explicit_bzero, memset_explicit tests: Avoid test failures with ASAN

From: Bruno Haible <bruno@clisp.org>
To: bug-gnulib@gnu.org
Subject: explicit_bzero, memset_explicit tests: Avoid test failures with ASAN
Date: Thu, 09 May 2024 14:04:24 +0200	[thread overview]
Message-ID: <5615663.YRq4vBrkhl@nimes> (raw)

Building a testdir with clang17 + ASAN + UBSAN, I see these test failures:

FAIL: test-explicit_bzero
FAIL: test-memset_explicit

The sanitizer's complaints are justified, because these tests really do dirty
things with the memory. So, let's skip the relevant parts when ASAN is in use.


2024-05-09  Bruno Haible  <bruno@clisp.org>

	explicit_bzero, memset_explicit tests: Avoid test failures with ASAN.
	* tests/test-explicit_bzero.c (test_heap, test_stack): Define to empty
	if ASAN is enabled.
	* tests/test-memset_explicit.c (test_heap, test_stack): Likewise.

diff --git a/tests/test-explicit_bzero.c b/tests/test-explicit_bzero.c
index e414ea5e4d..b4c98b6652 100644
--- a/tests/test-explicit_bzero.c
+++ b/tests/test-explicit_bzero.c
@@ -60,8 +60,22 @@ test_static (void)
 
 /* =============== Verify operation on heap-allocated memory =============== */
 
+/* Skip this part when an address sanitizer is in use, because it would report
+   a "heap use after free".  */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_heap (void)
+{
+}
+
+#else
+
 /* Test whether an address range is mapped in memory.  */
-#if VMA_ITERATE_SUPPORTED
+# if VMA_ITERATE_SUPPORTED
 
 struct locals
 {
@@ -96,7 +110,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
   return l.range_start == l.range_end;
 }
 
-#else
+# else
 
 static bool
 is_range_mapped (uintptr_t range_start, uintptr_t range_end)
@@ -104,7 +118,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
   return true;
 }
 
-#endif
+# endif
 
 static void
 test_heap (void)
@@ -127,8 +141,24 @@ test_heap (void)
     printf ("test_heap: address range is unmapped after free().\n");
 }
 
+#endif /* ! address sanitizer enabled */
+
 /* =============== Verify operation on stack-allocated memory =============== */
 
+/* Skip this part when an address sanitizer is in use, because it would report
+   a "stack use after return".  */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_stack (void)
+{
+}
+
+#else
+
 /* There are two passes:
      1. Put a secret in memory and invoke explicit_bzero on it.
      2. Verify that the memory has been erased.
@@ -138,12 +168,12 @@ test_heap (void)
    does not eliminate a call to explicit_bzero, even if data flow analysis
    reveals that the stack area is dead at the end of the function.  */
 static bool _GL_ATTRIBUTE_NOINLINE
-#if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
+# if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
 __attribute__ ((__noclone__))
-#endif
-#if __GNUC__ >= 8
+# endif
+# if __GNUC__ >= 8
 __attribute__ ((__noipa__))
-#endif
+# endif
 do_secret_stuff (int volatile pass, char *volatile *volatile last_stackbuf)
 {
   char stackbuf[SECRET_SIZE];
@@ -192,6 +222,8 @@ test_stack (void)
   ASSERT (count < 50);
 }
 
+#endif /* ! address sanitizer enabled */
+
 /* ========================================================================== */
 
 int
diff --git a/tests/test-memset_explicit.c b/tests/test-memset_explicit.c
index 69bcdb5d83..f3da4a775b 100644
--- a/tests/test-memset_explicit.c
+++ b/tests/test-memset_explicit.c
@@ -70,8 +70,22 @@ test_static (void)
 
 /* =============== Verify operation on heap-allocated memory =============== */
 
+/* Skip this part when an address sanitizer is in use, because it would report
+   a "heap use after free".  */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_heap (void)
+{
+}
+
+#else
+
 /* Test whether an address range is mapped in memory.  */
-#if VMA_ITERATE_SUPPORTED
+# if VMA_ITERATE_SUPPORTED
 
 struct locals
 {
@@ -106,7 +120,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
   return l.range_start == l.range_end;
 }
 
-#else
+# else
 
 static bool
 is_range_mapped (uintptr_t range_start, uintptr_t range_end)
@@ -114,7 +128,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
   return true;
 }
 
-#endif
+# endif
 
 static void
 test_heap (void)
@@ -137,8 +151,24 @@ test_heap (void)
     printf ("test_heap: address range is unmapped after free().\n");
 }
 
+#endif /* ! address sanitizer enabled */
+
 /* =============== Verify operation on stack-allocated memory =============== */
 
+/* Skip this part when an address sanitizer is in use, because it would report
+   a "stack use after return".  */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_stack (void)
+{
+}
+
+#else
+
 /* There are two passes:
      1. Put a secret in memory and invoke memset_explicit on it.
      2. Verify that the memory has been erased.
@@ -148,12 +178,12 @@ test_heap (void)
    does not eliminate a call to memset_explicit, even if data flow analysis
    reveals that the stack area is dead at the end of the function.  */
 static bool _GL_ATTRIBUTE_NOINLINE
-#if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
+# if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
 __attribute__ ((__noclone__))
-#endif
-#if __GNUC__ >= 8
+# endif
+# if __GNUC__ >= 8
 __attribute__ ((__noipa__))
-#endif
+# endif
 do_secret_stuff (int volatile pass, char *volatile *volatile last_stackbuf)
 {
   char stackbuf[SECRET_SIZE];
@@ -202,6 +232,8 @@ test_stack (void)
   ASSERT (count < 50);
 }
 
+#endif /* ! address sanitizer enabled */
+
 /* ========================================================================== */
 
 int




