• Home
  • Raw
  • Download

Lines Matching full:we

5 In Mbed TLS, we use black-box testing as much as possible: test the documented behavior of the prod…
16 * [“Solutions”](#solutions) explains how we currently solve, or intend to solve, specific problems.
67 … to be a system function (like `mbedtls_calloc` or `mbedtls_fopen`), which we replace to mock or w…
83 We need to balance the following goals, which are sometimes contradictory.
85 * Coverage: we need to test behaviors which are not easy to trigger by using the API or which canno…
86 * Correctness: we want to test the actual product, not a modified version, since conclusions drawn …
89 …k when the product's internal or implementation-specific behavior changes. We should also not give…
91 Where those goals conflict, we should at least mitigate the goals that cannot be fulfilled, and doc…
111 We also need to test resilience: if the system is reset during an operation, does it restart in a c…
115 When code should clean up resources, how do we know that they have truly been cleaned up?
143 We can include all the features we want to test in the public interface. Then the tests can be trul…
145 As a rule, we do not add public interfaces solely for testing purposes. We only add public interfac…
160 We can include all the features we want to test in undocumented interfaces. Undocumented interfaces…
162 …cross-module abstraction leakage rather than for testing. For the PSA API, we favor [internal inte…
174 We can write tests that call internal functions that are not exposed in the public interfaces. This…
178 …ectly. We may accidentally rely on internal details in the tests that are not necessarily always t…
180we currently do). Another limitation is that this approach does not work for users who patch the l…
188 | Portability | + Fine as long as we control how the tests are linked |
194 If we guarantee certain properties through static analysis, we don't need to test them. This puts s…
196 * We need to have confidence in the specification (but we can gain this confidence by evaluating th…
197 * This does not work for platform-dependent properties unless we have a formal model of the platfor…
201 | Coverage | ~ Good for platform-independent properties, if we can guarantee them statically |
202 | Correctness | + Good as long as we have confidence in the specification |
209we want to have in the product for testing, but not in production, we can add a compile-time optio…
214 | Correctness | ! Difficult to ensure that what we test is what we run |
224 …Either we're testing or we're not. Fine-grained options for testing would require more test builds…
228We should not have test-specific conditional compilation littered through the code, as that makes …
235 * We can inject external libraries at link time. This can be a way to make system functions fail.
248 If we want to do something in a test that the product isn't capable of doing, we can use a debugger…
252 …ebugger may introduce behavior changes (e.g. timing). If we modify data structures in memory, we m…
253 * Due to compiler optimizations, the memory may not have the layout that we expect.
254 * Writing reliable debugger scripts is hard. We need to have confidence that we're testing what we
260 | Correctness | ++ The code is unmodified, and tested as compiled (so we even detect compiler-induc…
264 | Portability | !! Not all environments have a debugger, and even if they do, we'd need completely …
286 …runtime-instrumentation)): run tests with ASan. (We also use Valgrind, but it's slower than ASan, …
288 Since we run many test jobs with a memory leak detector, each test function or test program must cl…
292 Solution: TODO. We don't test this at all at this point.
350 …r key types and other metadata. For numerical values, there is a risk that we would accidentally m…
360 When we implement the PSA entropy driver interface, this should be reworked to use the entropy driv…
364 The PSA crypto subsystem has a few checks to detect corrupted data in memory. We currently don't ha…
366 …ion structure, we can do it by looking inside the structure content, but only when running without…