matthiasgoergens commented on PR #95: URL: https://github.com/apache/incubator-milagro-crypto-c/pull/95#issuecomment-1449600972
Yes, using the sanitizers in the tests can only verify the presence of problems, not their absence. The same applies for testing in general. Yes, avoiding negative shifts is a good idea. However, if I remember right, the test suite itself causes milagro to do negative shifts. (I did this work a while ago for the qredo-internal fork of milagro.) > I do appreciate that using the sanitizer to find bugs is a good idea. But as far as I know you have not actually discovered a real bug. Undefined behaviour in a critical library, eg for cryptography, should be considered a problem. 'Works on my machine.' is too low standard. As you suggest, testing can only show that issues exists, not their absence. So to strengthen our safety need, we also need to reason about our code. And we can only reason about C code, when we are sticking to what the C specification defines. (At most we can also rely on compiler documentation, if we are careful about the compilers to support.) Undefined behaviour explicitly demolishes that ability to reason about your code. Literally. From the C spec: > undefined behavior > behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which this International Standard imposes no requirements > NOTE Possible undefined behavior ranges from ignoring the situation completely with unpredictable results, to behaving during translation or program execution in a documented manner characteristic of the environment (with or without the issuance of a diagnostic message), to terminating a translation or execution (with the issuance of a diagnostic message). > EXAMPLE An example of undefined behavior is the behavior on integer overflow. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
