libc: suppress ASan warnings for overflow test cases

[lukkrusz]

JIRA: CI-657

Description

Fixes: phoenix-rtos/phoenix-rtos-project#1547

Motivation and Context

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Chore (refactoring, style fixes, git/CI config, submodule management, no code logic changes)

How Has This Been Tested?

• Already covered by automatic testing.
• New test added: (add PR link here).
• Tested by hand on: (list targets here).

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing linter checks and tests passed.
• My changes generate no new compilation warnings for any of the targets.

Special treatment

• This PR needs additional PRs to work (list the PRs, preferably in merge-order).
• I will merge this PR by myself when appropriate.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where AddressSanitizer (ASan) would report errors during tests specifically designed to check for memory allocation overflow conditions. By conditionally redirecting these overflow tests to use the underlying __libc_ prefixed allocation functions when ASan is active on Linux, the tests can now correctly verify error handling without triggering ASan warnings, ensuring the test suite remains robust and accurate under ASan.

Highlights

• ASan Warning Suppression: Modified stdlib_alloc.c to conditionally use __libc_malloc, __libc_calloc, and __libc_realloc in overflow test cases when AddressSanitizer (ASan) is enabled on Linux, preventing false-positive warnings from intentional overflow tests.
• Conditional Compilation: Introduced the __linux_with_ASan__ macro and conditional compilation to selectively declare and use __libc_ prefixed allocation functions only when both __linux__ and __SANITIZE_ADDRESS__ are defined.
• Test Case Adaptation: Updated the malloc_overflow, calloc_overflow, and realloc_overflow test cases to utilize the newly defined TEST_CALLOC and TEST_REALLOC macros, or directly __libc_malloc, ensuring these tests correctly verify error handling without triggering ASan runtime errors.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces conditional compilation to suppress AddressSanitizer warnings for memory allocation overflow tests, which is a reasonable approach. My review includes a suggestion to refactor the preprocessor macros for better consistency and maintainability. I've also identified and suggested a fix for a logical bug in one of the overflow tests where an incorrect variable was being used, causing the test to not perform its intended check.

[gemini-code-assist]

The intent of this test block seems to be to check for overflow in realloc when using a pointer originally allocated by calloc (ptr1). However, realloc is called with ptr, which was allocated by malloc and already tested in the previous block. You should use ptr1 here to test the calloc path.

	TEST_ASSERT_NULL(TEST_REALLOC(ptr1, SIZE_MAX));

[lukkrusz]

Huh, that does seem like a bug in the original test case

[github-actions]

Unit Test Results

9 553 tests  ±0   8 961 ✅ ±0   53m 3s ⏱️ +36s
  591 suites ±0     592 💤 ±0 
    1 files   ±0       0 ❌ ±0 

Results for commit f4ff319. ± Comparison against base commit 6ed92c4.

♻️ This comment has been updated with latest results.

[damianloew]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces macros to bypass ASan instrumentation for memory allocation functions in overflow tests, which is a valid approach to handle the intentional overflow checks. The changes correctly apply these macros in the test cases. Additionally, a bug in the realloc_overflow test where an incorrect pointer was used has been fixed. My only suggestion is to refactor the preprocessor logic for defining the new macros to improve its readability and maintainability.

[damianloew]

For sure we should leave a comment why we are doing that - it's not sth typical in this code.

[damianloew]

Also, mention that it's valid only for glibc

[lukkrusz]

Done

[damianloew]

Identifiers beginning with __ (double underscore) are reserved for the implementation (compiler and standard library) by the C standard. Defining such a macro in user code is undefined behaviour and risks silently conflicting with compiler/system headers in future toolchain versions.

Suggested change

	#define __linux_with_ASan__
	#define ALLOC_TEST_LINUX_ASAN

[nalajcie]

• as gemini pointed out - no need for extra define.
• is this needed to be included in #pragma diagnostic?
• as you-re embeddid multiple ifdefs (you're inside #ifndef __phoenix__ here - please add comments to #endif with the scope name you're leaving)

[lukkrusz]

I decided to pursue the approach without an extra define. All the rest is done/ fixed

[lukkrusz]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a mechanism to bypass AddressSanitizer interception for memory allocation functions in overflow tests. This is achieved by using macros that call internal glibc functions directly when ASan is active on Linux. The changes correctly apply these macros to the overflow tests for malloc, calloc, and realloc. The pull request also includes fixes for existing bugs within the realloc_overflow test case. I have one suggestion to make the conditional compilation directive more precise to avoid potential issues on non-glibc Linux distributions.

[lukkrusz]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces macros to bypass AddressSanitizer's interception of memory allocation functions, allowing overflow test cases to execute as intended. The changes are confined to the allocation tests and correctly use glibc-specific internal functions (__libc_malloc, etc.) under the appropriate preprocessor conditions. Additionally, a pre-existing bug in the realloc_overflow test case, where a wrong pointer was being used, has been corrected. The implementation is sound and achieves its goal.