test: make run-secret_eq_consttime more robust.

This is more reliable under load now: shorten the times so it is likely to run in a single timeslice, and add a nanosleep so it's likely to be at the start of the timeslice. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
5 years ago · f73ae3c198
1 changed files with 9 additions and 4 deletions
--- a/bitcoin/test/run-secret_eq_consttime.c
+++ b/bitcoin/test/run-secret_eq_consttime.c
@ -3,12 +3,13 @@
 #include <ccan/err/err.h>
 #include <ccan/time/time.h>
 #include <stdio.h>
+#include <unistd.h>

 /* AUTOGENERATED MOCKS START */
 /* AUTOGENERATED MOCKS END */
 static bool verbose = false;

-#define RUNS (256 * 10000)
+#define RUNS (16 * 10000)
 static struct timerel const_time_test(struct secret *s1,
 				      struct secret *s2,
 				      size_t off)
@ -73,10 +74,13 @@ static bool secret_time_test(struct timerel (*test)(struct secret *s1,
 {
 	struct secret *s1, *s2;
 	struct timerel firstbyte_time, lastbyte_time, diff;
+	/* Give up rest of our timeslice: useful if under load! */
+	struct timespec ts = { 0, 100000000 };

 	s1 = calloc(RUNS, sizeof(*s1));
 	s2 = calloc(RUNS, sizeof(*s2));

+	nanosleep(&ts, NULL);
 	firstbyte_time = test(s1, s2, 0);
 	lastbyte_time = test(s1, s2, sizeof(s1->data)-1);

@ -113,13 +117,14 @@ int main(void)
 	if (v && atoi(v) == 1)
 		exit(0);

-	/* I've never seen this fail more than 5 times */
+	/* I've never seen this fail more than 80% of the time, even
+	 * when loaded */
 	success = 0;
-	for (i = 0; i < 10; i++)
+	for (i = 0; i < 100; i++)
 		success += secret_time_test(const_time_test, true);

 	printf("=> Within 5%% %u/%u times\n", success, i);
-	if (success < i/2)
+	if (success < i/5)
 		errx(1, "Only const time %u/%u?", success, i);

 	/* This fails without -O2 or above, at least here (x86 Ubuntu gcc 7.3) */