // Event the child process uses to signal the parent that it has
695 // acquired the handle to the write end of the pipe. After seeing this
696 // event the parent can release its own handles to make sure its
697 // ReadFile() calls return when the child terminates.
698 AutoHandle event_handle_;
699 };
700
701 // Waits for the child in a death test to exit, returning its exit
702 // status, or 0 if no child process exists. As a side effect, sets the
703 // outcome data member.
Wait()704 int WindowsDeathTest::Wait() {
705 if (!spawned()) return 0;
706
707 // Wait until the child either signals that it has acquired the write end
708 // of the pipe or it dies.
709 const HANDLE wait_handles[2] = {child_handle_.Get(), event_handle_.Get()};
710 switch (::WaitForMultipleObjects(2, wait_handles,
711 FALSE, // Waits for any of the handles.
712 INFINITE)) {
713 case WAIT_OBJECT_0:
714 case WAIT_OBJECT_0 + 1:
715 break;
716 default:
717 GTEST_DEATH_TEST_CHECK_(false); // Should not get here.
718 }
719
720 // The child has acquired the write end of the pipe or exited.
721 // We release the handle on our side and continue.
722 write_handle_.Reset();
723 event_handle_.Reset();
724
725 ReadAndInterpretStatusByte();
726
727 // Waits for the child process to exit if it haven't already. This
728 // returns immediately if the child has already exited, regardless of
729 // whether previous calls to WaitForMultipleObjects synchronized on this
730 // handle or not.
731 GTEST_DEATH_TEST_CHECK_(WAIT_OBJECT_0 ==
732 ::WaitForSingleObject(child_handle_.Get(), INFINITE));
733 DWORD status_code;
734 GTEST_DEATH_TEST_CHECK_(
735 ::GetExitCodeProcess(child_handle_.Get(), &status_code) != FALSE);
736 child_handle_.Reset();
737 set_status(static_cast<int>(status_code));
738 return status();
739 }
740
741 // The AssumeRole process for a Windows death test. It creates a child
742 // process with the same executable as the current process to run the
743 // death test. The child process is given the --gtest_filter and
744 // --gtest_internal_run_death_test flags such that it knows to run the
745 // current death test only.
AssumeRole()746 DeathTest::TestRole WindowsDeathTest::AssumeRole() {
747 const UnitTestImpl* const impl = GetUnitTestImpl();
748 const InternalRunDeathTestFlag* const flag =
749 impl->internal_run_death_test_flag();
750 const TestInfo* const info = impl->current_test_info();
751 const int death_test_index = info->result()->death_test_count();
752
753 if (flag != nullptr) {
754 // ParseInternalRunDeathTestFlag() has performed all the necessary
755 // processing.
756 set_write_fd(flag->write_fd());
757 return EXECUTE_TEST;
758 }
759
760 // WindowsDeathTest uses an anonymous pipe to communicate results of
761 // a death test.
762 SECURITY_ATTRIBUTES handles_are_inheritable = {sizeof(SECURITY_ATTRIBUTES),
763 nullptr, TRUE};
764 HANDLE read_handle, write_handle;
765 GTEST_DEATH_TEST_CHECK_(::CreatePipe(&read_handle, &write_handle,
766 &handles_are_inheritable,
767 0) // Default buffer size.
768 != FALSE);
769 set_read_fd(
770 ::_open_osfhandle(reinterpret_cast<intptr_t>(read_handle), O_RDONLY));
771 write_handle_.Reset(write_handle);
772 event_handle_.Reset(::CreateEvent(
773 &handles_are_inheritable,
774 TRUE, // The event will automatically reset to non-signaled state.
775 FALSE, // The initial state is non-signalled.
776 nullptr)); // The even is unnamed.
777 GTEST_DEATH_TEST_CHECK_(event_handle_.Get() != nullptr);
778 const std::string filter_flag = std::string("--") + GTEST_FLAG_PREFIX_ +
779 "filter=" + info->test_suite_name() + "." +
780 info->name();
781 const std::string internal_flag =
782 std::string("--") + GTEST_FLAG_PREFIX_ +
783 "internal_run_death_test=" + file_ + "|" + StreamableToString(line_) +
784 "|" + StreamableToString(death_test_index) + "|" +
785 StreamableToString(static_cast<unsigned int>(::GetCurrentProcessId())) +
786 // size_t has the same width as pointers on both 32-bit and 64-bit
787 // Windows platforms.
788 // See https://msdn.microsoft.com/en-us/library/tcxf1dw6.aspx.
789 "|" + StreamableToString(reinterpret_cast<size_t>(write_handle)) + "|" +
790 StreamableToString(reinterpret_cast<size_t>(event_handle_.Get()));
791
792 char executable_path[_MAX_PATH + 1]; // NOLINT
793 GTEST_DEATH_TEST_CHECK_(_MAX_PATH + 1 != ::GetModuleFileNameA(nullptr,
794 executable_path,
795 _MAX_PATH));
796
797 std::string command_line = std::string(::GetCommandLineA()) + " " +
798 filter_flag + " \"" + internal_flag + "\"";
799
800 DeathTest::set_last_death_test_message("");
801
802 CaptureStderr();
803 // Flush the log buffers since the log streams are shared with the child.
804 FlushInfoLog();
805
806 // The child process will share the standard handles with the parent.
807 STARTUPINFOA startup_info;
808 memset(&startup_info, 0, sizeof(STARTUPINFO));
809 startup_info.dwFlags = STARTF_USESTDHANDLES;
810 startup_info.hStdInput = ::GetStdHandle(STD_INPUT_HANDLE);
811 startup_info.hStdOutput = ::GetStdHandle(STD_OUTPUT_HANDLE);
812 startup_info.hStdError = ::GetStdHandle(STD_ERROR_HANDLE);
813
814 PROCESS_INFORMATION process_info;
815 GTEST_DEATH_TEST_CHECK_(
816 ::CreateProcessA(
817 executable_path, const_cast<char*>(command_line.c_str()),
818 nullptr, // Returned process handle is not inheritable.
819 nullptr, // Returned thread handle is not inheritable.
820 TRUE, // Child inherits all inheritable handles (for write_handle_).
821 0x0, // Default creation flags.
822 nullptr, // Inherit the parent's environment.
823 UnitTest::GetInstance()->original_working_dir(), &startup_info,
824 &process_info) != FALSE);
825 child_handle_.Reset(process_info.hProcess);
826 ::CloseHandle(process_info.hThread);
827 set_spawned(true);
828 return OVERSEE_TEST;
829 }
830
831 #elif defined(GTEST_OS_FUCHSIA)
832
833 class FuchsiaDeathTest : public DeathTestImpl {
834 public:
FuchsiaDeathTest(const char * a_statement,Matcher<const std::string &> matcher,const char * file,int line)835 FuchsiaDeathTest(const char* a_statement, Matcher<const std::string&> matcher,
836 const char* file, int line)
837 : DeathTestImpl(a_statement, std::move(matcher)),
838 file_(file),
839 line_(line) {}
840
841 // All of these virtual functions are inherited from DeathTest.
842 int Wait() override;
843 TestRole AssumeRole() override;
844 std::string GetErrorLogs() override;
845
846 private:
847 // The name of the file in which the death test is located.
848 const char* const file_;
849 // The line number on which the death test is located.
850 const int line_;
851 // The stderr data captured by the child process.
852 std::string captured_stderr_;
853
854 zx::process child_process_;
855 zx::channel exception_channel_;
856 zx::socket stderr_socket_;
857 };
858
859 // Waits for the child in a death test to exit, returning its exit
860 // status, or 0 if no child process exists. As a side effect, sets the
861 // outcome data member.
Wait()862 int FuchsiaDeathTest::Wait() {
863 const int kProcessKey = 0;
864 const int kSocketKey = 1;
865 const int kExceptionKey = 2;
866
867 if (!spawned()) return 0;
868
869 // Create a port to wait for socket/task/exception events.
870 zx_status_t status_zx;
871 zx::port port;
872 status_zx = zx::port::create(0, &port);
873 GTEST_DEATH_TEST_CHECK_(status_zx == ZX_OK);
874
875 // Register to wait for the child process to terminate.
876 status_zx =
877 child_process_.wait_async(port, kProcessKey, ZX_PROCESS_TERMINATED, 0);
878 GTEST_DEATH_TEST_CHECK_(status_zx == ZX_OK);
879
880 // Register to wait for the socket to be readable or closed.
881 status_zx = stderr_socket_.wait_async(
882 port, kSocketKey, ZX_SOCKET_READABLE | ZX_SOCKET_PEER_CLOSED, 0);
883 GTEST_DEATH_TEST_CHECK_(status_zx == ZX_OK);
884
885 // Register to wait for an exception.
886 status_zx = exception_channel_.wait_async(port, kExceptionKey,
887 ZX_CHANNEL_READABLE, 0);
888 GTEST_DEATH_TEST_CHECK_(status_zx == ZX_OK);
889
890 bool process_terminated = false;
891 bool socket_closed = false;
892 do {
893 zx_port_packet_t packet = {};
894 status_zx = port.wait(zx::time::infinite(), &packet);
895 GTEST_DEATH_TEST_CHECK_(status_zx == ZX_OK);
896
897 if (packet.key == kExceptionKey) {
898 // Process encountered an exception. Kill it directly rather than
899 // letting other handlers process the event. We will get a kProcessKey
900 // event when the process actually terminates.
901 status_zx = child_process_.kill();
902 GTEST_DEATH_TEST_CHECK_(status_zx == ZX_OK);
903 } else if (packet.key == kProcessKey) {
904 // Process terminated.
905 GTEST_DEATH_TEST_CHECK_(ZX_PKT_IS_SIGNAL_ONE(packet.type));
906 GTEST_DEATH_TEST_CHECK_(packet.signal.observed & ZX_PROCESS_TERMINATED);
907 process_terminated = true;
908 } else if (packet.key == kSocketKey) {
909 GTEST_DEATH_TEST_CHECK_(ZX_PKT_IS_SIGNAL_ONE(packet.type));
910 if (packet.signal.observed & ZX_SOCKET_READABLE) {
911 // Read data from the socket.
912 constexpr size_t kBufferSize = 1024;
913 do {
914 size_t old_length = captured_stderr_.length();
915 size_t bytes_read = 0;
916 captured_stderr_.resize(old_length + kBufferSize);
917 status_zx =
918 stderr_socket_.read(0, &captured_stderr_.front() + old_length,
919 kBufferSize, &bytes_read);
920 captured_stderr_.resize(old_length + bytes_read);
921 } while (status_zx == ZX_OK);
922 if (status_zx == ZX_ERR_PEER_CLOSED) {
923 socket_closed = true;
924 } else {
925 GTEST_DEATH_TEST_CHECK_(status_zx == ZX_ERR_SHOULD_WAIT);
926 status_zx = stderr_socket_.wait_async(
927 port, kSocketKey, ZX_SOCKET_READABLE | ZX_SOCKET_PEER_CLOSED, 0);
928 GTEST_DEATH_TEST_CHECK_(status_zx == ZX_OK);
929 }
930 } else {
931 GTEST_DEATH_TEST_CHECK_(packet.signal.observed & ZX_SOCKET_PEER_CLOSED);
932 socket_closed = true;
933 }
934 }
935 } while (!process_terminated && !socket_closed);
936
937 ReadAndInterpretStatusByte();
938
939 zx_info_process_t buffer;
940 status_zx = child_process_.get_info(ZX_INFO_PROCESS, &buffer, sizeof(buffer),
941 nullptr, nullptr);
942 GTEST_DEATH_TEST_CHECK_(status_zx == ZX_OK);
943
944 GTEST_DEATH_TEST_CHECK_(buffer.flags & ZX_INFO_PROCESS_FLAG_EXITED);
945 set_status(static_cast<int>(buffer.return_code));
946 return status();
947 }
948
949 // The AssumeRole process for a Fuchsia death test. It creates a child
950 // process with the same executable as the current process to run the
951 // death test. The child process is given the --gtest_filter and
952 // --gtest_internal_run_death_test flags such that it knows to run the
953 // current death test only.
AssumeRole()954 DeathTest::TestRole FuchsiaDeathTest::AssumeRole() {
955 const UnitTestImpl* const impl = GetUnitTestImpl();
956 const InternalRunDeathTestFlag* const flag =
957 impl->internal_run_death_test_flag();
958 const TestInfo* const info = impl->current_test_info();
959 const int death_test_index = info->result()->death_test_count();
960
961 if (flag != nullptr) {
962 // ParseInternalRunDeathTestFlag() has performed all the necessary
963 // processing.
964 set_write_fd(kFuchsiaReadPipeFd);
965 return EXECUTE_TEST;
966 }
967
968 // Flush the log buffers since the log streams are shared with the child.
969 FlushInfoLog();
970
971 // Build the child process command line.
972 const std::string filter_flag = std::string("--") + GTEST_FLAG_PREFIX_ +
973 "filter=" + info->test_suite_name() + "." +
974 info->name();
975 const std::string internal_flag = std::string("--") + GTEST_FLAG_PREFIX_ +
976 kInternalRunDeathTestFlag + "=" + file_ +
977 "|" + StreamableToString(line_) + "|" +
978 StreamableToString(death_test_index);
979
980 std::vector<std::string> args = GetInjectableArgvs();
981 args.push_back(filter_flag);
982 args.push_back(internal_flag);
983
984 // Build the pipe for communication with the child.
985 zx_status_t status;
986 zx_handle_t child_pipe_handle;
987 int child_pipe_fd;
988 status = fdio_pipe_half(&child_pipe_fd, &child_pipe_handle);
989 GTEST_DEATH_TEST_CHECK_(status == ZX_OK);
990 set_read_fd(child_pipe_fd);
991
992 // Set the pipe handle for the child.
993 fdio_spawn_action_t spawn_actions[2] = {};
994 fdio_spawn_action_t* add_handle_action = &spawn_actions[0];
995 add_handle_action->action = FDIO_SPAWN_ACTION_ADD_HANDLE;
996 add_handle_action->h.id = PA_HND(PA_FD, kFuchsiaReadPipeFd);
997 add_handle_action->h.handle = child_pipe_handle;
998
999 // Create a socket pair will be used to receive the child process' stderr.
1000 zx::socket stderr_producer_socket;
1001 status = zx::socket::create(0, &stderr_producer_socket, &stderr_socket_);
1002 GTEST_DEATH_TEST_CHECK_(status >= 0);
1003 int stderr_producer_fd = -1;
1004 status =
1005 fdio_fd_create(stderr_producer_socket.release(), &stderr_producer_fd);
1006 GTEST_DEATH_TEST_CHECK_(status >= 0);
1007
1008 // Make the stderr socket nonblocking.
1009 GTEST_DEATH_TEST_CHECK_(fcntl(stderr_producer_fd, F_SETFL, 0) == 0);
1010
1011 fdio_spawn_action_t* add_stderr_action = &spawn_actions[1];
1012 add_stderr_action->action = FDIO_SPAWN_ACTION_CLONE_FD;
1013 add_stderr_action->fd.local_fd = stderr_producer_fd;
1014 add_stderr_action->fd.target_fd = STDERR_FILENO;
1015
1016 // Create a child job.
1017 zx_handle_t child_job = ZX_HANDLE_INVALID;
1018 status = zx_job_create(zx_job_default(), 0, &child_job);
1019 GTEST_DEATH_TEST_CHECK_(status == ZX_OK);
1020 zx_policy_basic_t policy;
1021 policy.condition = ZX_POL_NEW_ANY;
1022 policy.policy = ZX_POL_ACTION_ALLOW;
1023 status = zx_job_set_policy(child_job, ZX_JOB_POL_RELATIVE, ZX_JOB_POL_BASIC,
1024 &policy, 1);
1025 GTEST_DEATH_TEST_CHECK_(status == ZX_OK);
1026
1027 // Create an exception channel attached to the |child_job|, to allow
1028 // us to suppress the system default exception handler from firing.
1029 status = zx_task_create_exception_channel(
1030 child_job, 0, exception_channel_.reset_and_get_address());
1031 GTEST_DEATH_TEST_CHECK_(status == ZX_OK);
1032
1033 // Spawn the child process.
1034 // Note: The test component must have `fuchsia.process.Launcher` declared
1035 // in its manifest. (Fuchsia integration tests require creating a
1036 // "Fuchsia Test Component" which contains a "Fuchsia Component Manifest")
1037 // Launching processes is a privileged operation in Fuchsia, and the
1038 // declaration indicates that the ability is required for the component.
1039 std::vector<char*> argv = CreateArgvFromArgs(args);
1040 status = fdio_spawn_etc(child_job, FDIO_SPAWN_CLONE_ALL, argv[0], argv.data(),
1041 nullptr, 2, spawn_actions,
1042 child_process_.reset_and_get_address(), nullptr);
1043 GTEST_DEATH_TEST_CHECK_(status == ZX_OK);
1044
1045 set_spawned(true);
1046 return OVERSEE_TEST;
1047 }
1048
GetErrorLogs()1049 std::string FuchsiaDeathTest::GetErrorLogs() { return captured_stderr_; }
1050
1051 #else // We are neither on Windows, nor on Fuchsia.
1052
1053 // ForkingDeathTest provides implementations for most of the abstract
1054 // methods of the DeathTest interface. Only the AssumeRole method is
1055 // left undefined.
1056 class ForkingDeathTest : public DeathTestImpl {
1057 public:
1058 ForkingDeathTest(const char* statement, Matcher<const std::string&> matcher);
1059
1060 // All of these virtual functions are inherited from DeathTest.
1061 int Wait() override;
1062
1063 protected:
set_child_pid(pid_t child_pid)1064 void set_child_pid(pid_t child_pid) { child_pid_ = child_pid; }
1065
1066 private:
1067 // PID of child process during death test; 0 in the child process itself.
1068 pid_t child_pid_;
1069 };
1070
1071 // Constructs a ForkingDeathTest.
ForkingDeathTest(const char * a_statement,Matcher<const std::string &> matcher)1072 ForkingDeathTest::ForkingDeathTest(const char* a_statement,
1073 Matcher<const std::string&> matcher)
1074 : DeathTestImpl(a_statement, std::move(matcher)), child_pid_(-1) {}
1075
1076 // Waits for the child in a death test to exit, returning its exit
1077 // status, or 0 if no child process exists. As a side effect, sets the
1078 // outcome data member.
Wait()1079 int ForkingDeathTest::Wait() {
1080 if (!spawned()) return 0;
1081
1082 ReadAndInterpretStatusByte();
1083
1084 int status_value;
1085 GTEST_DEATH_TEST_CHECK_SYSCALL_(waitpid(child_pid_, &status_value, 0));
1086 set_status(status_value);
1087 return status_value;
1088 }
1089
1090 // A concrete death test class that forks, then immediately runs the test
1091 // in the child process.
1092 class NoExecDeathTest : public ForkingDeathTest {
1093 public:
NoExecDeathTest(const char * a_statement,Matcher<const std::string &> matcher)1094 NoExecDeathTest(const char* a_statement, Matcher<const std::string&> matcher)
1095 : ForkingDeathTest(a_statement, std::move(matcher)) {}
1096 TestRole AssumeRole() override;
1097 };
1098
1099 // The AssumeRole process for a fork-and-run death test. It implements a
1100 // straightforward fork, with a simple pipe to transmit the status byte.
AssumeRole()1101 DeathTest::TestRole NoExecDeathTest::AssumeRole() {
1102 const size_t thread_count = GetThreadCount();
1103 if (thread_count != 1) {
1104 GTEST_LOG_(WARNING) << DeathTestThreadWarning(thread_count);
1105 }
1106
1107 int pipe_fd[2];
1108 GTEST_DEATH_TEST_CHECK_(pipe(pipe_fd) != -1);
1109
1110 DeathTest::set_last_death_test_message("");
1111 CaptureStderr();
1112 // When we fork the process below, the log file buffers are copied, but the
1113 // file descriptors are shared. We flush all log files here so that closing
1114 // the file descriptors in the child process doesn't throw off the
1115 // synchronization between descriptors and buffers in the parent process.
1116 // This is as close to the fork as possible to avoid a race condition in case
1117 // there are multiple threads running before the death test, and another
1118 // thread writes to the log file.
1119 FlushInfoLog();
1120
1121 const pid_t child_pid = fork();
1122 GTEST_DEATH_TEST_CHECK_(child_pid != -1);
1123 set_child_pid(child_pid);
1124 if (child_pid == 0) {
1125 GTEST_DEATH_TEST_CHECK_SYSCALL_(close(pipe_fd[0]));
1126 set_write_fd(pipe_fd[1]);
1127 // Redirects all logging to stderr in the child process to prevent
1128 // concurrent writes to the log files. We capture stderr in the parent
1129 // process and append the child process' output to a log.
1130 LogToStderr();
1131 // Event forwarding to the listeners of event listener API mush be shut
1132 // down in death test subprocesses.
1133 GetUnitTestImpl()->listeners()->SuppressEventForwarding(true);
1134 g_in_fast_death_test_child = true;
1135 return EXECUTE_TEST;
1136 } else {
1137 GTEST_DEATH_TEST_CHECK_SYSCALL_(close(pipe_fd[1]));
1138 set_read_fd(pipe_fd[0]);
1139 set_spawned(true);
1140 return OVERSEE_TEST;
1141 }
1142 }
1143
1144 // A concrete death test class that forks and re-executes the main
1145 // program from the beginning, with command-line flags set that cause
1146 // only this specific death test to be run.
1147 class ExecDeathTest : public ForkingDeathTest {
1148 public:
ExecDeathTest(const char * a_statement,Matcher<const std::string &> matcher,const char * file,int line)1149 ExecDeathTest(const char* a_statement, Matcher<const std::string&> matcher,
1150 const char* file, int line)
1151 : ForkingDeathTest(a_statement, std::move(matcher)),
1152 file_(file),
1153 line_(line) {}
1154 TestRole AssumeRole() override;
1155
1156 private:
GetArgvsForDeathTestChildProcess()1157 static ::std::vector<std::string> GetArgvsForDeathTestChildProcess() {
1158 ::std::vector<std::string> args = GetInjectableArgvs();
1159 #if defined(GTEST_EXTRA_DEATH_TEST_COMMAND_LINE_ARGS_)
1160 ::std::vector<std::string> extra_args =
1161 GTEST_EXTRA_DEATH_TEST_COMMAND_LINE_ARGS_();
1162 args.insert(args.end(), extra_args.begin(), extra_args.end());
1163 #endif // defined(GTEST_EXTRA_DEATH_TEST_COMMAND_LINE_ARGS_)
1164 return args;
1165 }
1166 // The name of the file in which the death test is located.
1167 const char* const file_;
1168 // The line number on which the death test is located.
1169 const int line_;
1170 };
1171
1172 // A struct that encompasses the arguments to the child process of a
1173 // threadsafe-style death test process.
1174 struct ExecDeathTestArgs {
1175 char* const* argv; // Command-line arguments for the child's call to exec
1176 int close_fd; // File descriptor to close; the read end of a pipe
1177 };
1178
1179 #ifdef GTEST_OS_QNX
1180 extern "C" char** environ;
1181 #else // GTEST_OS_QNX
1182 // The main function for a threadsafe-style death test child process.
1183 // This function is called in a clone()-ed process and thus must avoid
1184 // any potentially unsafe operations like malloc or libc functions.
ExecDeathTestChildMain(void * child_arg)1185 static int ExecDeathTestChildMain(void* child_arg) {
1186 ExecDeathTestArgs* const args = static_cast<ExecDeathTestArgs*>(child_arg);
1187 GTEST_DEATH_TEST_CHECK_SYSCALL_(close(args->close_fd));
1188
1189 // We need to execute the test program in the same environment where
1190 // it was originally invoked. Therefore we change to the original
1191 // working directory first.
1192 const char* const original_dir =
1193 UnitTest::GetInstance()->original_working_dir();
1194 // We can safely call chdir() as it's a direct system call.
1195 if (chdir(original_dir) != 0) {
1196 DeathTestAbort(std::string("chdir(\"") + original_dir +
1197 "\") failed: " + GetLastErrnoDescription());
1198 return EXIT_FAILURE;
1199 }
1200
1201 // We can safely call execv() as it's almost a direct system call. We
1202 // cannot use execvp() as it's a libc function and thus potentially
1203 // unsafe. Since execv() doesn't search the PATH, the user must
1204 // invoke the test program via a valid path that contains at least
1205 // one path separator.
1206 execv(args->argv[0], args->argv);
1207 DeathTestAbort(std::string("execv(") + args->argv[0] + ", ...) in " +
1208 original_dir + " failed: " + GetLastErrnoDescription());
1209 return EXIT_FAILURE;
1210 }
1211 #endif // GTEST_OS_QNX
1212
1213 #if GTEST_HAS_CLONE
1214 // Two utility routines that together determine the direction the stack
1215 // grows.
1216 // This could be accomplished more elegantly by a single recursive
1217 // function, but we want to guard against the unlikely possibility of
1218 // a smart compiler optimizing the recursion away.
1219 //
1220 // GTEST_NO_INLINE_ is required to prevent GCC 4.6 from inlining
1221 // StackLowerThanAddress into StackGrowsDown, which then doesn't give
1222 // correct answer.
1223 static void StackLowerThanAddress(const void* ptr,
1224 bool* result) GTEST_NO_INLINE_;
1225 // Make sure sanitizers do not tamper with the stack here.
1226 // Ideally, we want to use `__builtin_frame_address` instead of a local variable
1227 // address with sanitizer disabled, but it does not work when the
1228 // compiler optimizes the stack frame out, which happens on PowerPC targets.
1229 // HWAddressSanitizer add a random tag to the MSB of the local variable address,
1230 // making comparison result unpredictable.
1231 GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
1232 GTEST_ATTRIBUTE_NO_SANITIZE_HWADDRESS_
StackLowerThanAddress(const void * ptr,bool * result)1233 static void StackLowerThanAddress(const void* ptr, bool* result) {
1234 int dummy = 0;
1235 *result = std::less<const void*>()(&dummy, ptr);
1236 }
1237
1238 // Make sure AddressSanitizer does not tamper with the stack here.
1239 GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
1240 GTEST_ATTRIBUTE_NO_SANITIZE_HWADDRESS_
StackGrowsDown()1241 static bool StackGrowsDown() {
1242 int dummy = 0;
1243 bool result;
1244 StackLowerThanAddress(&dummy, &result);
1245 return result;
1246 }
1247 #endif // GTEST_HAS_CLONE
1248
1249 // Spawns a child process with the same executable as the current process in
1250 // a thread-safe manner and instructs it to run the death test. The
1251 // implementation uses fork(2) + exec. On systems where clone(2) is
1252 // available, it is used instead, being slightly more thread-safe. On QNX,
1253 // fork supports only single-threaded environments, so this function uses
1254 // spawn(2) there instead. The function dies with an error message if
1255 // anything goes wrong.
ExecDeathTestSpawnChild(char * const * argv,int close_fd)1256 static pid_t ExecDeathTestSpawnChild(char* const* argv, int close_fd) {
1257 ExecDeathTestArgs args = {argv, close_fd};
1258 pid_t child_pid = -1;
1259
1260 #ifdef GTEST_OS_QNX
1261 // Obtains the current directory and sets it to be closed in the child
1262 // process.
1263 const int cwd_fd = open(".", O_RDONLY);
1264 GTEST_DEATH_TEST_CHECK_(cwd_fd != -1);
1265 GTEST_DEATH_TEST_CHECK_SYSCALL_(fcntl(cwd_fd, F_SETFD, FD_CLOEXEC));
1266 // We need to execute the test program in the same environment where
1267 // it was originally invoked. Therefore we change to the original
1268 // working directory first.
1269 const char* const original_dir =
1270 UnitTest::GetInstance()->original_working_dir();
1271 // We can safely call chdir() as it's a direct system call.
1272 if (chdir(original_dir) != 0) {
1273 DeathTestAbort(std::string("chdir(\"") + original_dir +
1274 "\") failed: " + GetLastErrnoDescription());
1275 return EXIT_FAILURE;
1276 }
1277
1278 int fd_flags;
1279 // Set close_fd to be closed after spawn.
1280 GTEST_DEATH_TEST_CHECK_SYSCALL_(fd_flags = fcntl(close_fd, F_GETFD));
1281 GTEST_DEATH_TEST_CHECK_SYSCALL_(
1282 fcntl(close_fd, F_SETFD, fd_flags | FD_CLOEXEC));
1283 struct inheritance inherit = {0};
1284 // spawn is a system call.
1285 child_pid = spawn(args.argv[0], 0, nullptr, &inherit, args.argv, environ);
1286 // Restores the current working directory.
1287 GTEST_DEATH_TEST_CHECK_(fchdir(cwd_fd) != -1);
1288 GTEST_DEATH_TEST_CHECK_SYSCALL_(close(cwd_fd));
1289
1290 #else // GTEST_OS_QNX
1291 #ifdef GTEST_OS_LINUX
1292 // When a SIGPROF signal is received while fork() or clone() are executing,
1293 // the process may hang. To avoid this, we ignore SIGPROF here and re-enable
1294 // it after the call to fork()/clone() is complete.
1295 struct sigaction saved_sigprof_action;
1296 struct sigaction ignore_sigprof_action;
1297 memset(&ignore_sigprof_action, 0, sizeof(ignore_sigprof_action));
1298 sigemptyset(&ignore_sigprof_action.sa_mask);
1299 ignore_sigprof_action.sa_handler = SIG_IGN;
1300 GTEST_DEATH_TEST_CHECK_SYSCALL_(
1301 sigaction(SIGPROF, &ignore_sigprof_action, &saved_sigprof_action));
1302 #endif // GTEST_OS_LINUX
1303
1304 #if GTEST_HAS_CLONE
1305 const bool use_fork = GTEST_FLAG_GET(death_test_use_fork);
1306
1307 if (!use_fork) {
1308 static const bool stack_grows_down = StackGrowsDown();
1309 const auto stack_size = static_cast<size_t>(getpagesize() * 2);
1310 // MMAP_ANONYMOUS is not defined on Mac, so we use MAP_ANON instead.
1311 void* const stack = mmap(nullptr, stack_size, PROT_READ | PROT_WRITE,
1312 MAP_ANON | MAP_PRIVATE, -1, 0);
1313 GTEST_DEATH_TEST_CHECK_(stack != MAP_FAILED);
1314
1315 // Maximum stack alignment in bytes: For a downward-growing stack, this
1316 // amount is subtracted from size of the stack space to get an address
1317 // that is within the stack space and is aligned on all systems we care
1318 // about. As far as I know there is no ABI with stack alignment greater
1319 // than 64. We assume stack and stack_size already have alignment of
1320 // kMaxStackAlignment.
1321 const size_t kMaxStackAlignment = 64;
1322 void* const stack_top =
1323 static_cast<char*>(stack) +
1324 (stack_grows_down ? stack_size - kMaxStackAlignment : 0);
1325 GTEST_DEATH_TEST_CHECK_(
1326 static_cast<size_t>(stack_size) > kMaxStackAlignment &&
1327 reinterpret_cast<uintptr_t>(stack_top) % kMaxStackAlignment == 0);
1328
1329 child_pid = clone(&ExecDeathTestChildMain, stack_top, SIGCHLD, &args);
1330
1331 GTEST_DEATH_TEST_CHECK_(munmap(stack, stack_size) != -1);
1332 }
1333 #else
1334 const bool use_fork = true;
1335 #endif // GTEST_HAS_CLONE
1336
1337 if (use_fork && (child_pid = fork()) == 0) {
1338 _Exit(ExecDeathTestChildMain(&args));
1339 }
1340 #endif // GTEST_OS_QNX
1341 #ifdef GTEST_OS_LINUX
1342 GTEST_DEATH_TEST_CHECK_SYSCALL_(
1343 sigaction(SIGPROF, &saved_sigprof_action, nullptr));
1344 #endif // GTEST_OS_LINUX
1345
1346 GTEST_DEATH_TEST_CHECK_(child_pid != -1);
1347 return child_pid;
1348 }
1349
1350 // The AssumeRole process for a fork-and-exec death test. It re-executes the
1351 // main program from the beginning, setting the --gtest_filter
1352 // and --gtest_internal_run_death_test flags to cause only the current
1353 // death test to be re-run.
AssumeRole()1354 DeathTest::TestRole ExecDeathTest::AssumeRole() {
1355 const UnitTestImpl* const impl = GetUnitTestImpl();
1356 const InternalRunDeathTestFlag* const flag =
1357 impl->internal_run_death_test_flag();
1358 const TestInfo* const info = impl->current_test_info();
1359 const int death_test_index = info->result()->death_test_count();
1360
1361 if (flag != nullptr) {
1362 set_write_fd(flag->write_fd());
1363 return EXECUTE_TEST;
1364 }
1365
1366 int pipe_fd[2];
1367 GTEST_DEATH_TEST_CHECK_(pipe(pipe_fd) != -1);
1368 // Clear the close-on-exec flag on the write end of the pipe, lest
1369 // it be closed when the child process does an exec:
1370 GTEST_DEATH_TEST_CHECK_(fcntl(pipe_fd[1], F_SETFD, 0) != -1);
1371
1372 const std::string filter_flag = std::string("--") + GTEST_FLAG_PREFIX_ +
1373 "filter=" + info->test_suite_name() + "." +
1374 info->name();
1375 const std::string internal_flag = std::string("--") + GTEST_FLAG_PREFIX_ +
1376 "internal_run_death_test=" + file_ + "|" +
1377 StreamableToString(line_) + "|" +
1378 StreamableToString(death_test_index) + "|" +
1379 StreamableToString(pipe_fd[1]);
1380 std::vector<std::string> args = GetArgvsForDeathTestChildProcess();
1381 args.push_back(filter_flag);
1382 args.push_back(internal_flag);
1383
1384 DeathTest::set_last_death_test_message("");
1385
1386 CaptureStderr();
1387 // See the comment in NoExecDeathTest::AssumeRole for why the next line
1388 // is necessary.
1389 FlushInfoLog();
1390
1391 std::vector<char*> argv = CreateArgvFromArgs(args);
1392 const pid_t child_pid = ExecDeathTestSpawnChild(argv.data(), pipe_fd[0]);
1393 GTEST_DEATH_TEST_CHECK_SYSCALL_(close(pipe_fd[1]));
1394 set_child_pid(child_pid);
1395 set_read_fd(pipe_fd[0]);
1396 set_spawned(true);
1397 return OVERSEE_TEST;
1398 }
1399
1400 #endif // !GTEST_OS_WINDOWS
1401
1402 // Creates a concrete DeathTest-derived class that depends on the
1403 // --gtest_death_test_style flag, and sets the pointer pointed to
1404 // by the "test" argument to its address. If the test should be
1405 // skipped, sets that pointer to NULL. Returns true, unless the
1406 // flag is set to an invalid value.
Create(const char * statement,Matcher<const std::string &> matcher,const char * file,int line,DeathTest ** test)1407 bool DefaultDeathTestFactory::Create(const char* statement,
1408 Matcher<const std::string&> matcher,
1409 const char* file, int line,
1410 DeathTest** test) {
1411 UnitTestImpl* const impl = GetUnitTestImpl();
1412 const InternalRunDeathTestFlag* const flag =
1413 impl->internal_run_death_test_flag();
1414 const int death_test_index =
1415 impl->current_test_info()->increment_death_test_count();
1416
1417 if (flag != nullptr) {
1418 if (death_test_index > flag->index()) {
1419 DeathTest::set_last_death_test_message(
1420 "Death test count (" + StreamableToString(death_test_index) +
1421 ") somehow exceeded expected maximum (" +
1422 StreamableToString(flag->index()) + ")");
1423 return false;
1424 }
1425
1426 if (!(flag->file() == file && flag->line() == line &&
1427 flag->index() == death_test_index)) {
1428 *test = nullptr;
1429 return true;
1430 }
1431 }
1432
1433 #ifdef GTEST_OS_WINDOWS
1434
1435 if (GTEST_FLAG_GET(death_test_style) == "threadsafe" ||
1436 GTEST_FLAG_GET(death_test_style) == "fast") {
1437 *test = new WindowsDeathTest(statement, std::move(matcher), file, line);
1438 }
1439
1440 #elif defined(GTEST_OS_FUCHSIA)
1441
1442 if (GTEST_FLAG_GET(death_test_style) == "threadsafe" ||
1443 GTEST_FLAG_GET(death_test_style) == "fast") {
1444 *test = new FuchsiaDeathTest(statement, std::move(matcher), file, line);
1445 }
1446
1447 #else
1448
1449 if (GTEST_FLAG_GET(death_test_style) == "threadsafe") {
1450 *test = new ExecDeathTest(statement, std::move(matcher), file, line);
1451 } else if (GTEST_FLAG_GET(death_test_style) == "fast") {
1452 *test = new NoExecDeathTest(statement, std::move(matcher));
1453 }
1454
1455 #endif // GTEST_OS_WINDOWS
1456
1457 else { // NOLINT - this is more readable than unbalanced brackets inside #if.
1458 DeathTest::set_last_death_test_message("Unknown death test style \"" +
1459 GTEST_FLAG_GET(death_test_style) +
1460 "\" encountered");
1461 return false;
1462 }
1463
1464 return true;
1465 }
1466
1467 #ifdef GTEST_OS_WINDOWS
1468 // Recreates the pipe and event handles from the provided parameters,
1469 // signals the event, and returns a file descriptor wrapped around the pipe
1470 // handle. This function is called in the child process only.
GetStatusFileDescriptor(unsigned int parent_process_id,size_t write_handle_as_size_t,size_t event_handle_as_size_t)1471 static int GetStatusFileDescriptor(unsigned int parent_process_id,
1472 size_t write_handle_as_size_t,
1473 size_t event_handle_as_size_t) {
1474 AutoHandle parent_process_handle(::OpenProcess(PROCESS_DUP_HANDLE,
1475 FALSE, // Non-inheritable.
1476 parent_process_id));
1477 if (parent_process_handle.Get() == INVALID_HANDLE_VALUE) {
1478 DeathTestAbort("Unable to open parent process " +
1479 StreamableToString(parent_process_id));
1480 }
1481
1482 GTEST_CHECK_(sizeof(HANDLE) <= sizeof(size_t));
1483
1484 const HANDLE write_handle = reinterpret_cast<HANDLE>(write_handle_as_size_t);
1485 HANDLE dup_write_handle;
1486
1487 // The newly initialized handle is accessible only in the parent
1488 // process. To obtain one accessible within the child, we need to use
1489 // DuplicateHandle.
1490 if (!::DuplicateHandle(parent_process_handle.Get(), write_handle,
1491 ::GetCurrentProcess(), &dup_write_handle,
1492 0x0, // Requested privileges ignored since
1493 // DUPLICATE_SAME_ACCESS is used.
1494 FALSE, // Request non-inheritable handler.
1495 DUPLICATE_SAME_ACCESS)) {
1496 DeathTestAbort("Unable to duplicate the pipe handle " +
1497 StreamableToString(write_handle_as_size_t) +
1498 " from the parent process " +
1499 StreamableToString(parent_process_id));
1500 }
1501
1502 const HANDLE event_handle = reinterpret_cast<HANDLE>(event_handle_as_size_t);
1503 HANDLE dup_event_handle;
1504
1505 if (!::DuplicateHandle(parent_process_handle.Get(), event_handle,
1506 ::GetCurrentProcess(), &dup_event_handle, 0x0, FALSE,
1507 DUPLICATE_SAME_ACCESS)) {
1508 DeathTestAbort("Unable to duplicate the event handle " +
1509 StreamableToString(event_handle_as_size_t) +
1510 " from the parent process " +
1511 StreamableToString(parent_process_id));
1512 }
1513
1514 const int write_fd =
1515 ::_open_osfhandle(reinterpret_cast<intptr_t>(dup_write_handle), O_APPEND);
1516 if (write_fd == -1) {
1517 DeathTestAbort("Unable to convert pipe handle " +
1518 StreamableToString(write_handle_as_size_t) +
1519 " to a file descriptor");
1520 }
1521
1522 // Signals the parent that the write end of the pipe has been acquired
1523 // so the parent can release its own write end.
1524 ::SetEvent(dup_event_handle);
1525
1526 return write_fd;
1527 }
1528 #endif // GTEST_OS_WINDOWS
1529
1530 // Returns a newly created InternalRunDeathTestFlag object with fields
1531 // initialized from the GTEST_FLAG(internal_run_death_test) flag if
1532 // the flag is specified; otherwise returns NULL.
ParseInternalRunDeathTestFlag()1533 InternalRunDeathTestFlag* ParseInternalRunDeathTestFlag() {
1534 if (GTEST_FLAG_GET(internal_run_death_test).empty()) return nullptr;
1535
1536 // GTEST_HAS_DEATH_TEST implies that we have ::std::string, so we
1537 // can use it here.
1538 int line = -1;
1539 int index = -1;
1540 ::std::vector< ::std::string> fields;
1541 SplitString(GTEST_FLAG_GET(internal_run_death_test), '|', &fields);
1542 int write_fd = -1;
1543
1544 #ifdef GTEST_OS_WINDOWS
1545
1546 unsigned int parent_process_id = 0;
1547 size_t write_handle_as_size_t = 0;
1548 size_t event_handle_as_size_t = 0;
1549
1550 if (fields.size() != 6 || !ParseNaturalNumber(fields[1], &line) ||
1551 !ParseNaturalNumber(fields[2], &index) ||
1552 !ParseNaturalNumber(fields[3], &parent_process_id) ||
1553 !ParseNaturalNumber(fields[4], &write_handle_as_size_t) ||
1554 !ParseNaturalNumber(fields[5], &event_handle_as_size_t)) {
1555 DeathTestAbort("Bad --gtest_internal_run_death_test flag: " +
1556 GTEST_FLAG_GET(internal_run_death_test));
1557 }
1558 write_fd = GetStatusFileDescriptor(parent_process_id, write_handle_as_size_t,
1559 event_handle_as_size_t);
1560
1561 #elif defined(GTEST_OS_FUCHSIA)
1562
1563 if (fields.size() != 3 || !ParseNaturalNumber(fields[1], &line) ||
1564 !ParseNaturalNumber(fields[2], &index)) {
1565 DeathTestAbort("Bad --gtest_internal_run_death_test flag: " +
1566 GTEST_FLAG_GET(internal_run_death_test));
1567 }
1568
1569 #else
1570
1571 if (fields.size() != 4 || !ParseNaturalNumber(fields[1], &line) ||
1572 !ParseNaturalNumber(fields[2], &index) ||
1573 !ParseNaturalNumber(fields[3], &write_fd)) {
1574 DeathTestAbort("Bad --gtest_internal_run_death_test flag: " +
1575 GTEST_FLAG_GET(internal_run_death_test));
1576 }
1577
1578 #endif // GTEST_OS_WINDOWS
1579
1580 return new InternalRunDeathTestFlag(fields[0], line, index, write_fd);
1581 }
1582
1583 } // namespace internal
1584
1585 #endif // GTEST_HAS_DEATH_TEST
1586
1587 } // namespace testing
1588