Setting counting_illegal_callback may hide failing tests #1167

issue jonasnick openend this issue on December 1, 2022
  1. jonasnick commented at 10:03 pm on December 1, 2022: contributor

    The following code snippet very roughly resembles what happens in the libsecp test harness and illustrates the issue:

     0/* in the tests we have access to a global context */
 1static secp256k1_context *ctx = NULL;
 2
 3void test_foo() {
 4  int ecount;
 5  context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount);
 6  /* do some tests with ecount */
 7}
 8void test_bar() {
 9  /* we don't set the counting_illegal_callback here because we don't want to test that here */
10  some_function(ctx);
11}
12void main() {
13  test_foo();
14  test_bar();
15}

    The code is fine, until one day some_function(ctx) results in the illegal callback being called. Then we’d want the test to fail but instead what happens is that some stack region formerly known as ecount is modified, which does not necessarily result in a crash.

    One solution would be to never add the counting_illegal_callback to the global context and instead create a local context for counting.

  2. real-or-random commented at 1:00 pm on December 2, 2022: contributor

    One solution would be to never add the counting_illegal_callback to the global context and instead create a local context for counting.

    Or make the ecount global. :shrug: I guess that’s good enough for test code.

  3. apoelstra commented at 1:28 pm on December 2, 2022: contributor

    We could write an EXPECT_ARG_CHECK_FAIL macro (or maybe something with a nicer name :)) which creates a fresh ecount variable at 0, sets the context object’s error callbacks, checks the ecount is 1, then restores the old callbacks.

    This would also get rid of all the ecount-accounting code, which is quite a PITA to maintain and sometimes results in huge diffs.

  4. sipa commented at 2:11 pm on December 2, 2022: contributor

    We could write an EXPECT_ARG_CHECK_FAIL macro (or maybe something with a nicer name :)) which creates a fresh ecount variable at 0, sets the context object’s error callbacks, checks the ecount is 1, then restores the old callbacks. @apoelstra That would be so much more readable!

  5. real-or-random cross-referenced this on Dec 7, 2022 from issue Replace deprecated context flags with NONE in benchmarks and tests by jonasnick
  6. real-or-random cross-referenced this on Jan 4, 2023 from issue tests: Tidy context tests by real-or-random
  7. real-or-random referenced this in commit 0eb3000417 on Jan 6, 2023
  8. jonasnick cross-referenced this on Jul 20, 2023 from issue Upstream PRs 1174, 1154, 1178, 1177, 1171, 1158, 1183, 1185, 1186, 1188, 1187 by jonasnick
  9. real-or-random commented at 12:09 pm on July 20, 2023: contributor

    We have CHECK_ILLEGAL and CHECK_ILLEGAL_VOID since e39d954f118a29db2c33e9a9a507053fff5573ed:

    https://github.com/bitcoin-core/secp256k1/blob/c545fdc374964424683d9dac31a828adedabe860/src/tests.c#L55-L72

    The “only” thing left to do is to use these everywhere (and maybe introduce a similar macro for the error callback).

  10. real-or-random added the label assurance on Jul 26, 2023
  11. real-or-random added the label refactor/smell on Jul 26, 2023
  12. jonasnick cross-referenced this on Jul 28, 2023 from issue tests: Replace counting_illegal_callbacks with CHECK_ILLEGAL_VOID by jonasnick
  13. real-or-random closed this on Sep 4, 2023


jonasnick real-or-random apoelstra sipa

Labels
assurance refactor/smell

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-21 11:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me