From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: Possible oversight in setvbuf()
Date: Fri, 13 Jul 2018 22:03:27 -0400 [thread overview]
Message-ID: <20180714020327.GF1392@brightrain.aerifal.cx> (raw)
In-Reply-To: <CAF4BF-Sa6vfGGTmw1-8zFoAVZpi92o8wfQsSMpV=Y0+KhkyO6w@mail.gmail.com>
On Fri, Jul 13, 2018 at 06:19:30PM -0400, Christopher Friedt wrote:
> On Fri, Jul 13, 2018, 6:06 PM Rich Felker, <dalias@libc.org> wrote:
>
> > On Fri, Jul 13, 2018 at 05:46:54PM -0400, Christopher Friedt wrote:
> > > A good process for adding new features is to add tests with them. Even if
> > > there is only a test for expected behaviour, at least it will catch one
> > > possible regression.
> >
> > Yes, I should really do that more. Sometimes it's not obvious what
> > should be tested though. In the case of setvbuf, the intended behavior
> > is in some sense untestable (the previous implementation not using the
> > caller-provided buffer was valid); in hindsight the obvious important
> > thing to test is that it doesn't result in writes outside the buffer.
> >
>
> If you need more than that basic test.c program that I provided before for
> addrconfig, i'd be happy to add some more test cases.
The hard thing about testing that functionality is that it's dependent
on environmental factors (network interface configuration). The same
problem also applies to the rest of the resolver functionality, where
you'd want to be able to hook it up to a known, and possibly
malicious, nameserver that's part of the test harness.
There are two "obvious" choices for how to achieve this:
1. Using Linux namespaces (and assuming user namespace functionality
is available to access them, which requires either appropriate
configuration or root) so that control over the filesystem and
network interfaces is available. Or,
2. Implementing a tracer (perhaps just seccomp) process that catches
and rewrites the syscall results to simulate the conditions we want
to test.
Neither is particularly portable outside of Linux (note that libc-test
is OS- and libc-agnostic). Option 1 is cleaner and simpler and more
flexible, but won't work on all systems (and especially not on more
hardened ones). I'm not sure if Szabolcs Nagy (libc-test maintainer)
likes either idea.
Rich
next prev parent reply other threads:[~2018-07-14 2:03 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-13 14:40 Markus Wichmann
2018-07-13 21:31 ` Rich Felker
2018-07-13 21:46 ` Christopher Friedt
2018-07-13 22:06 ` Rich Felker
2018-07-13 22:19 ` Christopher Friedt
2018-07-14 2:03 ` Rich Felker [this message]
2018-07-14 2:05 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180714020327.GF1392@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).