tests/queue-test.cc - 3p/cheriot-rtos - Git at Google

 // Copyright Microsoft and CHERIoT Contributors.
 // SPDX-License-Identifier: MIT

 #include "compartment.h"
 #include "token.h"
 #include <cstdlib>
 #define TEST_NAME "MessageQueue"
 #include "tests.hh"
 #include <FreeRTOS-Compat/queue.h>
 #include <debug.hh>
 #include <errno.h>
 #include <queue.h>
 #include <timeout.h>

 static constexpr size_t ItemSize                    = 8;
 static constexpr size_t MaxItems                    = 2;
 static constexpr char   Message[MaxItems][ItemSize] = {"TstMsg0", "TstMsg1"};

 extern "C" ErrorRecoveryBehaviour
 compartment_error_handler(ErrorState *frame, size_t mcause, size_t mtval)
 {
 	debug_log("Thread {} error handler invoked with mcause {}.  PCC: {}",
 	          thread_id_get(),
 	          mcause,
 	          frame->pcc);
 	return ErrorRecoveryBehaviour::ForceUnwind;
 }

 void test_queue_unsealed()
 {
 	char                 bytes[ItemSize];
 	static MessageQueue *queue;
 	Timeout              timeout{0, 0};
 	debug_log("Testing queue send operations");
 	auto checkSpace = [&](size_t         expected,
 	                      SourceLocation loc = SourceLocation::current()) {
 		size_t items;
 		queue_items_remaining(queue, &items);
 		TEST(items == expected,
 		     "MessageQueue test line {} reports {} items, should contain {}",
 		     loc.line(),
 		     items,
 		     expected);
 	};
 	int rv =
 	  queue_create(&timeout, MALLOC_CAPABILITY, &queue, ItemSize, MaxItems);
 	TEST(queue->elementSize == ItemSize,
 	     "MessageQueue element size is {}, expected {}",
 	     queue->elementSize,
 	     ItemSize);
 	TEST(queue->queueSize == MaxItems,
 	     "MessageQueue size is {}, expected {}",
 	     queue->queueSize,
 	     MaxItems);
 	TEST(rv == 0, "MessageQueue creation failed with {}", rv);
 	rv = queue_send(&timeout, queue, Message[0]);
 	checkSpace(1);
 	TEST(rv == 0, "Sending the first message failed with {}", rv);
 	checkSpace(1);
 	rv = queue_send(&timeout, queue, Message[1]);
 	TEST(rv == 0, "Sending the second message failed with {}", rv);
 	checkSpace(2);
 	// MessageQueue is full, it should time out.
 	timeout.remaining = 5;
 	rv                = queue_send(&timeout, queue, Message[1]);
 	TEST(rv == -ETIMEDOUT,
 	     "Sending to a full queue didn't time out as expected, returned {}",
 	     rv);
 	checkSpace(2);
 	debug_log("Testing queue receive operations");
 	timeout.remaining = 10;
 	rv                = queue_receive(&timeout, queue, bytes);
 	TEST(rv == 0, "Receiving the first message failed with {}", rv);
 	TEST(memcmp(Message[0], bytes, ItemSize) == 0,
 	     "First message received but not as expected. Got {}",
 	     bytes);
 	checkSpace(1);
 	rv = queue_receive(&timeout, queue, bytes);
 	TEST(rv == 0, "Receiving the second message failed with {}", rv);
 	TEST(memcmp(Message[1], bytes, ItemSize) == 0,
 	     "Second message received but not as expected. Got {}",
 	     bytes);
 	checkSpace(0);
 	timeout.remaining = 5;
 	rv                = queue_receive(&timeout, queue, bytes);
 	TEST(
 	  rv == -ETIMEDOUT,
 	  "Receiving from an empty queue didn't time out as expected, returned {}",
 	  rv);
 	// Check that the items remaining calculations are correct after overflow.
 	queue_send(&timeout, queue, Message[1]);
 	checkSpace(1);
 	queue_receive(&timeout, queue, bytes);
 	checkSpace(0);
 	queue_send(&timeout, queue, Message[1]);
 	checkSpace(1);
 	queue_receive(&timeout, queue, bytes);
 	checkSpace(0);
 	rv = queue_destroy(MALLOC_CAPABILITY, queue);
 	TEST(rv == 0, "MessageQueue deletion failed with {}", rv);
 	debug_log("All queue library tests successful");
 }

 void test_queue_sealed()
 {
 	auto    heapSpace = heap_quota_remaining(MALLOC_CAPABILITY);
 	Timeout t{1};
 	SObj    receiveHandle;
 	SObj    sendHandle;
 	SObj    queue;
 	char    bytes[ItemSize];
 	int     ret =
 	  queue_create_sealed(&t, MALLOC_CAPABILITY, &queue, ItemSize, MaxItems);
 	TEST(ret == 0, "MessageQueue creation failed with {}", ret);
 	ret = queue_receive_handle_create_sealed(
 	  &t, MALLOC_CAPABILITY, queue, &receiveHandle);
 	TEST(
 	  ret == 0, "MessageQueue receive endpoint creation failed with {}", ret);
 	ret = queue_send_handle_create_sealed(
 	  &t, MALLOC_CAPABILITY, queue, &sendHandle);
 	TEST(ret == 0, "MessageQueue send endpoint creation failed with {}", ret);

 	t   = UnlimitedTimeout;
 	ret = queue_send_sealed(&t, receiveHandle, Message[1]);
 	TEST(
 	  ret == -EINVAL,
 	  "Sending with a receive handle should return -EINVAL ({}), returned {}",
 	  EINVAL,
 	  ret);
 	ret = queue_receive_sealed(&t, sendHandle, bytes);
 	TEST(
 	  ret == -EINVAL,
 	  "Sending with a receive handle should return -EINVAL ({}), returned {}",
 	  EINVAL,
 	  ret);

 	ret = queue_send_sealed(&t, sendHandle, Message[1] + 1);
 	TEST(ret == -EPERM,
 	     "Sending with short buffer should return -EPERM ({}), returned {}",
 	     EPERM,
 	     ret);
 	ret = queue_send_sealed(&t, sendHandle, Message[1]);
 	TEST(
 	  ret == 0, "Sending with valid buffer should return 0, returned {}", ret);
 	ret = queue_receive_sealed(&t, receiveHandle, bytes + 1);
 	TEST(ret == -EPERM,
 	     "Receiving with short buffer should return -EPERM ({}), returned {}",
 	     EPERM,
 	     ret);
 	size_t items;
 	ret = queue_items_remaining_sealed(receiveHandle, &items);
 	TEST(ret == 0, "Getting items remaining should return 0, returned {}", ret);
 	TEST(items == 1, "Items remaining should be 1, is {}", items);
 	ret = queue_items_remaining_sealed(sendHandle, &items);
 	TEST(ret == 0, "Getting items remaining should return 0, returned {}", ret);
 	TEST(items == 1, "Items remaining should be 1, is {}", items);
 	ret = queue_receive_sealed(&t, receiveHandle, bytes);
 	TEST(ret == 0,
 	     "Receiving with valid buffer should return 0, returned {}",
 	     ret);

 	// Put something in the queue before we delete the send handle.
 	ret = queue_send_sealed(&t, sendHandle, Message[1]);
 	TEST(
 	  ret == 0, "Sending with valid buffer should return 0, returned {}", ret);

 	t   = 1;
 	ret = queue_destroy_sealed(&t, MALLOC_CAPABILITY, sendHandle);
 	TEST(ret == 0, "MessageQueue send destruction failed with {}", ret);

 	t   = 1;
 	ret = queue_destroy_sealed(&t, MALLOC_CAPABILITY, receiveHandle);
 	TEST(ret == 0, "MessageQueue receive destruction failed with {}", ret);

 	ret = queue_destroy_sealed(&t, MALLOC_CAPABILITY, queue);
 	TEST(ret == 0, "MessageQueue destruction failed with {}", ret);

 	TEST(heap_quota_remaining(MALLOC_CAPABILITY) == heapSpace,
 	     "Heap space leaked");
 	debug_log("All queue compartment tests successful");
 }

 void test_queue_freertos()
 {
 	debug_log("Testing FreeRTOS queues");
 	auto quotaBegin    = heap_quota_remaining(MALLOC_CAPABILITY);
 	auto freertosQueue = xQueueCreate(10, sizeof(int));
 	vQueueDelete(freertosQueue);
 	auto quotaEnd = heap_quota_remaining(MALLOC_CAPABILITY);
 	TEST(
 	  quotaBegin == quotaEnd,
 	  "The FreeRTOS queue wrapper leaks memory: quota before is {}, after {}",
 	  quotaBegin,
 	  quotaEnd);
 	debug_log("All FreeRTOS queue tests successful");
 }

 int test_queue()
 {
 	test_queue_unsealed();
 	test_queue_sealed();
 	test_queue_freertos();
 	debug_log("All queue tests successful");
 	return 0;
 }
	// Copyright Microsoft and CHERIoT Contributors.
	// SPDX-License-Identifier: MIT

	#include "compartment.h"
	#include "token.h"
	#include <cstdlib>
	#define TEST_NAME "MessageQueue"
	#include "tests.hh"
	#include <FreeRTOS-Compat/queue.h>
	#include <debug.hh>
	#include <errno.h>
	#include <queue.h>
	#include <timeout.h>

	static constexpr size_t ItemSize = 8;
	static constexpr size_t MaxItems = 2;
	static constexpr char Message[MaxItems][ItemSize] = {"TstMsg0", "TstMsg1"};

	extern "C" ErrorRecoveryBehaviour
	compartment_error_handler(ErrorState *frame, size_t mcause, size_t mtval)
	{
	debug_log("Thread {} error handler invoked with mcause {}. PCC: {}",
	thread_id_get(),
	mcause,
	frame->pcc);
	return ErrorRecoveryBehaviour::ForceUnwind;
	}

	void test_queue_unsealed()
	{
	char bytes[ItemSize];
	static MessageQueue *queue;
	Timeout timeout{0, 0};
	debug_log("Testing queue send operations");
	auto checkSpace = [&](size_t expected,
	SourceLocation loc = SourceLocation::current()) {
	size_t items;
	queue_items_remaining(queue, &items);
	TEST(items == expected,
	"MessageQueue test line {} reports {} items, should contain {}",
	loc.line(),
	items,
	expected);
	};
	int rv =
	queue_create(&timeout, MALLOC_CAPABILITY, &queue, ItemSize, MaxItems);
	TEST(queue->elementSize == ItemSize,
	"MessageQueue element size is {}, expected {}",
	queue->elementSize,
	ItemSize);
	TEST(queue->queueSize == MaxItems,
	"MessageQueue size is {}, expected {}",
	queue->queueSize,
	MaxItems);
	TEST(rv == 0, "MessageQueue creation failed with {}", rv);
	rv = queue_send(&timeout, queue, Message[0]);
	checkSpace(1);
	TEST(rv == 0, "Sending the first message failed with {}", rv);
	checkSpace(1);
	rv = queue_send(&timeout, queue, Message[1]);
	TEST(rv == 0, "Sending the second message failed with {}", rv);
	checkSpace(2);
	// MessageQueue is full, it should time out.
	timeout.remaining = 5;
	rv = queue_send(&timeout, queue, Message[1]);
	TEST(rv == -ETIMEDOUT,
	"Sending to a full queue didn't time out as expected, returned {}",
	rv);
	checkSpace(2);
	debug_log("Testing queue receive operations");
	timeout.remaining = 10;
	rv = queue_receive(&timeout, queue, bytes);
	TEST(rv == 0, "Receiving the first message failed with {}", rv);
	TEST(memcmp(Message[0], bytes, ItemSize) == 0,
	"First message received but not as expected. Got {}",
	bytes);
	checkSpace(1);
	rv = queue_receive(&timeout, queue, bytes);
	TEST(rv == 0, "Receiving the second message failed with {}", rv);
	TEST(memcmp(Message[1], bytes, ItemSize) == 0,
	"Second message received but not as expected. Got {}",
	bytes);
	checkSpace(0);
	timeout.remaining = 5;
	rv = queue_receive(&timeout, queue, bytes);
	TEST(
	rv == -ETIMEDOUT,
	"Receiving from an empty queue didn't time out as expected, returned {}",
	rv);
	// Check that the items remaining calculations are correct after overflow.
	queue_send(&timeout, queue, Message[1]);
	checkSpace(1);
	queue_receive(&timeout, queue, bytes);
	checkSpace(0);
	queue_send(&timeout, queue, Message[1]);
	checkSpace(1);
	queue_receive(&timeout, queue, bytes);
	checkSpace(0);
	rv = queue_destroy(MALLOC_CAPABILITY, queue);
	TEST(rv == 0, "MessageQueue deletion failed with {}", rv);
	debug_log("All queue library tests successful");
	}

	void test_queue_sealed()
	{
	auto heapSpace = heap_quota_remaining(MALLOC_CAPABILITY);
	Timeout t{1};
	SObj receiveHandle;
	SObj sendHandle;
	SObj queue;
	char bytes[ItemSize];
	int ret =
	queue_create_sealed(&t, MALLOC_CAPABILITY, &queue, ItemSize, MaxItems);
	TEST(ret == 0, "MessageQueue creation failed with {}", ret);
	ret = queue_receive_handle_create_sealed(
	&t, MALLOC_CAPABILITY, queue, &receiveHandle);
	TEST(
	ret == 0, "MessageQueue receive endpoint creation failed with {}", ret);
	ret = queue_send_handle_create_sealed(
	&t, MALLOC_CAPABILITY, queue, &sendHandle);
	TEST(ret == 0, "MessageQueue send endpoint creation failed with {}", ret);

	t = UnlimitedTimeout;
	ret = queue_send_sealed(&t, receiveHandle, Message[1]);
	TEST(
	ret == -EINVAL,
	"Sending with a receive handle should return -EINVAL ({}), returned {}",
	EINVAL,
	ret);
	ret = queue_receive_sealed(&t, sendHandle, bytes);
	TEST(
	ret == -EINVAL,
	"Sending with a receive handle should return -EINVAL ({}), returned {}",
	EINVAL,
	ret);

	ret = queue_send_sealed(&t, sendHandle, Message[1] + 1);
	TEST(ret == -EPERM,
	"Sending with short buffer should return -EPERM ({}), returned {}",
	EPERM,
	ret);
	ret = queue_send_sealed(&t, sendHandle, Message[1]);
	TEST(
	ret == 0, "Sending with valid buffer should return 0, returned {}", ret);
	ret = queue_receive_sealed(&t, receiveHandle, bytes + 1);
	TEST(ret == -EPERM,
	"Receiving with short buffer should return -EPERM ({}), returned {}",
	EPERM,
	ret);
	size_t items;
	ret = queue_items_remaining_sealed(receiveHandle, &items);
	TEST(ret == 0, "Getting items remaining should return 0, returned {}", ret);
	TEST(items == 1, "Items remaining should be 1, is {}", items);
	ret = queue_items_remaining_sealed(sendHandle, &items);
	TEST(ret == 0, "Getting items remaining should return 0, returned {}", ret);
	TEST(items == 1, "Items remaining should be 1, is {}", items);
	ret = queue_receive_sealed(&t, receiveHandle, bytes);
	TEST(ret == 0,
	"Receiving with valid buffer should return 0, returned {}",
	ret);

	// Put something in the queue before we delete the send handle.
	ret = queue_send_sealed(&t, sendHandle, Message[1]);
	TEST(
	ret == 0, "Sending with valid buffer should return 0, returned {}", ret);

	t = 1;
	ret = queue_destroy_sealed(&t, MALLOC_CAPABILITY, sendHandle);
	TEST(ret == 0, "MessageQueue send destruction failed with {}", ret);

	t = 1;
	ret = queue_destroy_sealed(&t, MALLOC_CAPABILITY, receiveHandle);
	TEST(ret == 0, "MessageQueue receive destruction failed with {}", ret);

	ret = queue_destroy_sealed(&t, MALLOC_CAPABILITY, queue);
	TEST(ret == 0, "MessageQueue destruction failed with {}", ret);

	TEST(heap_quota_remaining(MALLOC_CAPABILITY) == heapSpace,
	"Heap space leaked");
	debug_log("All queue compartment tests successful");
	}

	void test_queue_freertos()
	{
	debug_log("Testing FreeRTOS queues");
	auto quotaBegin = heap_quota_remaining(MALLOC_CAPABILITY);
	auto freertosQueue = xQueueCreate(10, sizeof(int));
	vQueueDelete(freertosQueue);
	auto quotaEnd = heap_quota_remaining(MALLOC_CAPABILITY);
	TEST(
	quotaBegin == quotaEnd,
	"The FreeRTOS queue wrapper leaks memory: quota before is {}, after {}",
	quotaBegin,
	quotaEnd);
	debug_log("All FreeRTOS queue tests successful");
	}

	int test_queue()
	{
	test_queue_unsealed();
	test_queue_sealed();
	test_queue_freertos();
	debug_log("All queue tests successful");
	return 0;
	}