Building a testdir with clang17 + ASAN + UBSAN, I see these test failures:
FAIL: test-explicit_bzero
FAIL: test-memset_explicit
The sanitizer's complaints are justified, because these tests really do dirty
things with the memory. So, let's skip the relevant parts when ASAN is in use.
2024-05-09 Bruno Haible <br...@clisp.org>
explicit_bzero, memset_explicit tests: Avoid test failures with ASAN.
* tests/test-explicit_bzero.c (test_heap, test_stack): Define to empty
if ASAN is enabled.
* tests/test-memset_explicit.c (test_heap, test_stack): Likewise.
diff --git a/tests/test-explicit_bzero.c b/tests/test-explicit_bzero.c
index e414ea5e4d..b4c98b6652 100644
--- a/tests/test-explicit_bzero.c
+++ b/tests/test-explicit_bzero.c
@@ -60,8 +60,22 @@ test_static (void)
/* =============== Verify operation on heap-allocated memory =============== */
+/* Skip this part when an address sanitizer is in use, because it would report
+ a "heap use after free". */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_heap (void)
+{
+}
+
+#else
+
/* Test whether an address range is mapped in memory. */
-#if VMA_ITERATE_SUPPORTED
+# if VMA_ITERATE_SUPPORTED
struct locals
{
@@ -96,7 +110,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
return l.range_start == l.range_end;
}
-#else
+# else
static bool
is_range_mapped (uintptr_t range_start, uintptr_t range_end)
@@ -104,7 +118,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
return true;
}
-#endif
+# endif
static void
test_heap (void)
@@ -127,8 +141,24 @@ test_heap (void)
printf ("test_heap: address range is unmapped after free().\n");
}
+#endif /* ! address sanitizer enabled */
+
/* =============== Verify operation on stack-allocated memory ===============
*/
+/* Skip this part when an address sanitizer is in use, because it would report
+ a "stack use after return". */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_stack (void)
+{
+}
+
+#else
+
/* There are two passes:
1. Put a secret in memory and invoke explicit_bzero on it.
2. Verify that the memory has been erased.
@@ -138,12 +168,12 @@ test_heap (void)
does not eliminate a call to explicit_bzero, even if data flow analysis
reveals that the stack area is dead at the end of the function. */
static bool _GL_ATTRIBUTE_NOINLINE
-#if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
+# if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
__attribute__ ((__noclone__))
-#endif
-#if __GNUC__ >= 8
+# endif
+# if __GNUC__ >= 8
__attribute__ ((__noipa__))
-#endif
+# endif
do_secret_stuff (int volatile pass, char *volatile *volatile last_stackbuf)
{
char stackbuf[SECRET_SIZE];
@@ -192,6 +222,8 @@ test_stack (void)
ASSERT (count < 50);
}
+#endif /* ! address sanitizer enabled */
+
/* ==========================================================================
*/
int
diff --git a/tests/test-memset_explicit.c b/tests/test-memset_explicit.c
index 69bcdb5d83..f3da4a775b 100644
--- a/tests/test-memset_explicit.c
+++ b/tests/test-memset_explicit.c
@@ -70,8 +70,22 @@ test_static (void)
/* =============== Verify operation on heap-allocated memory =============== */
+/* Skip this part when an address sanitizer is in use, because it would report
+ a "heap use after free". */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_heap (void)
+{
+}
+
+#else
+
/* Test whether an address range is mapped in memory. */
-#if VMA_ITERATE_SUPPORTED
+# if VMA_ITERATE_SUPPORTED
struct locals
{
@@ -106,7 +120,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
return l.range_start == l.range_end;
}
-#else
+# else
static bool
is_range_mapped (uintptr_t range_start, uintptr_t range_end)
@@ -114,7 +128,7 @@ is_range_mapped (uintptr_t range_start, uintptr_t range_end)
return true;
}
-#endif
+# endif
static void
test_heap (void)
@@ -137,8 +151,24 @@ test_heap (void)
printf ("test_heap: address range is unmapped after free().\n");
}
+#endif /* ! address sanitizer enabled */
+
/* =============== Verify operation on stack-allocated memory ===============
*/
+/* Skip this part when an address sanitizer is in use, because it would report
+ a "stack use after return". */
+#ifndef __has_feature
+# define __has_feature(a) 0
+#endif
+#if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer)
+
+static void
+test_stack (void)
+{
+}
+
+#else
+
/* There are two passes:
1. Put a secret in memory and invoke memset_explicit on it.
2. Verify that the memory has been erased.
@@ -148,12 +178,12 @@ test_heap (void)
does not eliminate a call to memset_explicit, even if data flow analysis
reveals that the stack area is dead at the end of the function. */
static bool _GL_ATTRIBUTE_NOINLINE
-#if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
+# if __GNUC__ + (__GNUC_MINOR__ >= 5) > 4
__attribute__ ((__noclone__))
-#endif
-#if __GNUC__ >= 8
+# endif
+# if __GNUC__ >= 8
__attribute__ ((__noipa__))
-#endif
+# endif
do_secret_stuff (int volatile pass, char *volatile *volatile last_stackbuf)
{
char stackbuf[SECRET_SIZE];
@@ -202,6 +232,8 @@ test_stack (void)
ASSERT (count < 50);
}
+#endif /* ! address sanitizer enabled */
+
/* ==========================================================================
*/
int
