From: Bruno Haible <bruno@clisp.org>
To: bug-gnulib@gnu.org
Subject: explicit_bzero, memset_explicit tests: Avoid test failures with ASAN
Date: Thu, 09 May 2024 14:04:24 +0200 [thread overview]
Message-ID: <5615663.YRq4vBrkhl@nimes> (raw)
Building a testdir with clang17 + ASAN + UBSAN, I see these test failures:
FAIL: test-explicit_bzero
FAIL: test-memset_explicit
The sanitizer's complaints are justified, because these tests really do dirty
things with the memory. So, let's skip the relevant parts when ASAN is in use.
2024-05-09 Bruno Haible <bruno@clisp.org>
explicit_bzero, memset_explicit tests: Avoid test failures with ASAN.
* tests/test-explicit_bzero.c (test_heap, test_stack): Define to empty
if ASAN is enabled.
* tests/test-memset_explicit.c (test_heap, test_stack): Likewise.
diff --git a/tests/test-explicit_bzero.c b/tests/test-explicit_bzero.c
index e414ea5e4d..b4c98b6652 100644
--- a/tests/test-explicit_bzero.c
+++ b/tests/test-explicit_bzero.c
@@ -60,8 +60,22 @@ test_static (void)
/* =============== Verify operation on heap-allocated memory =============== */
+/* Skip this part when an address sanitizer is in use, because it would report
+ a "heap use after free". */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_heap (void)
+{
+}
+
+#else
+
/* Test whether an address range is mapped in memory. */
-#if VMA_ITERATE_SUPPORTED
+# if VMA_ITERATE_SUPPORTED
struct locals
{
@@ -96,7 +110,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
return l.range_start == l.range_end;
}
-#else
+# else
static bool
is_range_mapped (uintptr_t range_start, uintptr_t range_end)
@@ -104,7 +118,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
return true;
}
-#endif
+# endif
static void
test_heap (void)
@@ -127,8 +141,24 @@ test_heap (void)
printf ("test_heap: address range is unmapped after free().\n");
}
+#endif /* ! address sanitizer enabled */
+
/* =============== Verify operation on stack-allocated memory =============== */
+/* Skip this part when an address sanitizer is in use, because it would report
+ a "stack use after return". */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_stack (void)
+{
+}
+
+#else
+
/* There are two passes:
1. Put a secret in memory and invoke explicit_bzero on it.
2. Verify that the memory has been erased.
@@ -138,12 +168,12 @@ test_heap (void)
does not eliminate a call to explicit_bzero, even if data flow analysis
reveals that the stack area is dead at the end of the function. */
static bool _GL_ATTRIBUTE_NOINLINE
-#if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
+# if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
__attribute__ ((__noclone__))
-#endif
-#if __GNUC__ >= 8
+# endif
+# if __GNUC__ >= 8
__attribute__ ((__noipa__))
-#endif
+# endif
do_secret_stuff (int volatile pass, char *volatile *volatile last_stackbuf)
{
char stackbuf[SECRET_SIZE];
@@ -192,6 +222,8 @@ test_stack (void)
ASSERT (count < 50);
}
+#endif /* ! address sanitizer enabled */
+
/* ========================================================================== */
int
diff --git a/tests/test-memset_explicit.c b/tests/test-memset_explicit.c
index 69bcdb5d83..f3da4a775b 100644
--- a/tests/test-memset_explicit.c
+++ b/tests/test-memset_explicit.c
@@ -70,8 +70,22 @@ test_static (void)
/* =============== Verify operation on heap-allocated memory =============== */
+/* Skip this part when an address sanitizer is in use, because it would report
+ a "heap use after free". */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_heap (void)
+{
+}
+
+#else
+
/* Test whether an address range is mapped in memory. */
-#if VMA_ITERATE_SUPPORTED
+# if VMA_ITERATE_SUPPORTED
struct locals
{
@@ -106,7 +120,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
return l.range_start == l.range_end;
}
-#else
+# else
static bool
is_range_mapped (uintptr_t range_start, uintptr_t range_end)
@@ -114,7 +128,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
return true;
}
-#endif
+# endif
static void
test_heap (void)
@@ -137,8 +151,24 @@ test_heap (void)
printf ("test_heap: address range is unmapped after free().\n");
}
+#endif /* ! address sanitizer enabled */
+
/* =============== Verify operation on stack-allocated memory =============== */
+/* Skip this part when an address sanitizer is in use, because it would report
+ a "stack use after return". */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_stack (void)
+{
+}
+
+#else
+
/* There are two passes:
1. Put a secret in memory and invoke memset_explicit on it.
2. Verify that the memory has been erased.
@@ -148,12 +178,12 @@ test_heap (void)
does not eliminate a call to memset_explicit, even if data flow analysis
reveals that the stack area is dead at the end of the function. */
static bool _GL_ATTRIBUTE_NOINLINE
-#if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
+# if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
__attribute__ ((__noclone__))
-#endif
-#if __GNUC__ >= 8
+# endif
+# if __GNUC__ >= 8
__attribute__ ((__noipa__))
-#endif
+# endif
do_secret_stuff (int volatile pass, char *volatile *volatile last_stackbuf)
{
char stackbuf[SECRET_SIZE];
@@ -202,6 +232,8 @@ test_stack (void)
ASSERT (count < 50);
}
+#endif /* ! address sanitizer enabled */
+
/* ========================================================================== */
int
reply other threads:[~2024-05-09 12:04 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5615663.YRq4vBrkhl@nimes \
--to=bruno@clisp.org \
--cc=bug-gnulib@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).