search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
usleep tests: Avoid failure due to known Cygwin 3.5.3 bug.
[gnulib.git] / tests / test-memset_explicit.c
blobe7ac64147cb8da724ebe4db87d7a8ee9addd1016
1 /* Test memset_explicit.
2 Copyright 2020-2024 Free Software Foundation, Inc.
3
4 This program is free software: you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation, either version 3 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <https://www.gnu.org/licenses/>. */
16
17 /* Written by Bruno Haible <bruno@clisp.org>, 2020. */
18 /* Adapted for memset_explicit by Paul Eggert <eggert@cs.ucla.edu>, 2022. */
19
20 #include <config.h>
21
22 /* Specification. */
23 #include <string.h>
24
25 #include "signature.h"
26 SIGNATURE_CHECK (memset_explicit, void *, (void *, int, size_t));
27
28 #include <limits.h>
29 #include <stdio.h>
30 #include <stdint.h>
31 #include <stdlib.h>
32
33 #include "vma-iter.h"
34 #include "macros.h"
35
36 #define SECRET "xyzzy1729"
37 #define SECRET_SIZE 9
38
39 static char zero[SECRET_SIZE] = { 0 };
40
41 /* Enable this to verify that the test is effective. */
42 #if 0
43 # define memset_explicit(a, c, n) memset (a, c, n)
44 #endif
45
46 /* Suppress GCC 13.2.1 false alarm, as this test needs a dangling pointer. */
47 #if 12 <= __GNUC__
48 # pragma GCC diagnostic ignored "-Wdangling-pointer"
49 #endif
50
51 /* =================== Verify operation on static memory =================== */
52
53 static char stbuf[SECRET_SIZE];
54
55 static void
56 test_static (void)
57 {
58 memcpy (stbuf, SECRET, SECRET_SIZE);
59 memset_explicit (stbuf, 0, SECRET_SIZE);
60 ASSERT (memcmp (zero, stbuf, SECRET_SIZE) == 0);
61 for (int i = 1; i <= UCHAR_MAX; i++)
62 {
63 char checkbuf[SECRET_SIZE];
64 memset (checkbuf, i, SECRET_SIZE);
65 memcpy (stbuf, SECRET, SECRET_SIZE);
66 memset_explicit (stbuf, i, SECRET_SIZE);
67 ASSERT (memcmp (checkbuf, stbuf, SECRET_SIZE) == 0);
68 }
69 }
70
71 /* =============== Verify operation on heap-allocated memory =============== */
72
73 /* Skip this part when an address sanitizer is in use, because it would report
74 a "heap use after free". */
75 #ifndef __has_feature
76 # define __has_feature(a) 0
77 #endif
78 #if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
79
80 static void
81 test_heap (void)
82 {
83 }
84
85 #else
86
87 /* Test whether an address range is mapped in memory. */
88 # if VMA_ITERATE_SUPPORTED
89
90 struct locals
91 {
92 uintptr_t range_start;
93 uintptr_t range_end;
94 };
95
96 static int
97 vma_iterate_callback (void *data, uintptr_t start, uintptr_t end,
98 unsigned int flags)
99 {
100 struct locals *lp = (struct locals *) data;
101
102 /* Remove from [range_start, range_end) the part at the beginning or at the
103 end that is covered by [start, end). */
104 if (start <= lp->range_start && end > lp->range_start)
105 lp->range_start = (end < lp->range_end ? end : lp->range_end);
106 if (start < lp->range_end && end >= lp->range_end)
107 lp->range_end = (start > lp->range_start ? start : lp->range_start);
108
109 return 0;
110 }
111
112 static bool
113 is_range_mapped (uintptr_t range_start, uintptr_t range_end)
114 {
115 struct locals l;
116
117 l.range_start = range_start;
118 l.range_end = range_end;
119 vma_iterate (vma_iterate_callback, &l);
120 return l.range_start == l.range_end;
121 }
122
123 # else
124
125 static bool
126 is_range_mapped (uintptr_t range_start, uintptr_t range_end)
127 {
128 return true;
129 }
130
131 # endif
132
133 static void
134 test_heap (void)
135 {
136 char *heapbuf = (char *) malloc (SECRET_SIZE);
137 ASSERT (heapbuf);
138 uintptr_t volatile addr = (uintptr_t) heapbuf;
139 memcpy (heapbuf, SECRET, SECRET_SIZE);
140 memset_explicit (heapbuf, 0, SECRET_SIZE);
141 free (heapbuf);
142 heapbuf = (char *) addr;
143 if (is_range_mapped (addr, addr + SECRET_SIZE))
144 {
145 /* some implementation could override freed memory by canaries so
146 compare against secret */
147 ASSERT (memcmp (heapbuf, SECRET, SECRET_SIZE) != 0);
148 printf ("test_heap: address range is still mapped after free().\n");
149 }
150 else
151 printf ("test_heap: address range is unmapped after free().\n");
152 }
153
154 #endif /* ! address sanitizer enabled */
155
156 /* =============== Verify operation on stack-allocated memory =============== */
157
158 /* Skip this part when an address sanitizer is in use, because it would report
159 a "stack use after return". */
160 #ifndef __has_feature
161 # define __has_feature(a) 0
162 #endif
163 #if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
164
165 static void
166 test_stack (void)
167 {
168 }
169
170 #else
171
172 /* There are two passes:
173 1. Put a secret in memory and invoke memset_explicit on it.
174 2. Verify that the memory has been erased.
175 Implement them in the same function, so that they access the same memory
176 range on the stack. Declare the local scalars to be volatile so they
177 are not optimized away. That way, the test verifies that the compiler
178 does not eliminate a call to memset_explicit, even if data flow analysis
179 reveals that the stack area is dead at the end of the function. */
180 static bool _GL_ATTRIBUTE_NOINLINE
181 # if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
182 __attribute__ ((__noclone__))
183 # endif
184 # if __GNUC__ >= 8
185 __attribute__ ((__noipa__))
186 # endif
187 do_secret_stuff (int volatile pass, char *volatile *volatile last_stackbuf)
188 {
189 char stackbuf[SECRET_SIZE];
190 if (pass == 1)
191 {
192 memcpy (stackbuf, SECRET, SECRET_SIZE);
193 memset_explicit (stackbuf, 0, SECRET_SIZE);
194 *last_stackbuf = stackbuf;
195 return false;
196 }
197 else /* pass == 2 */
198 {
199 /* Use *last_stackbuf here, because stackbuf may be allocated at a
200 different address than *last_stackbuf. This can happen
201 when the compiler splits this function into different functions,
202 one for pass == 1 and one for pass != 1. */
203 return memcmp (zero, *last_stackbuf, SECRET_SIZE) != 0;
204 }
205 }
206
207 static void
208 test_stack (void)
209 {
210 int count = 0;
211 int repeat;
212 char *volatile last_stackbuf;
213
214 for (repeat = 2 * 1000; repeat > 0; repeat--)
215 {
216 /* This odd way of writing two consecutive statements
217 do_secret_stuff (1, &last_stackbuf);
218 count += do_secret_stuff (2, &last_stackbuf);
219 ensures that the two do_secret_stuff calls are performed with the same
220 stack pointer value, on m68k. */
221 if ((repeat % 2) == 0)
222 do_secret_stuff (1, &last_stackbuf);
223 else
224 count += do_secret_stuff (2, &last_stackbuf);
225 }
226 /* If memset_explicit works, count is near 0. (It may be > 0 if there were
227 some asynchronous signal invocations between the two calls of
228 do_secret_stuff.)
229 If memset_explicit is optimized away by the compiler, count comes out as
230 approximately 1000. */
231 printf ("test_stack: count = %d\n", count);
232 ASSERT (count < 50);
233 }
234
235 #endif /* ! address sanitizer enabled */
236
237 /* ========================================================================== */
238
239 int
240 main ()
241 {
242 test_static ();
243 test_heap ();
244 test_stack ();
245
246 return test_exit_status;
247 }
Mirror of the GNU Gnulib repository