Support larger integer test arguments #6716
Conversation
gilles-peskine-arm
added
enhancement
needs-ci
gilles-peskine-arm
force-pushed
the
test-argument-types-union
branch
from
383ae9c to
0ee469d
Compare
gilles-peskine-arm
added
needs-review
gilles-peskine-arm
added
the
priority-medium
gilles-peskine-arm
force-pushed
the
test-argument-types-union
branch
from
0ee469d to
ac58d3b
Compare
|
Force-pushed with the new code style. |
gilles-peskine-arm
force-pushed
the
test-argument-types-union
branch
from
ac58d3b to
032af91
Compare
|
Rebased due to trivial conflict (consecutive changes) |
| @@ -31,6 +31,31 @@ exit: | |||
| } | |||
| /* END_CASE */ | |||
|
|
|||
| /* BEGIN_CASE */ | |||
| void printf_long_max(const char *format, long value) | |||
There was a problem hiding this comment.
From my understand, this test is designed to make sure the test framework could process long int value (actually only LONG_MAX could be tested) correctly. So the parameters seem to be redundant.
There was a problem hiding this comment.
Passing value is necessary because the main intent of this test is to check that the test framework passes the value correctly.
Passing format is not strictly necessary, but this way we're testing the mbedtls_printf function and not a possible compiler optimization. Also it makes the structure of the different tests more uniform. Also it may make it easier to generalize the test in the future.
| if not INT_VAL_REGEX.match(val): | ||
| return False | ||
| # Limit the range to what is guaranteed to get through strtol() | ||
| return abs(int(val, 0)) <= 0x7fffffff |
There was a problem hiding this comment.
As we support long after commit acfffeb, should we increase the size to LONG_MAX(0x7fffffffffffffff)? If not, the value longer than 0x7fffffff is considered as exp not an integer type. So verify_int won't process a value larger than 0x7fffffff.
There was a problem hiding this comment.
As the comment indicates, currently, the value needs to be supported by strtol. 0x7fffffff is the largest value that is guaranteed to fit in long. long can be a 32-bit type (and it usually is a 32-bit type on 32-bit architectures, and also on 64-bit Windows).
There was a problem hiding this comment.
Well, we don't have to use strtol() - we could use strtoll() or even write a simple conversion routine for ourselves (this is in the test code after all) - we only need bases 10 and 16
There was a problem hiding this comment.
Actually, because it's test code, we needn't bother reimplement the standard library.
And anyway that doesn't matter. The exp path has to exist anyway (so we can use any constant expression, including macro names that the python code could not recognize). So we might as well use it. The int path is just an optimization to reduce the size of the generated code.
There was a problem hiding this comment.
As the comment indicates, currently, the value needs to be supported by
strtol. 0x7fffffff is the largest value that is guaranteed to fit inlong.longcan be a 32-bit type (and it usually is a 32-bit type on 32-bit architectures, and also on 64-bit Windows).
This makes sense to me. I was assuming LONG_MAX(0x7fffffffffffffff) is the largest value to fit in long but I didn't consider it could be a 32-bit type.
We're using the non-standard function strcasecmp() just so that the case of digits beyond 9 can be different in the library and in the test data. Use matching case in the test data, and use a standard function for the comparison. Signed-off-by: Gilles Peskine <[email protected]>
It is no longer used. Signed-off-by: Gilles Peskine <[email protected]>
We now require at least Visual Studio 2013, which has stdint.h per https://learn.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2013/y4hta57s(v=vs.120) so the workaround to define C99 types on pre-C99 MSVC is no longer needed. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
This is just a quick improvement, not meant to tackle the problem as a whole. Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. This commit is mainly to satisfy pylint, which complains that gen_from_test_data now has too many variables. But it's a good thing anyway to make the function a little more readable. Signed-off-by: Gilles Peskine <[email protected]>
Treat backslash as a universal escape character: "\n" is a newline, backslash escapes any non-alphanumeric character. This affects some test cases that had "\," standing for backslash-comma. With the new uniform treatment of backslashes, this needs to be "\\,". Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
In the .datax parser, since we're calling strtol() anyway, rely on it for verification. This makes the .datax parser very slightly more liberal (leading spaces and '+' are now accepted), and changes the interpretation of numbers with leading zeros to octal. Before, an argument like :0123: was parsed as decimal, but an argument like :0123+1: was parsed as a C expression and hence the leading zero marked an octal representation. Now, a leading zero is always interpreted according to C syntax, namely indicating octal. There are no nonzero integer constants with a leading zero in a .data file, so this does not affect existing test cases. In the .datax generator, allow negative arguments to be 'int' (before, they were systematically treated as 'exp' even though they didn't need to be). In the .datax parser, validate the range of integer constants. They have to fit in int32_t. In the .datax generator, use 'exp' instead of 'int' for integer constants that are out of range. Signed-off-by: Gilles Peskine <[email protected]>
The test framework stores size_t and int32_t values in the parameter store by converting them all to int. This is ok in practice, since we assume int covers int32_t and we don't have test data larger than 2GB. But it's confusing and error-prone. So make the parameter store a union, which allows size_t values not to be potentially truncated and makes the code a little clearer. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Use normalization the equality comparisons instead of loose regular expressions to determine the type of an argument of a test function. Now declarations are parsed in a stricter way: there can't be ignored junk at the beginning or at the end. For example, `long long unsigned int x` was accepted as a test function argument (but not `long long unsigned x`), although this was misleading since the value was truncated to the range of int. Now only recognized types are accepted. The new code is slightly looser in that it accepts `char const*` as well as `const char*`. Signed-off-by: Gilles Peskine <[email protected]>
Change the type of signed integer arguments from int32_t to intmax_t. This allows the C code to work with test function arguments with a range larger than int32_t. A subsequent commit will change the .datax generator to support larger types. Signed-off-by: Gilles Peskine <[email protected]>
Now that the C code supports the full range of intmax_t, allow any size of signed integer type in the .data file parser. Signed-off-by: Gilles Peskine <[email protected]>
Now that the test framework can pass arbitrary values of type mbedtls_mpi_sint, just do that. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
force-pushed
the
test-argument-types-union
branch
from
e3f49d1 to
9a75131
Compare
|
I rebased on top of the latest development to handle a conflict. There were two places where the commit "Simplify string escapes" changes a line that's adjacent to a I will address Yanray's comments in subsequent commits. |
The test framework used to treat them specially (but no longer does). Add these test cases as non-regression for how the test framework allows "?" and especially "??" (which I think in the very distant path needed special handling because the test data was embedded in a .c file, and thus ?? could be interpreted as the prefix of a trigraph). Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added
needs-ci
gilles-peskine-arm
added
needs-review
gilles-peskine-arm
added
approved
This is a collection of improvements to how the unit test framework handles test case arguments.
longandmbedtls_mpi_sint. Addresses Support other integral types in unit tests #4913. (I'm working on unsigned types, but it requires more refactoring of the Python code.)void test_function(void). Resolves Fix generate_test_code.py to allowvoid foo(void)#1757.Planned follow-ups:
foo_t x = x_arghacks in many test functions (especially PSA).Gatekeeper checklist