diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c index e6352f8a4e..1be7f0c86d 100644 --- a/tests/api/test_aes.c +++ b/tests/api/test_aes.c @@ -8226,7 +8226,7 @@ int test_wc_AesKeyWrapVectors(void) } /* - * MC/DC wave 2 — decision-targeted negative paths for AES KeyWrap. + * MC/DC wave 2 - decision-targeted negative paths for AES KeyWrap. * Existing vector coverage above does not exercise the argument-check, * short-output-buffer, or misaligned-length decision branches in the * RFC 3394 wrap/unwrap implementation inside wolfcrypt/src/aes.c. @@ -8315,7 +8315,7 @@ int test_wc_AesKeyWrapDecisionCoverage(void) } /* - * MC/DC wave 2 — decision-targeted negative paths for AES-GCM SetExtIV + * MC/DC wave 2 - decision-targeted negative paths for AES-GCM SetExtIV * and the short-buffer / bad-length branches left uncovered by the existing * GCM tests. */ @@ -8361,7 +8361,7 @@ int test_wc_AesGcmDecisionCoverage(void) } /* - * MC/DC wave 2 — feature-oriented positive paths to lift aes.c MC/DC by + * MC/DC wave 2 - feature-oriented positive paths to lift aes.c MC/DC by * exercising real GCM stream / CCM / GMAC / key-wrap-ex code paths that the * existing tests skip. */ diff --git a/tests/api/test_asn.c b/tests/api/test_asn.c index e127e51a84..ab0644f11c 100644 --- a/tests/api/test_asn.c +++ b/tests/api/test_asn.c @@ -2219,7 +2219,7 @@ int test_ToTraditional_ex_mldsa_bad_params(void) } /* - * MC/DC wave 2 — decision-targeted negative paths for PKCS#8 wrap/parse + * MC/DC wave 2 - decision-targeted negative paths for PKCS#8 wrap/parse * and RSA key decode. Targets argument-check, short-buffer, and * truncated-DER decision branches in wolfcrypt/src/asn.c without touching * the library source. @@ -2287,7 +2287,7 @@ int test_wc_AsnDecisionCoverage(void) WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_GetPkcs8TraditionalOffset(buf, NULL, sizeof(buf)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* idx >= sz decision branch — any negative return exercises the + /* idx >= sz decision branch - any negative return exercises the * short-input guard (BUFFER_E in current code, but we do not pin * the exact code here). */ idx = sizeof(buf); @@ -2334,9 +2334,9 @@ int test_wc_AsnDecisionCoverage(void) } /* - * MC/DC wave 2 — feature-oriented positive paths to lift asn.c MC/DC by + * MC/DC wave 2 - feature-oriented positive paths to lift asn.c MC/DC by * exercising real cert parsing, PKCS#8 round trips, ECC key decoding, and - * PEM↔DER conversions on the static cert buffers (no new fixtures). + * PEM<->DER conversions on the static cert buffers (no new fixtures). */ int test_wc_AsnFeatureCoverage(void) { @@ -2425,7 +2425,7 @@ int test_wc_AsnFeatureCoverage(void) wc_FreeDecodedCert(&cert2); } - /* ---- PEM↔DER conversion round trip on the client cert ---- */ + /* ---- PEM<->DER conversion round trip on the client cert ---- */ #ifdef WOLFSSL_DER_TO_PEM { byte pem[4096]; diff --git a/tests/api/test_rsa.c b/tests/api/test_rsa.c index bde665f0dc..f88eee8746 100644 --- a/tests/api/test_rsa.c +++ b/tests/api/test_rsa.c @@ -1407,7 +1407,7 @@ int test_wc_RsaKeyToDer_SizeOverflow(void) } /* END test_wc_RsaKeyToDer_SizeOverflow */ /* - * MC/DC wave 2 — decision-targeted negative paths for the high-level RSA + * MC/DC wave 2 - decision-targeted negative paths for the high-level RSA * encrypt/decrypt/sign surfaces. The existing tests above deliberately leave * bad-arg coverage "tested in another testing function" for * wc_RsaPublicEncrypt{,_ex}, wc_RsaPrivateDecrypt{,Inline}{,_ex}, and @@ -1559,7 +1559,7 @@ int test_wc_RsaDecisionCoverage(void) } /* END test_wc_RsaDecisionCoverage */ /* - * MC/DC wave 2 — feature-oriented positive paths to lift rsa.c MC/DC by + * MC/DC wave 2 - feature-oriented positive paths to lift rsa.c MC/DC by * exercising OAEP, PSS, and PKCS#1 v1.5 sign/verify across multiple hash * algorithms and label/salt configurations using the static client key DER * (no runtime key generation). diff --git a/tests/unit-mcdc/README.md b/tests/unit-mcdc/README.md index 4dadc25055..e0f2641550 100644 --- a/tests/unit-mcdc/README.md +++ b/tests/unit-mcdc/README.md @@ -1,4 +1,4 @@ -# tests/unit-mcdc — white-box MC/DC supplements +# tests/unit-mcdc - white-box MC/DC supplements This directory holds small, standalone white-box programs that raise **MC/DC** (Modified Condition/Decision Coverage) on wolfcrypt/wolfssl source files by @@ -27,7 +27,7 @@ MC/DC independence pair** in the same binary. llvm-cov computes MC/DC independence **per binary**. The campaign's `aggregate.sh` unions the "independence shown" bit **across binaries by source `line:col`**. So each pair must be completed *within the white-box binary -itself* — it does not lean on the API tests to supply the other half. The +itself* - it does not lean on the API tests to supply the other half. The white-box result is unioned in as an extra `"_wb"` ledger row, one per build variant, exactly like any other variant. @@ -35,8 +35,8 @@ build variant, exactly like any other variant. The campaign's `run-mcdc.sh` builds each file via `#include` with the **exact** compile flags the instrumented library used for that translation unit (captured -from the real `libtool` command — struct layout and backend selection depend on -`-DHAVE___UINT128_T`, `user_settings.h`, `-DWOLFSSL_TEST_STATIC_BUILD`, …), then +from the real `libtool` command - struct layout and backend selection depend on +`-DHAVE___UINT128_T`, `user_settings.h`, `-DWOLFSSL_TEST_STATIC_BUILD`, ...), then links against that variant's `libwolfssl.a` **with the file's own object removed** (the white-box TU supplies the single, instrumented definition). The binary is run, exported with `llvm-cov export`, and its `aes.c` MC/DC is unioned @@ -49,17 +49,17 @@ affects the API variant's own coverage row. |---|---|---| | `test_aes_whitebox.c` | `wolfcrypt/src/aes.c` | `GHASH` / `GHASH_UPDATE` internal `ptr != NULL` guards (Class 1, 13 conds) and `_AesNew_common` cross-argument `BAD_FUNC_ARG` checks (Class 2, 6 conds) | -### `test_aes_whitebox.c` — what it deliberately does **not** cover +### `test_aes_whitebox.c` - what it deliberately does **not** cover Four aes.c union residuals remain structurally uncoverable even here and stay justified in `iso26262/mcdc-per-module/reports/aes/RESIDUALS.md`: -- **13386:5**, **13836:5** — the two operands are exact logical **complements** +- **13386:5**, **13836:5** - the two operands are exact logical **complements** of one parameter (`ivSz==0`/`ivSz>0`, `ivFixed==NULL`/`!=NULL`); unique-cause MC/DC is unsatisfiable by construction. -- **14268:0** — `roll_auth`'s `ret==0` needs an internal AES op to fail +- **14268:0** - `roll_auth`'s `ret==0` needs an internal AES op to fail mid-operation, not selectable without corrupting library state. -- **15833:0** — a dead defensive branch on a loop index provably bounded to +- **15833:0** - a dead defensive branch on a loop index provably bounded to `[0,7)`. ## Adding a new white-box module