commit 42defd10a6ff408a7c4502e3cf53df6c35a4dd94
author Andres Amaya Garcia <Andres.AmayaGarcia@arm.com> Thu Mar 08 21:21:40 2018 +0000
committer Andres Amaya Garcia <Andres.AmayaGarcia@arm.com> Tue Apr 17 09:21:49 2018 -0500
tree 4e54bbe84b02c63eeca8689b14051ce749ba3bd3
parent 1e8ea5fa68223351553192a608ac06a6ac8dfbc3

Improve docs for zeroize.c and test_zeroize.gdb

tests/scripts/test_zeroize.gdb

diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
index df15c8a..c6184ee 100644
--- a/tests/scripts/test_zeroize.gdb
+++ b/tests/scripts/test_zeroize.gdb
@@ -13,11 +13,36 @@
 # debugger manually checks the contents to be zeroized and checks that it is
 # actually cleared.
 #
+# The mbedtls_zeroize() test is debugger driven because there does not seem to
+# be a mechanism to reliably check whether the zeroize calls are being
+# eliminated by compiler optimizations from within the compiled program. The
+# problem is that a compiler would typically remove what it considers to be
+# "unecessary" assignments as part of redundant code elimination. To identify
+# such code, the compilar will create some form dependency graph between
+# reads and writes to variables (among other situations). It will then use this
+# data structure to remove redundant code that does not have an impact on the
+# program's observable behavior. In the case of mbedtls_zeroize(), an
+# intelligent compiler could determine that this function clears a block of
+# memory that is not accessed later in the program, so removing the call to
+# mbedtls_zeroize() does not have an observable behavior. However, inserting a
+# test after a call to mbedtls_zeroize() to check whether the block of
+# memory was correctly zeroed would force the compiler to not eliminate the
+# mbedtls_zeroize() call. If this does not occur, then the compiler potentially
+# has a bug.
+#
 # Note: This test requires that the test program is compiled with -g3.
+#
+# WARNING: There does not seem to be a mechanism in GDB scripts to set a
+# breakpoint at the end of a function (probably because there are a lot of
+# complications as function can have multiple exit points, etc). Therefore, it
+# was necessary to hard-code the line number of the breakpoint in the zeroize.c
+# test app. The assumption is that zeroize.c is a simple test app that does not
+# change often (as opposed to the actual library code), so the breakpoint line
+# number does not need to be updated often.
 
 set confirm off
 file ./programs/test/zeroize
-break zeroize.c:90
+break zeroize.c:99
 
 set args ./programs/test/zeroize.c
 run