Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

For platforms that implement runtime fallback logic, all paths should be tested #289

Open
3 tasks
briansmith opened this issue Oct 9, 2022 · 2 comments
Open
3 tasks
Labels
help wanted Extra attention is needed testing

Comments

@briansmith
Copy link
Contributor

briansmith commented Oct 9, 2022

Consider the case of Linux. We hope to use the getrandom syscall and then if that fails, we fall back to doing file I/O. We should test at least the following scenerios:

  • Linux returns ENOSYS, which should trigger the fallback to file I/O.
  • Linux returns EPERM, which is presently expected to do the same fallback, though there's an issue on file to change this.
  • The syscall succeeds.

This type of exhaustive testing might not be practical on all targets. However, BoringSSL has shown how to do it on Linux; see https://boringssl.googlesource.com/boringssl/+/refs/heads/master/crypto/fipsmodule/rand/urandom_test.cc.

Backends with runtime fallback logic:

  • linux_android_with_fallback (fallack to /dev/urandom)
  • netbsd (fallback to KERN_ARND)
  • wasm_js (runtime selection between Web and Node.js APIs, there is also an IE 11 workaround)
@josephlr
Copy link
Member

I agree that this testing will be challenging for Platforms that aren't Tier 1, but I think we should look into it for Linux and MacOS. Maybe using LD_PRELOAD shenanigans with an older libc could work?

For the syscall vs file fallback, it would be interesting if we could get a ptrace-based test to work.

@newpavlov
Copy link
Member

Maybe using LD_PRELOAD shenanigans with an older libc could work?

Using just older libc will not help since we use libc::syscall. It may be worth to change code of getrandom_test_linux_fallback to use dlopen instead.

newpavlov added a commit that referenced this issue Oct 16, 2024
Use of `libc::getrandom` will automatically give us optimizations like
vDSO (#503) and can help with testing of fallback logic (#289).

It was also requested in #285. In that discussion we decided against
using this approach, but in the light of the vDSO optimization it may be
worth to reconsider it.

In `linux_android_with_fallback` use of `libc::syscall` is replaced by
`dlsym`-based code similar to what we use in the `netbsd` backend.
@newpavlov newpavlov added the help wanted Extra attention is needed label Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed testing
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants