-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exhaustive test improvements + exhaustive schnorrsig tests #808
Exhaustive test improvements + exhaustive schnorrsig tests #808
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 634b3e9
I don't really see the point of removing the order variable - was less strenous to read.
Did you notice the low order scalar_set_b32 issue in the exhaustive schnorrsig tests?
I couldn't find a historic reason for the old comment about the infinite loop but the test clearly show that it's wrong.
I'm also ok with replacing it with
Sort of, I wanted to add a test that uses an out-of-range |
Added a commit that changes the exhaustive test groups so they include a point with X coordinate 1 (suggested by @gmaxwell). |
ae40e87
to
27dd2f1
Compare
nice, utack |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice idea to create groups with an X=1 point!
27dd2f1
to
aa48ca9
Compare
I've updated https://github.com/sipa/secp256k1/commits/202009_schnorrsig_exhaustive to build on this, including tests with signatures that have R.x=(fieldsize+1). It now catches removing the check on the return value of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK aa48ca9 careful code inspection
My two comments are strictly speaking not this PR. If these are real issues, I guess you could address them here or in another PR, either is fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK aa48ca9
aa48ca9
to
c2835d9
Compare
I made another change, making the exhaustive tests correctly initialize the RNG, and adding a way to split the workload (invoke with I'm done expanding the scope of this PR now. If this is too much I'm happy to split stuff off. |
d789ab2
to
8c5dfdf
Compare
Valgrind fails on Travis:
Really invoke the seed with "" ? Doesn't every instance get a different random seed then?
I think that's ok. |
I don't think exhaustive_tests should be actually random. There is a need for 'random' values, but I don't see a lot of gain in having every run use different ones... and they make reproducing issues harder. Is there a reason to not just give it a constant seed? |
Yes, for the random part. You can also specify a fixed seed by passing a non-empty hex string.
Unsure. At least the gej tests are explicitly rescaled with a random z in every run, and unfortunately, those cannot be selected from an tractably-sized set for exhaustive tests. The main thing these tests hope to reveal shouldn't be dependent on the choice of the seed, though, so perhaps it's ok to just pick a fixed seed. If so, we can probably also do without the iteration count. |
Ok, yes. I somehow wrongly assumed that the randomness affects the mapping of work to CPUs, but it does not of course.
"Unsure" was my first thought, too. Yes, the main thing here does not depend of on the choice of the seed but I still believe that randomness helps more than it hurts here. For example, it could detect a bug that occurs as a combination of special coordinate value 1 and some z value that we hit with probability 1/10000. This could be missed by the normal tests, even though they're randomized. |
I suppose it doesn't hurt. If a user reports a bug that only happens with some particular seeds and they fail to provide their seed-- well that's a bug which wouldn't have otherwise been detected at all. Just please no "expected failures", the situation in CI (common in bitcoin core but has happened here too) where people are responding to failures by retrying the CI rather than treating the failure as an emergency is a dangerous practice. |
8c5dfdf
to
ee8b816
Compare
Adding |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK dd29d2e code review and tests pass
dd29d2e
to
9737f95
Compare
Rebased on the now-merged #558, and added exhaustive tests for schnorrsig module too. |
a45c1fa Rename testrand functions to have test in name (Pieter Wuille) Pull request description: Suggested here: #808 (comment) ACKs for top commit: real-or-random: ACK a45c1fa diff looks good elichai: utACK a45c1fa Tree-SHA512: a15c29b88877e0f1a099acab90cbfa1e70420527e07348a69c8a5b539319a3131b771b86852e772a669a1eb3475d508d0f7e10f37eec363dc6640d4eaf967536
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@be31791 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7654
Summary: This is a parital backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@c498366 Depends on D7654 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7655
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@8bcd78c Depends on D7655 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7656
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@d7f39ae Depends on D7656 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7657
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@78f6cdf Depends on D7657 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7658
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@cec7b18 Depends on D7658 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7659
Summary: This enables testing overflow is correctly encoded in the recid, and likely triggers more edge cases. Also introduce a Sage script to generate the parameters. This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@b110c10 Depends on D7659 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7660
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@49e6630 Depends on D7660 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7662
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@e99b26f Depends on D7662 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7663
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@39f67dd Depends on D7663 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7664
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@63e1b2a Depends on D7664 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7665
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@87af00b Depends on D7665 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7666
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@08d7d89 Depends on D7666 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7667
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@8b7dcdd Depends on D7667 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7668
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@be31791 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7654
Summary: This is a parital backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@c498366 Depends on D7654 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7655
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@8bcd78c Depends on D7655 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7656
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@d7f39ae Depends on D7656 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7657
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@78f6cdf Depends on D7657 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7658
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@cec7b18 Depends on D7658 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7659
Summary: This enables testing overflow is correctly encoded in the recid, and likely triggers more edge cases. Also introduce a Sage script to generate the parameters. This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@b110c10 Depends on D7659 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7660
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@49e6630 Depends on D7660 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7662
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@e99b26f Depends on D7662 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7663
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@39f67dd Depends on D7663 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7664
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@63e1b2a Depends on D7664 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7665
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@87af00b Depends on D7665 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7666
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@08d7d89 Depends on D7666 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7667
Summary: This is a partial backport of secp256k1 [[bitcoin-core/secp256k1#808 | PR808]] : bitcoin-core/secp256k1@8b7dcdd Depends on D7667 Test Plan: ninja check-secp256k1 Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7668
A few miscellaneous improvements:
secp256k1_scalar_set_b32
detect overflow correctly for scalar_low (a comment in the recovery exhaustive test indicated why this was the case, but this looks incorrect).And a big one: