# cpp-stub **Repository Path**: mingyang-he/cpp-stub ## Basic Information - **Project Name**: cpp-stub - **Description**: C++ 单元测试打桩 - **Primary Language**: C++ - **License**: MIT - **Default Branch**: master - **Homepage**: https://github.com/coolxv/cpp-stub - **GVP Project**: No ## Statistics - **Stars**: 3 - **Forks**: 18 - **Created**: 2020-11-25 - **Last Updated**: 2023-07-20 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README [中文](README_zh.md)|[English](README.md) # Principle ## Two core points - How to get the original function address (**addr_pri.h**, **addr_any.h**) - How to replace the original function with stub function (**stub.h**) ## Some notes - stub.h(for windows, linux) related methods based on C++98; use inline hook method; mainly completes the function replacement function (reference:[stub](https://github.com/3gguan/stub.git)) - addr_pri.h(for windows, linux) related methods based on C++11; mainly completes the class's private function address acquisition (reference:[access_private](https://github.com/martong/access_private)) - src_linux/addr_any.h(only for linux) related methods based on C++98, use the elfio library to query the symbol table (also use bfd parsing, centos:binutils-devel); mainly complete the arbitrary form function address acquisition (reference:[ELFIO](https://github.com/serge1/ELFIO)、[bfd](https://sourceware.org/binutils/docs/bfd/)) - src_win/addr_any.h(only for windows) related methods based on C++98, use the dbghelp library to query the symbol table of the pdb file (you can also use the pe library to parse the exported symbols); mainly complete the arbitrary form function address acquisition (reference:[symbol-files](https://docs.microsoft.com/zh-cn/windows/desktop/Debug/symbol-files)、[dbghelpexamples](http://www.debuginfo.com/examples/dbghelpexamples.html)、[pelib](http://www.pelib.com/index.php)) - The usage of windows and linux will be slightly different, because the methods for getting different types of function addresses are different, and the calling conventions are sometimes different. - Getting virtual function addresses is complicated.Different compilers have different methods of obtaining(reference: [cxx-abi](https://itanium-cxx-abi.github.io/cxx-abi/abi.html#vtable)) - Supported operating systems : windows,linux - Supported hardware platform : x86,x86-64,arm64,arm32 - Supported compiler : msvc,gcc,clang - Future plans support macOS ## GOT/PLT Hook vs Trap Hook vs Inline Hook | | GOT/PLT Hook | Trap Hook | Inline Hook | | --- | --- | --- | --- | | The implementation principle | Modify Delay Binding Table | SIGTRAP Breakpoint Signal | Runtime Instruction Replacement | | granularity | method level | instruction level | instruction level | | Scopes | Narrow | Wide | Wide | | Performance | High | Low | High | | Difficulty | Medium | Medium | High| - Inline hook ![](pic/inline.png) - GOT/PLT hook ![](pic/pltgot.png) - Trap hook A trap is an exception in a user process. It's caused by division by zero or invalid memory access. It's also the usual way to invoke a kernel routine (a system call) because of those run with a higher priority than user code. [ptrace](https://man7.org/linux/man-pages/man2/ptrace.2.html) [Backtrace](https://www.gnu.org/software/libc/manual/html_node/Backtraces.html) [Signal](https://www.gnu.org/software/libc/manual/html_node/Signal-Handling.html) [Windows SEH](https://docs.microsoft.com/en-us/cpp/cpp/structured-exception-handling-c-cpp?view=vs-2019) [Linux EH](http://wiki.dwarfstd.org/index.php?title=Exception_Handling) [Linux SEH](https://gcc.gnu.org/wiki/WindowsGCCImprovements) [VEH and INT3 for windows](https://gist.github.com/coolxv/713f3cc6d013ad49c1a01804f24036d2) [Signal、Backtrace and INT3 for linux](https://gist.github.com/coolxv/22e92aa307cd9346fb6172385fb23fa8) ## X86/X64 jmp instruction ![](pic/intel.png) ## Aarch32/Aarch64 jmp instruction ![](pic/arm32.png) ![](pic/arm64.png) # Description of the unit test ## Cannot stub - Can't stub the exit function, the compiler has made special optimizations. - Can't stub pure virtual functions, pure virtual functions not have the address. - Can't stub lambda functions, lambda functions not get the address. - Can't stub static functions, static function address is not visible.(You can try to use addr_any.h api.) ## Test double - Dummy objects are passed around but never actually used. Usually they are just used to fill parameter lists. - Fake objects actually have working implementations, but usually take some shortcut which makes them not suitable for production (an InMemoryTestDatabase is a good example). - Spy are stubs that also record some information based on how they were called. One form of this might be an email service that records how many messages it was sent. - Mock are pre-programmed with expectations which form a specification of the calls they are expected to receive. They can throw an exception if they receive a call they don't expect and are checked during verification to ensure they got all the calls they were expecting. - Stub provide canned answers to calls made during the test, usually not responding at all to anything outside what's programmed in for the test. ## Unit test framework - gtest、gmock https://github.com/google/googletest - cppunit https://github.com/epronk/cppunit - catch2 https://github.com/catchorg/Catch2 - Boost.Test https://github.com/boostorg/test - cpputest https://github.com/cpputest/cpputest - doctest https://github.com/onqtam/doctest - kmtest https://github.com/SergiusTheBest/kmtest - trompeloeil https://github.com/rollbear/trompeloeil ## Use Case Auto-generation tool - [RamFuzz](https://github.com/dekimir/RamFuzz) - [api-sanity-checker](https://github.com/lvc/api-sanity-checker) - [deepstate](https://github.com/trailofbits/deepstate) - [Wings](http://www.codewings.net/) - [C++test](https://www.parasoft.com/products/ctest/) ## Unit test compilation option for linux g++ - -fno-access-control - -fno-inline - -Wno-pmf-conversions - -Wl,--allow-multiple-definition - -no-pie -fno-stack-protector - -fprofile-arcs - -ftest-coverage ## Code coverage statistics for linux g++ ``` lcov -d build/ -z lcov -d build/ -b ../../src1 --no-external -rc lcov_branch_coverage=1 -t ut -c -o ut_1.info lcov -d build/ -b ../../src2 --no-external -rc lcov_branch_coverage=1 -t ut -c -o ut_2.info lcov -a ut_1.info -a ut_2.info -o ut.info genhtml -o report/ --prefix=`pwd` --branch-coverage --function-coverage ut.info ``` # Interface description ## stub.h ``` Stub stub stub.set(addr, addr_stub) stub.reset(addr) ``` ## addr_pri.h ``` Declaration: ACCESS_PRIVATE_FIELD(ClassName, TypeName, FieldName) ACCESS_PRIVATE_FUN(ClassName, TypeName, FunName) ACCESS_PRIVATE_STATIC_FIELD(ClassName, TypeName, FieldName) ACCESS_PRIVATE_STATIC_FUN(ClassName, TypeName, FunName) Use: access_private_field::ClassNameFieldName(object); access_private_static_field::ClassName::ClassNameFieldName(); call_private_fun::ClassNameFunName(object,parameters...); call_private_static_fun::ClassName::ClassNameFunName(parameters...); get_private_fun::ClassNameFunName(); get_private_static_fun::ClassName::ClassNameFunName(); ``` ## addr_any.h(linux) ``` AddrAny any //for exe AddrAny any(libname) //for lib int get_local_func_addr_symtab(std::string func_name_regex_str, std::map& result) int get_global_func_addr_symtab(std::string func_name_regex_str, std::map& result) int get_weak_func_addr_symtab(std::string func_name_regex_str, std::map& result) int get_global_func_addr_dynsym( std::string func_name_regex_str, std::map& result) int get_weak_func_addr_dynsym(std::string func_name_regex_str, std::map& result) ``` ## addr_any.h(windows) ``` AddrAny any //for all int get_func_addr(std::string func_name, std::map& result) ``` ## addr_any.h(darwin) ``` not implement ``` # Example of interface usage ## normal function ``` //for linux and windows #include #include "stub.h" using namespace std; int foo(int a) { cout<<"I am foo"< #include #include "stub.h" using namespace std; double average(int num, ...) { va_list valist; double sum = 0.0; int i; va_start(valist, num); for (i = 0; i < num; i++) { sum += va_arg(valist, int); } va_end(valist); cout<<"I am foo"< #include "stub.h" using namespace std; class A{ int i; public: int foo(int a){ cout<<"I am A_foo"< #include "stub.h" using namespace std; class A{ int i; public: static int foo(int a){ cout<<"I am A_foo"< #include "stub.h" using namespace std; class A{ public: template int foo(T a) { cout<<"I am A_foo"< #include "stub.h" using namespace std; class A{ public: template int foo(T a) { cout<<"I am A_foo"< #include "stub.h" using namespace std; class A{ int i; public: int foo(int a){ cout<<"I am A_foo_int"< #include "stub.h" using namespace std; class A{ int i; public: int foo(int a){ cout<<"I am A_foo_int"< #include "stub.h" using namespace std; class A{ public: virtual int foo(int a){ cout<<"I am A_foo"< #include "stub.h" using namespace std; class A { public: virtual int foo(int a) { cout << "I am A_foo" << endl; return 0; } }; class B { public: int foo_stub(int a) { cout << "I am foo_stub" << endl; return 0; } }; int main() { unsigned long addr; _asm {mov eax, A::foo} _asm {mov addr, eax} Stub stub; stub.set(addr, ADDR(B, foo_stub)); A a; a.foo(1); return 0; } ``` ``` //for windows x64, the visual studio compiler does not support inline assembly. There are solutions to search for yourself. https://docs.microsoft.com/en-us/cpp/assembler/inline/inline-assembler?view=vs-2019 ``` ``` //for clang, the clang++ compiler does not support to get virtual function address. ``` ## virtual and overload function ``` //for linux gcc #include #include "stub.h" using namespace std; class A{ int i; public: virtual int foo(int a){ cout<<"I am A_foo"< #include "stub.h" using namespace std; class Foo { public: void operator() (int a) { cout<<"I am foo"< #include "stub.h" using namespace std; class Foo { public: void operator() (int a) { cout<<"I am foo"< #include #include "stub.h" using namespace std; int foo(int a) { printf("I am foo\n"); return 0; } int printf_stub(const char * format, ...) { cout<<"I am printf_stub"< #include #include "stub.h" using namespace std; int foo(int a) { printf("I am foo\n"); return 0; } int printf_stub(const char * format, ...) { cout<<"I am printf_stub"< #include "stub.h" #include "addr_pri.h" using namespace std; class A{ int a; int foo(int x){ cout<<"I am A_foo "<< a << endl; return 0; } static int b; static int bar(int x){ cout<<"I am A_bar "<< b << endl; return 0; } }; ACCESS_PRIVATE_FIELD(A, int, a); ACCESS_PRIVATE_FUN(A, int(int), foo); ACCESS_PRIVATE_STATIC_FIELD(A, int, b); ACCESS_PRIVATE_STATIC_FUN(A, int(int), bar); int foo_stub(void* obj, int x) { A* o= (A*)obj; cout<<"I am foo_stub"< #include "stub.h" using namespace std; class A{ int a; int foo(int x){ cout<<"I am A_foo "<< a << endl; return 0; } static int b; static int bar(int x){ cout<<"I am A_bar "<< b << endl; return 0; } }; ACCESS_PRIVATE_FIELD(A, int, a); ACCESS_PRIVATE_FUN(A, int(int), foo); ACCESS_PRIVATE_STATIC_FIELD(A, int, b); ACCESS_PRIVATE_STATIC_FUN(A, int(int), bar); class B { public: int foo_stub(int x) { cout << "I am foo_stub" << endl; return 0; } }; int bar_stub(int x) { cout<<"I am bar_stub"< #include #include "stub.h" #include "addr_any.h" //This static function can be in another file or in another dynamic library, needed -g -O0 compile static int foo() { printf("I am foo\n"); return 0; } int foo_stub() { std::cout << "I am foo_stub" << std::endl; return 0; } int printf_stub(const char * format, ...) { std::cout<< "I am printf_stub" << std::endl; return 0; } int main(int argc, char **argv) { //Get application static function address { AddrAny any; std::map result; any.get_local_func_addr_symtab("^foo()$", result); foo(); Stub stub; std::map::iterator it; for (it=result.begin(); it!=result.end(); ++it) { stub.set(it->second ,foo_stub); std::cout << it->first << " => " << it->second << std::endl; } foo(); } //Get dynamic library static function address { AddrAny any("libc-2.27.so");// cat /proc/pid/maps std::map result; #ifdef __clang__ any.get_global_func_addr_dynsym("^printf$", result); #else any.get_weak_func_addr_dynsym("^puts", result); #endif foo(); Stub stub; std::map::iterator it; for (it=result.begin(); it!=result.end(); ++it) { stub.set(it->second ,printf_stub); std::cout << it->first << " => " << it->second << std::endl; } foo(); } return 0; } ``` ``` //for windows #include #include #include "stub.h" #include "addr_any.h" using namespace std; static int foo() { printf("I am foo\n"); return 0; } int foo_stub() { std::cout << "I am foo_stub" << std::endl; return 0; } int printf_stub(const char * format, ...) { std::cout<< "I am printf_stub" << std::endl; return 0; } int main(int argc, char **argv) { //Get application static function address { AddrAny any; std::map result; any.get_func_addr("foo", result); foo(); Stub stub; std::map::iterator it; for (it=result.begin(); it!=result.end(); ++it) { stub.set(it->second ,foo_stub); std::cout << it->first << " => " << it->second << std::endl; } foo(); } //Get dynamic library static function address { AddrAny any; std::map result; any.get_func_addr("printf", result); foo(); Stub stub; std::map::iterator it; for (it=result.begin(); it!=result.end(); ++it) { stub.set(it->second ,printf_stub); std::cout << it->first << " => " << it->second << std::endl; } foo(); } return 0; } ```