WhatToTest - nativeclient - Suggestions for how to test Native Client

Updated Oct 06, 2009 by kat...@google.com
Labels:	Featured

WhatToTest

Suggestions for how to test Native Client

First things first

Follow the steps in the Getting Started guide.
Browse the rest of the documentation.
Read the research paper (PDF).

Please try these

Run all the examples and tests.
Build Native Client from scratch.
Build Quake and XaoS for Native Client; run them. For more information, see the examples and tests page.

For even more fun

Try NativeClientInGoogleChrome.
Pick something from the Ideas page.
Port existing open-source packages to run as Native Client module components.
Write new Native Client modules that use Native Client's reduced system call interface, NPAPI, and SRPC to communicate with the browser.
Defeat the Native Client sandbox. Can you create a Native Client module that creates a file in the local file system, makes a network connection that subverts browser domain restrictions, or directly executes a system call? Exploits using sel_ldr from the command line or from the browser plug-in are both of interest. Don't use the -d debug flag — that would be too easy!

Some specific areas to explore:
The inner sandbox - A defect in our decoder table or validation logic could make it possible for the validator to miss a system call instruction or other disallowed instruction that could then break out of the sandbox.
The outer sandbox - If the inner sandbox were ever compromised, the outer sandbox provides a second line of defense to limit file system and networking system calls. This sandbox isn't ready yet so you can't really break out.
Hardware errata - Can you write a program that causes segmented memory protection to fail, or control transfer to the wrong address? Can you write a program that causes the machine to hang? These are all things Native Client needs to prevent.
Service runtime binary loader - Can you create a Native Client module that causes the service runtime to fail in such a way that it can be exploited?
Service runtime trampoline/springboard mechanisms - Can you create a Native Client module that causes the trampoline or springboard to fail? The result might be a control transfer to an unsafe instruction, unintended exposure of the trusted stack, or a browser crash or hang.
IMC (inter-module communication) interface - Can you find a defect in the IMC interface that allows you to cause some unintended side-effect outside of the Native Client module?
NPAPI interface - Can you find a defect in our NPAPI implementation that allows you to cause some unintended side-effect outside of the Native Client module?

Comment by wowkrash, Dec 09, 2008

Downloaded the Linux version. Tried the "earth" test, and got the following:

[~/nacl/googleclient/native_client/tests/earth] pwd /home/XXX/nacl/googleclient/native_client/tests/earth [~/nacl/googleclient/native_client/tests/earth] python -V Python 2.4.3 [~/nacl/googleclient/native_client/tests/earth] ./run.py Launching sel_ldr at /home/XXX/nacl/googleclient/native_client/scons-out/dbg-linux/staging/sel_ldr Using executable at /home/XXX/nacl/googleclient/native_client/scons-out/nacl/staging/earth.nexe Args: '-m8'? /home/XXX/nacl/googleclient/native_client/scons-out/dbg-linux/staging/sel_ldr: error while loading shared libraries: libssl.so.0.9.8: cannot open shared object file: No such file or directory

I looked to see if there was a libssl on my system, and there are several:

/lib/libssl.so.0.9.8b /lib/libssl.so.6 /opt/google-earth/libssl.so.0.9.8 /usr/lib/libssl.so /usr/local/ssl/lib/libssl.a

Is there some trick I am missing?

Comment by Roussel.Geoffrey, Dec 09, 2008

/opt/google-earth ? as it looks like it is linked to this library, try to set LD_LIBRARY_PATH to /opt/google-earth, ... if this doesn' t work, you can try to symlink your system installed version 0.9.8b to 0.9.8

Comment by Wiktor.Dolecki, Dec 09, 2008

I've tested it on openSuse11 + ff3.

Standalone nacl works fine. Firefox plugin behaves somewhat randomly it can crash ff, display black rectangle or work, but I can't tell why. I've run: voronoi, earth and quake.

Comment by Roussel.Geoffrey, Dec 13, 2008

Why is the XaoS demo so slow(windowsXP/Chrome & Firefox)? Works fine otherwise, but becomes unresponsive sometimes for some reason.

Comment by wimasevanda, Apr 01, 2009

I found this error while Build Native Client from scratch.

C:\ISO\nacl\googleclient\native_client>scons.bat --mode=most scons: Reading SConscript files ... Warning: Unable to load win32file module; using copy instead of hard linking for

env.Install(). Is pywin32 present?

Building nexe binaries using sdk at [C:\ISO\nacl\googleclient\third_party\nacl_s dk\windows\sdk\nacl-sdk]

SDL build enabled, this is somewhat experimental Using version in C:\ISO\nacl\googleclient\native_client/../third_party/sdl/win/v 1_2_13

scons: done reading SConscript files. scons: Building targets ... Install file: "tests\contest_issues\ issue42 .html" as "scons-out\nacl\staging\iss ue42.html" Install file: "tests\contest_issues\ issue44 .html" as "scons-out\nacl\staging\iss ue44.html" Install file: "tests\contest_issues\ issue45 .html" as "scons-out\nacl\staging\iss ue45.html" Install file: "tests\contest_issues\ issue52 .html" as "scons-out\nacl\staging\iss ue52.html" Install file: "tests\contest_issues\ issue53 .html" as "scons-out\nacl\staging\iss ue53.html" Compiling scons-out\nacl\obj\tests\contest_issues\ issue52 .o Compiling scons-out\nacl\obj\tools\libsrpc\accept_loop.o Compiling scons-out\nacl\obj\tools\libsrpc\imc_buffer.o Compiling scons-out\nacl\obj\tools\libsrpc\invoke.o Compiling scons-out\nacl\obj\tools\libsrpc\main.o Compiling scons-out\nacl\obj\tools\libsrpc\nacl_srpc.o Compiling scons-out\nacl\obj\tools\libsrpc\rpc_interface_desc.o Compiling scons-out\nacl\obj\tools\libsrpc\rpc_main.o Compiling scons-out\nacl\obj\tools\libsrpc\rpc_serialize.o Compiling scons-out\nacl\obj\tools\libsrpc\rpc_server_loop.o Compiling scons-out\nacl\obj\tools\libsrpc\rpc_type_check.o Compiling scons-out\nacl\obj\tools\libsrpc\rpc_universal.o Compiling scons-out\nacl\obj\tools\libsrpc\utility.o Creating library scons-out\nacl\obj\tools\libsrpc\libsrpc.a Install file: "scons-out\nacl\obj\tools\libsrpc\libsrpc.a" as "scons-out\nacl\li b\libsrpc.a" Compiling scons-out\nacl\obj\tools\nc_threads\nc_thread.o Compiling scons-out\nacl\obj\tools\nc_threads\nc_mutex.o Compiling scons-out\nacl\obj\tools\nc_threads\nc_condvar.o Compiling scons-out\nacl\obj\tools\nc_threads\nc_semaphore.o Compiling scons-out\nacl\obj\tools\nc_threads\nc_hash.o Assembling scons-out\nacl\obj\tools\nc_threads\nacl_mutex.o Creating library scons-out\nacl\obj\tools\nc_threads\libpthread.a Install file: "scons-out\nacl\obj\tools\nc_threads\libpthread.a" as "scons-out\n acl\lib\libpthread.a" Linking scons-out\nacl\obj\tests\contest_issues\ issue52 .nexe Install file: "scons-out\nacl\obj\tests\contest_issues\ issue52 .nexe" as "scons-o ut\nacl\staging\ issue52 .nexe" Install file: "tests\contest_issues\ issue54 .html" as "scons-out\nacl\staging\iss ue54.html" Install file: "tests\contest_issues\ issue55 .html" as "scons-out\nacl\staging\iss ue55.html" Compiling scons-out\nacl\obj\tests\contest_issues\ issue55 .o Linking scons-out\nacl\obj\tests\contest_issues\ issue55 .nexe Install file: "scons-out\nacl\obj\tests\contest_issues\ issue55 .nexe" as "scons-o ut\nacl\staging\ issue55 .nexe" Install file: "tests\contest_issues\ issue57 .html" as "scons-out\nacl\staging\iss ue57.html" Install file: "tests\contest_issues\ issue58 .html" as "scons-out\nacl\staging\iss ue58.html" Install file: "tests\contest_issues\ issue62 .html" as "scons-out\nacl\staging\iss ue62.html" Install file: "tests\contest_issues\ issue63 .html" as "scons-out\nacl\staging\iss ue63.html" Install file: "tests\contest_issues\contest_issue_index.html" as "scons-out\nacl \staging\contest_issue_index.html" Install file: "tests\many\many3.html" as "scons-out\nacl\staging\many3.html" Install file: "tests\many\many9.html" as "scons-out\nacl\staging\many9.html" Install file: "tests\many\many18.html" as "scons-out\nacl\staging\many18.html" Install file: "tests\many\many36.html" as "scons-out\nacl\staging\many36.html" Install file: "tests\many\mix.html" as "scons-out\nacl\staging\mix.html" Compiling scons-out\dbg-win\obj\tests\npapi_bridge\base_object.obj Command line warning D4002 : ignoring unknown option '/RTC1' base_object.cc tests\npapi_bridge\base_object.cc(42) : error C2562: 'Invalidate' : 'void' funct ion returning a value

tests\npapi_bridge\base_object.cc(41) : see declaration of 'Invalidate'

tests\npapi_bridge\base_object.cc(86) : error C2039: 'AllocateScriptablePluginOb? ject' : is not a member of '`global namespace'' tests\npapi_bridge\base_object.cc(87) : error C2039: 'Deallocate' : is not a mem ber of '`global namespace'' tests\npapi_bridge\base_object.cc(88) : error C2039: 'Invalidate' : is not a mem ber of '`global namespace'' tests\npapi_bridge\base_object.cc(88) : error C2440: 'initializing' : cannot con vert from 'void (thiscall BaseObject?::)(void)' to 'void (cdecl )(struct NP Object )'
There is no context in which this conversion is possible
tests\npapi_bridge\base_object.cc(89) : error C2039: 'HasMethod?' : is not a memb er of '`global namespace'' tests\npapi_bridge\base_object.cc(89) : error C2440: 'initializing' : cannot con vert from 'bool (thiscall ScriptablePluginObject?::)(void )' to 'void (cdec l )(struct NPObject )'
There is no context in which this conversion is possible
tests\npapi_bridge\base_object.cc(90) : error C2039: 'Invoke' : is not a member of '`global namespace'' tests\npapi_bridge\base_object.cc(90) : error C2440: 'initializing' : cannot con vert from 'bool (thiscall ScriptablePluginObject?::)(void ,const struct NPVa riant ,unsigned int,struct NPVariant )' to 'void (cdecl )(struct NPObject )'
There is no context in which this conversion is possible
tests\npapi_bridge\base_object.cc(91) : error C2039: 'InvokeDefault?' : is not a member of '`global namespace'' tests\npapi_bridge\base_object.cc(91) : error C2440: 'initializing' : cannot con vert from 'bool (thiscall BaseObject?::)(const struct NPVariant ,unsigned in t,struct NPVariant )' to 'void (cdecl )(struct NPObject )'

There is no context in which this conversion is possible

tests\npapi_bridge\base_object.cc(92) : error C2039: 'HasProperty?' : is not a me mber of '`global namespace'' tests\npapi_bridge\base_object.cc(92) : error C2440: 'initializing' : cannot con vert from 'bool (thiscall ScriptablePluginObject?::)(void )' to 'void (cdec l )(struct NPObject )'

There is no context in which this conversion is possible

tests\npapi_bridge\base_object.cc(93) : error C2039: 'GetProperty?' : is not a me mber of '`global namespace'' tests\npapi_bridge\base_object.cc(93) : error C2440: 'initializing' : cannot con vert from 'bool (thiscall ScriptablePluginObject?::)(void ,struct NPVariant )' to 'void (cdecl )(struct NPObject )'
There is no context in which this conversion is possible
tests\npapi_bridge\base_object.cc(94) : error C2039: 'SetProperty?' : is not a me mber of '`global namespace'' tests\npapi_bridge\base_object.cc(94) : error C2440: 'initializing' : cannot con vert from 'bool (thiscall BaseObject?::)(void ,const struct NPVariant )' to

'void (cdecl )(struct NPObject )'
There is no context in which this conversion is possible

tests\npapi_bridge\base_object.cc(95) : error C2039: 'RemoveProperty?' : is not a

member of '`global namespace''

tests\npapi_bridge\base_object.cc(96) : error C2440: 'initializing' : cannot con vert from 'bool (thiscall BaseObject?::)(void )' to 'void (cdecl )(struct NPObject )'

There is no context in which this conversion is possible

scons: scons-out\dbg-win\obj\tests\npapi_bridge\base_object.obj? Error 2 scons: building terminated because of errors.

Comment by shashank7android, Apr 25, 2009

Nacl not supporting google chrome