Comments (4)
API tests should explicitly perform tests with variously unaligned input/output buffers.
(not likely to currently be a source of bugs except through compiler screwup, but if anyone starts going around adding SIMD code it would rapidly become a potential source of extremely hard to spot bugs).
from secp256k1.
From all the existing work, what comes probably closest is #744 .
This should be less "test" and more "mechanical verification that the interface we present to callers isn't unintentionally changed".
@gmaxwell Does fuzzing match this idea, or did you have something else in mind?
from secp256k1.
I would describe that test as the opposite of an api test: All it tests is the payloads, the usage of the API is hardcoded into the harness.
An API test does stuff like calls with a null context or a number of pubkeys = 0, it acts like callers that fail to check errors or which call functions out of order... the goal is to validate the contract implied by the header documentation and maybe a little beyond it.
from secp256k1.
It seems to me one of the first steps here is to separate the library code from the test code better. (Compile the library, then compile tests that link to that library from code in a separate directory)
Broadly I see:
- Conformance tests - Like OpenSSL to ensure that the cyrpto is correct, these are very good today
- Performance tests - ensure that the operations are performant (handed by bench*.c and friends), these exist
- Client tests - Build and sanity check that a consumer can accomplish it's task, needs work
- (NEW) API tests - Do all the things that a client shouldn't do and make sure its gracefully handled. Because of the nature of this it seems like the wise idea might be to use a language like python/ruby and FFI the API surface because it's easier to create a large matrix of tests this way. It also tests that FFI works correctly (as much as I hate FFI 😆)
from secp256k1.
Related Issues (20)
- Rework or get rid of scratch space HOT 4
- build: benchmarks and examples should be disabled when external callbacks are enabled HOT 4
- build error: implicit declaration of function 'time' is invalid in C99 HOT 2
- Wrong documentation for secp256k1_ec_seckey_tweak_add
- secp256k1_u128_rshift should use __shiftright128 intrinsic on MSVC
- ci: MSVC fails after rebuild of Docker image
- "sizeof(secp256k1_ge_storage) != 64" path not tested HOT 1
- scalar: Verify invariants on every entry HOT 2
- `-Wmaybe-uninitialized` when compiling with `-O1` HOT 3
- Schnorr is not compatible with BIP340 HOT 5
- group: ge(j) should have as invariant that the curve equation holds HOT 3
- Remove `SECP256K1_WARN_UNUSED_RESULT` from `secp256k1_keypair_*` functions HOT 3
- Policy for VERIFY_CHECK and #ifdef VERIFY HOT 5
- ci: Add a "compile the headers" job
- ci: Add a constant-time test job that uses MSan HOT 2
- ci: Future of CI after Cirrus pricing change HOT 37
- mingw-w64: "visibility attribute not supported in this configuration; ignored" under `-flto` HOT 5
- Silent Payments (BIP352) module -- discussion about scope and interface HOT 2
- Compile with: --with-ecmult-window=24 --with-ecmult-gen-precision=8
- ARM assembly: "missing .note.GNU-stack section implies executable stack" with recent ld
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secp256k1.