Add comment on memsan + constant-flow testing

This commit is contained in:
Manuel Pégourié-Gonnard 2020-07-22 11:09:28 +02:00
parent 5bb6f3c3db
commit 2b80249c04

View File

@ -1032,14 +1032,20 @@ component_test_full_cmake_clang () {
} }
component_test_memsan_constant_flow () { component_test_memsan_constant_flow () {
msg "build: cmake memsan, full config with constant flow testing" # This tests both (1) accesses to undefined memory, and (2) branches or
# memory access depending on secret values. To distinguish between those:
# - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
# - or alternatively, change the build type to MemSanDbg, which enables
# origin tracking and nicer stack traces (which are useful for debugging
# anyway), and check if the origin was TEST_CF_SECRET() or something else.
msg "build: cmake MSan (clang), full config with constant flow testing"
scripts/config.pl full scripts/config.pl full
scripts/config.pl set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN scripts/config.pl set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
make make
msg "test: main suites (memsan constant flow)" msg "test: main suites (Msan + constant flow)"
make test make test
} }