From patchwork Fri Dec 20 02:04:09 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: DJ Delorie <dj@redhat.com>
X-Patchwork-Id: 103486
Return-Path: <libc-alpha-bounces~patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 773D73858D26
	for <patchwork@sourceware.org>; Fri, 20 Dec 2024 02:05:54 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 773D73858D26
Authentication-Results: sourceware.org;
	dkim=pass (1024-bit key,
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=O/MgD85j
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTP id A56053858D20
 for <libc-alpha@sourceware.org>; Fri, 20 Dec 2024 02:04:14 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A56053858D20
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A56053858D20
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1734660254; cv=none;
 b=piZt4X2qg617rb9LJ2czTNgJoTQu8iblb0mf3qQsQ7yrTZz4l4ou92lTHxR1WSXEWr+KQhQrufmR8fQjA6TunlIPQfpV/GX7xf+CbP0MNYuv7kYOYxN59NFwBcJeoy/YzCpR53Jw27IcqZEU0Y2+tdSY1B/+D4NGrXJrY/r/ZUI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1734660254; c=relaxed/simple;
 bh=nJaU+gpapFT/JN7bMhA2evutfktiTJKIOqadPviqvH0=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=urKbMcmgnd/dQqGyZ7dHaM/m0GY5IxbTQotGEREDGdkyMIB6I6VgeBFDO5X3db9WR6IhIH6kXCYI9Du38omgrdxTb3twzWGPgTFWTVgGnS7mcE15kkRggm+jR7+IRBuRkyc8V/z8Zz/exYbQgaTSxNsp1VBTQDTK0O7/4WfdiLE=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A56053858D20
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1734660254;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to; bh=2att7O4M7wG9gpvJGq0D7/XttF61aDjshKrZvZRw65c=;
 b=O/MgD85jU42vP+hrnJQOIqn8bDlfj7p5PCBdQJKWUqYnIG28OoHFI0t/fPdmpaJpUFI/6w
 Bd6QH6XRXDtOkTyvPOHlEnE+0n0kkfg2qj/NhrAhuMdkdRyyD9KROr2HGmHJg+dKmy8Gm7
 gUVjuYlZjl5YxaZQqj/gdppmuD03hjI=
Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-61-lUyoJYFkMvuHDb4r-NGqOg-1; Thu,
 19 Dec 2024 21:04:13 -0500
X-MC-Unique: lUyoJYFkMvuHDb4r-NGqOg-1
X-Mimecast-MFC-AGG-ID: lUyoJYFkMvuHDb4r-NGqOg
Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 2CA8E195609E; Fri, 20 Dec 2024 02:04:12 +0000 (UTC)
Received: from greed.delorie.com (unknown [10.22.89.82])
 by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS
 id D07021955F54; Fri, 20 Dec 2024 02:04:11 +0000 (UTC)
Received: from greed.delorie.com.redhat.com (localhost [127.0.0.1])
 by greed.delorie.com (8.16.1/8.16.1) with ESMTP id 4BK249sF2491169;
 Thu, 19 Dec 2024 21:04:09 -0500
From: DJ Delorie <dj@redhat.com>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: libc-alpha@sourceware.org, fweimer@redhat.com
Subject: [patch v4 1/1] assert: ensure posix compliance, add tests for
 such
In-Reply-To: <81909884-5ae1-48a9-8932-82d3233746e3@cs.ucla.edu> (message
 from Paul Eggert on Thu, 19 Dec 2024 10:41:54 -0800)
Date: Thu, 19 Dec 2024 21:04:09 -0500
Message-ID: <xn7c7vxg86.fsf@greed.delorie.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: nMQ8U0RlJWbWxrwtztPTeBTMbgIWaOZviedG_JTmXE0_1734660252
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-11.2 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 KAM_SHORT,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org

v4: added (void) to writev
Reviewed-by: Paul Eggert <eggert@cs.ucla.edu>
---
Fix assert.c so that even the fallback
case conforms to POSIX, although not exactly the same as
the default case so a test can tell the difference.

Add a test that verifies that abort is called, and that the
message printed to stderr has all the info that POSIX requires.
Verify this even when malloc isn't usable.

diff --git a/assert/Makefile b/assert/Makefile
index 35dc908ddb..6f2717c80a 100644
--- a/assert/Makefile
+++ b/assert/Makefile
@@ -38,6 +38,7 @@ tests := \
   test-assert-perr \
   tst-assert-c++ \
   tst-assert-g++ \
+  test-assert-2 \
   # tests
 
 ifeq ($(have-cxx-thread_local),yes)
diff --git a/assert/assert.c b/assert/assert.c
index c29629f5f6..a271125f08 100644
--- a/assert/assert.c
+++ b/assert/assert.c
@@ -25,6 +25,8 @@
 #include <unistd.h>
 #include <sys/mman.h>
 #include <setvmaname.h>
+#include <sys/uio.h>
+#include <intprops.h>
 
 
 extern const char *__progname;
@@ -87,8 +89,35 @@ __assert_fail_base (const char *fmt, const char *assertion, const char *file,
   else
     {
       /* At least print a minimal message.  */
-      static const char errstr[] = "Unexpected error.\n";
-      __libc_write (STDERR_FILENO, errstr, sizeof (errstr) - 1);
+      char linebuf[INT_STRLEN_BOUND (int) + sizeof ":: "];
+      struct iovec v[9];
+      int i = 0;
+
+#define WS(s) (v[i].iov_len = strlen (v[i].iov_base = (void *) (s)), i++)
+
+      if (__progname)
+	{
+	  WS (__progname);
+	  WS (": ");
+	}
+
+      WS (file);
+      v[i++] = (struct iovec) {.iov_base = linebuf,
+	.iov_len = sprintf (linebuf, ":%d: ", line)};
+
+      if (function)
+	{
+	  WS (function);
+	  WS (": ");
+	}
+
+      WS ("Assertion `");
+      WS (assertion);
+      /* We omit the '.' here so that the assert tests can tell when
+         this code path is taken.  */
+      WS ("' failed\n");
+
+      (void) writev (STDERR_FILENO, v, i);
     }
 
   abort ();
diff --git a/assert/test-assert-2.c b/assert/test-assert-2.c
new file mode 100644
index 0000000000..99f8f683e8
--- /dev/null
+++ b/assert/test-assert-2.c
@@ -0,0 +1,166 @@
+/* Test assert's compliance with POSIX requirements.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+/* This test verifies that a failed assertion acts in accordance with
+   the POSIX requirements, despite any internal failures.  We do so by
+   calling test routines via fork() and monitoring their exit codes
+   and stderr, while possibly forcing internal functions (malloc) to
+   fail.  */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <dlfcn.h>
+#include <string.h>
+#include <signal.h>
+
+#undef NDEBUG
+#include <assert.h>
+
+#include <support/check.h>
+#include <support/support.h>
+#include <support/capture_subprocess.h>
+#include <support/xstdio.h>
+
+/* We need to be able to make malloc() "fail" so that __asprintf
+   fails.  */
+
+void * (*next_malloc)(size_t sz) = 0;
+static volatile bool fail_malloc = 0;
+
+void *
+malloc (size_t sz)
+{
+  if (fail_malloc)
+    return NULL;
+  if (next_malloc == 0)
+    next_malloc = dlsym (RTLD_NEXT, "malloc");
+  if (next_malloc == 0)
+    return NULL;
+  return next_malloc (sz);
+}
+
+/* We can tell if abort() is called by looking for the custom return
+   value.  */
+
+void
+abort_handler(int s)
+{
+  _exit(5);
+}
+
+static int do_lineno;
+static const char *do_funcname;
+
+/* Hack to get the line of the assert.  */
+#define GET_INFO_1(l)	      \
+  if (closure != NULL)	      \
+    {			      \
+      do_lineno = l;	      \
+      do_funcname = __func__; \
+      return; \
+    }
+#define GET_INFO() GET_INFO_1(__LINE__+1)
+
+/* These are the two test cases.  */
+
+static void
+test_assert_normal (void *closure)
+{
+  if (closure == NULL)
+    signal (SIGABRT, abort_handler);
+
+  GET_INFO ();
+  assert (1 == 2);
+}
+
+
+static void
+test_assert_nomalloc (void *closure)
+{
+  if (closure == NULL)
+    {
+      signal (SIGABRT, abort_handler);
+      fail_malloc = 1;
+    }
+
+  GET_INFO ();
+  assert (1 == 2);
+}
+
+static void
+check_posix (const char *buf, int rv, int line,
+	     const char *funcname, const char *testarg)
+{
+  /* POSIX requires that a failed assertion write a diagnostic to
+     stderr and call abort.  The diagnostic must include the filename,
+     line number, and function where the assertion failed, along with
+     the text of the assert() argument.
+  */
+  char linestr[100];
+
+  sprintf (linestr, "%d", line);
+
+  /* If abort is called, our handler will return 5.  */
+  TEST_VERIFY (rv == 5);
+
+  TEST_VERIFY (strstr (buf, __FILE__) != NULL);
+  TEST_VERIFY (strstr (buf, linestr) != NULL);
+  TEST_VERIFY (strstr (buf, funcname) != NULL);
+  TEST_VERIFY (strstr (buf, testarg) != NULL);
+  
+}
+
+static void
+one_test (void (*func)(void *), int which_path)
+{
+  struct support_capture_subprocess sp;
+  int rv;
+
+  func (&do_lineno);
+  printf("running test for %s, line %d\n", do_funcname, do_lineno);
+
+  sp = support_capture_subprocess (func, NULL);
+  rv = WEXITSTATUS (sp.status);
+
+  check_posix (sp.err.buffer, rv, do_lineno, do_funcname, "1 == 2");
+
+  /* Look for intentional subtle differences in messages to verify
+     that the intended code path was taken.  */
+  switch (which_path)
+    {
+    case 0:
+      TEST_VERIFY (strstr (sp.err.buffer, "failed.\n") != NULL);
+      break;
+    case 1:
+      TEST_VERIFY (strstr (sp.err.buffer, "failed\n") != NULL);
+      break;
+    }
+
+  support_capture_subprocess_free (&sp);
+}
+
+static int
+do_test(void)
+{
+  one_test (test_assert_normal, 0);
+  one_test (test_assert_nomalloc, 1);
+
+  return 0;
+}
+
+#include <support/test-driver.c>