Write bin test for saguard

Author: gyuheon0h

bin_tests/src/modes/behavior.rs

@@ -138,6 +138,7 @@ pub fn get_behavior(mode_str: &str) -> Box<dyn Behavior> {
         "panic_hook_string" => Box::new(test_014_panic_hook_string::Test),
         "panic_hook_unknown_type" => Box::new(test_015_panic_hook_unknown_type::Test),
         "errno_preservation" => Box::new(test_016_errno_preservation::Test),
+        "sigchld_sigpipe_saguard" => Box::new(test_017_sigchld_sigpipe_saguard::Test),
         "runtime_preload_logger" => Box::new(test_000_donothing::Test),
         _ => panic!("Unknown mode: {mode_str}"),
     }

bin_tests/src/modes/unix/mod.rs

@@ -17,3 +17,4 @@ pub mod test_013_panic_hook_after_fork;
 pub mod test_014_panic_hook_string;
 pub mod test_015_panic_hook_unknown_type;
 pub mod test_016_errno_preservation;
+pub mod test_017_sigchld_sigpipe_saguard;

bin_tests/src/modes/unix/test_017_sigchld_sigpipe_saguard.rs

@@ -0,0 +1,175 @@
+// Copyright 2026-Present Datadog, Inc. https://www.datadoghq.com/
+// SPDX-License-Identifier: Apache-2.0
+//
+// Integration test for SaGuard during crash handling.
+//
+// Verifies that SIGCHLD and SIGPIPE handlers installed by the application are
+// not invoked during crash handling (because SaGuard suppresses them), even
+// though the crash handler spawns child processes (SIGCHLD) and writes to
+// pipes (SIGPIPE).
+//
+// Expected operation:
+// 1. setup() installs custom SIGCHLD and SIGPIPE handlers that write marker files when invoked
+// 2. pre() verifies the handlers actually work as a baseline check
+// 3. post() cleans up marker files and sets the output targets to "crash_sigchld" and
+//    "crash_sigpipe" files. If the SaGuard is working, the crash handler will suppress these
+//    signals and the marker files will not be created
+//
+// The integration test asserts that "crash_sigchld" and "crash_sigpipe" do
+// not exist after the crash
+use crate::modes::behavior::Behavior;
+use crate::modes::behavior::{
+    atom_to_clone, file_write_msg, fileat_content_equals, remove_permissive, removeat_permissive,
+    set_atomic, trigger_sigpipe,
+};
+
+use libc;
+use libdd_crashtracker::CrashtrackerConfiguration;
+use std::path::{Path, PathBuf};
+use std::sync::atomic::AtomicPtr;
+
+pub const CRASH_SIGCHLD_FILENAME: &str = "crash_sigchld";
+pub const CRASH_SIGPIPE_FILENAME: &str = "crash_sigpipe";
+
+pub struct Test;
+
+impl Behavior for Test {
+    fn setup(
+        &self,
+        output_dir: &Path,
+        _config: &mut CrashtrackerConfiguration,
+    ) -> anyhow::Result<()> {
+        setup(output_dir)
+    }
+
+    fn pre(&self, output_dir: &Path) -> anyhow::Result<()> {
+        // verify SIGCHLD handler fires
+        verify_sigchld(output_dir, "pre_sigchld.check")?;
+
+        // verify SIGPIPE handler fires
+        verify_sigpipe(output_dir, "pre_sigpipe.check")?;
+
+        Ok(())
+    }
+
+    fn post(&self, output_dir: &Path) -> anyhow::Result<()> {
+        removeat_permissive(output_dir, CRASH_SIGCHLD_FILENAME);
+        removeat_permissive(output_dir, CRASH_SIGPIPE_FILENAME);
+
+        // Point the handlers at the crash-time marker files
+        // If SaGuard works, these files wont be created during crash handling
+        set_atomic(
+            &SIGCHLD_OUTPUT_FILE,
+            output_dir.join(CRASH_SIGCHLD_FILENAME),
+        );
+        set_atomic(
+            &SIGPIPE_OUTPUT_FILE,
+            output_dir.join(CRASH_SIGPIPE_FILENAME),
+        );
+        Ok(())
+    }
+}
+
+static SIGCHLD_OUTPUT_FILE: AtomicPtr<PathBuf> = AtomicPtr::new(std::ptr::null_mut());
+static SIGPIPE_OUTPUT_FILE: AtomicPtr<PathBuf> = AtomicPtr::new(std::ptr::null_mut());
+
+extern "C" fn sigchld_handler(_: libc::c_int) {
+    let ofile = match atom_to_clone(&SIGCHLD_OUTPUT_FILE) {
+        Ok(f) => f,
+        _ => return,
+    };
+    file_write_msg(&ofile, "SIGCHLD_FIRED").ok();
+}
+
+extern "C" fn sigpipe_handler(_: libc::c_int) {
+    let ofile = match atom_to_clone(&SIGPIPE_OUTPUT_FILE) {
+        Ok(f) => f,
+        _ => return,
+    };
+    file_write_msg(&ofile, "SIGPIPE_FIRED").ok();
+}
+
+fn verify_sigchld(output_dir: &Path, filename: &str) -> anyhow::Result<()> {
+    set_atomic(&SIGCHLD_OUTPUT_FILE, output_dir.join(filename));
+
+    match unsafe { libc::fork() } {
+        -1 => anyhow::bail!("Failed to fork"),
+        0 => unsafe {
+            libc::_exit(0);
+        },
+        _ => {
+            // Wait for child to exit
+            loop {
+                let mut status: libc::c_int = 0;
+                if -1 == unsafe { libc::waitpid(-1, &mut status, libc::WNOHANG) } {
+                    break;
+                }
+            }
+        }
+    }
+
+    match fileat_content_equals(output_dir, filename, "SIGCHLD_FIRED") {
+        Ok(true) => (),
+        _ => anyhow::bail!("SIGCHLD handler did not fire during baseline check"),
+    }
+
+    remove_permissive(&output_dir.join(filename));
+    set_atomic(&SIGCHLD_OUTPUT_FILE, output_dir.join("INVALID"));
+    Ok(())
+}
+
+fn verify_sigpipe(output_dir: &Path, filename: &str) -> anyhow::Result<()> {
+    set_atomic(&SIGPIPE_OUTPUT_FILE, output_dir.join(filename));
+
+    trigger_sigpipe()?;
+
+    match fileat_content_equals(output_dir, filename, "SIGPIPE_FIRED") {
+        Ok(true) => (),
+        _ => anyhow::bail!("SIGPIPE handler did not fire during baseline check"),
+    }
+
+    remove_permissive(&output_dir.join(filename));
+    set_atomic(&SIGPIPE_OUTPUT_FILE, output_dir.join("INVALID"));
+    Ok(())
+}
+
+pub fn setup(output_dir: &Path) -> anyhow::Result<()> {
+    let mut sigset: libc::sigset_t = unsafe { std::mem::zeroed() };
+    unsafe {
+        libc::sigemptyset(&mut sigset);
+    }
+
+    // Install SIGCHLD handler
+    let sigchld_action = libc::sigaction {
+        sa_sigaction: sigchld_handler as *const () as usize,
+        sa_mask: sigset,
+        sa_flags: libc::SA_RESTART | libc::SA_SIGINFO,
+        #[cfg(target_os = "linux")]
+        sa_restorer: None,
+    };
+    unsafe {
+        if libc::sigaction(libc::SIGCHLD, &sigchld_action, std::ptr::null_mut()) != 0 {
+            anyhow::bail!("Failed to set up SIGCHLD handler");
+        }
+    }
+
+    // Install SIGPIPE handler
+    let sigpipe_action = libc::sigaction {
+        sa_sigaction: sigpipe_handler as *const () as usize,
+        sa_mask: sigset,
+        sa_flags: libc::SA_RESTART | libc::SA_SIGINFO,
+        #[cfg(target_os = "linux")]
+        sa_restorer: None,
+    };
+    unsafe {
+        if libc::sigaction(libc::SIGPIPE, &sigpipe_action, std::ptr::null_mut()) != 0 {
+            anyhow::bail!("Failed to set up SIGPIPE handler");
+        }
+    }
+
+    // Initialize output file pointers to INVALID
+    set_atomic(&SIGCHLD_OUTPUT_FILE, output_dir.join("INVALID"));
+    set_atomic(&SIGPIPE_OUTPUT_FILE, output_dir.join("INVALID"));
+
+    Ok(())
+}

bin_tests/src/test_types.rs

@@ -20,6 +20,7 @@ pub enum TestMode {
     RuntimeCallbackFrameInvalidUtf8,
     RuntimePreloadLogger,
     ErrnoPreservation,
+    SigChldSigPipeSaGuard,
 }
 
 impl TestMode {
@@ -41,6 +42,7 @@ impl TestMode {
             Self::RuntimeCallbackFrameInvalidUtf8 => "runtime_callback_frame_invalid_utf8",
             Self::RuntimePreloadLogger => "runtime_preload_logger",
             Self::ErrnoPreservation => "errno_preservation",
+            Self::SigChldSigPipeSaGuard => "sigchld_sigpipe_saguard",
         }
     }
 
@@ -62,6 +64,7 @@ impl TestMode {
             Self::RuntimeCallbackFrameInvalidUtf8,
             Self::RuntimePreloadLogger,
             Self::ErrnoPreservation,
+            Self::SigChldSigPipeSaGuard,
         ]
     }
 }
@@ -92,6 +95,7 @@ impl std::str::FromStr for TestMode {
             "runtime_callback_frame_invalid_utf8" => Ok(Self::RuntimeCallbackFrameInvalidUtf8),
             "runtime_preload_logger" => Ok(Self::RuntimePreloadLogger),
             "errno_preservation" => Ok(Self::ErrnoPreservation),
+            "sigchld_sigpipe_saguard" => Ok(Self::SigChldSigPipeSaGuard),
             _ => Err(format!("Unknown test mode: {}", s)),
         }
     }

bin_tests/tests/crashtracker_bin_test.rs

@@ -123,6 +123,46 @@ fn test_crash_tracking_bin_errno_preservation() {
     run_crash_test_with_artifacts(&config, &artifacts_map, &artifacts, validator).unwrap();
 }
 
+#[test]
+#[cfg_attr(miri, ignore)]
+fn test_crash_tracking_bin_sigchld_sigpipe_saguard() {
+    use bin_tests::modes::unix::test_017_sigchld_sigpipe_saguard::{
+        CRASH_SIGCHLD_FILENAME, CRASH_SIGPIPE_FILENAME,
+    };
+
+    let config = CrashTestConfig::new(
+        BuildProfile::Release,
+        TestMode::SigChldSigPipeSaGuard,
+        CrashType::NullDeref,
+    );
+    let artifacts = StandardArtifacts::new(config.profile);
+    let artifacts_map = build_artifacts(&artifacts.as_slice()).unwrap();
+
+    let validator: ValidatorFn = Box::new(|_payload, fixtures| {
+        // SaGuard shouldve suppressed SIGCHLD and SIGPIPE during crash handling,
+        // so the marker files shouldnt exist
+        let sigchld_path = fixtures.output_dir.join(CRASH_SIGCHLD_FILENAME);
+        let sigpipe_path = fixtures.output_dir.join(CRASH_SIGPIPE_FILENAME);
+
+        assert!(
+            !sigchld_path.exists(),
+            "SIGCHLD handler fired during crash handling; SaGuard did not suppress it. \
+            File {:?} should not exist.",
+            sigchld_path
+        );
+        assert!(
+            !sigpipe_path.exists(),
+            "SIGPIPE handler fired during crash handling; SaGuard did not suppress it. \
+            File {:?} should not exist.",
+            sigpipe_path
+        );
+
+        Ok(())
+    });
+
+    run_crash_test_with_artifacts(&config, &artifacts_map, &artifacts, validator).unwrap();
+}
+
 #[test]
 #[cfg_attr(miri, ignore)]
 fn test_crash_tracking_bin_unhandled_exception() {