Cleanup Testing code

This stops using weird include hacks to reuse code. Instead, we move the
code to a nomral `tests.rs` file and use helper functions to avoid code
duplication. This also simplifies our testing of the custom RNGs.
Before, we had to disable the "normal" tests to test the custom RNG.
Now, the custom RNG is "good enough" to simply pass the tests.

I also added direct testing for the `uninit` methods and verified that
```
RUSTFLAGS="-Zsanitizer=memory" cargo +nightly test -Zbuild-std --target=x86_64-unknown-linux-gnu
```
fails (but passes when #463 is added), so we are actually testing the
right stuff here. So this can replace #462

Signed-off-by: Joe Richey <[email protected]>

Author: josephlr

src/lib.rs

@@ -407,3 +407,9 @@ pub fn getrandom_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<&mut [u8], Error
     // since it returned `Ok`.
     Ok(unsafe { slice_assume_init_mut(dest) })
 }
+
+#[cfg(test)]
+pub(crate) mod tests;
+// TODO: Test via the public API once rdrand is exposed via the public API.
+#[cfg(all(test, any(target_arch = "x86_64", target_arch = "x86")))]
+mod rdrand;

src/rdrand.rs

@@ -121,3 +121,23 @@ unsafe fn rdrand_exact(dest: &mut [MaybeUninit<u8>]) -> Option<()> {
     }
     Some(())
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::{tests::*, *};
+
+    fn rdrand_fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<&mut [u8], Error> {
+        super::getrandom_inner(dest)?;
+        Ok(unsafe { slice_assume_init_mut(dest) })
+    }
+
+    #[test]
+    fn fill_zero() {
+        super::getrandom_inner(&mut []).unwrap();
+    }
+
+    #[test]
+    fn fill_small() {
+        check_small(MaybeUninit::uninit(), rdrand_fill_uninit);
+    }
+}

src/tests.rs

@@ -0,0 +1,176 @@
+//! Common tests and testing utilities
+use super::*;
+
+extern crate std;
+use std::{
+    num::NonZeroU32,
+    sync::atomic::{AtomicU32, Ordering},
+    vec,
+};
+
+#[cfg(all(
+    any(target_arch = "wasm32", target_arch = "wasm64"),
+    target_os = "unknown",
+))]
+pub(crate) use wasm_bindgen_test::wasm_bindgen_test as test;
+
+#[cfg(feature = "test-in-browser")]
+wasm_bindgen_test::wasm_bindgen_test_configure!(run_in_browser);
+
+fn num_diff_bits(s1: &[u8], s2: &[u8]) -> usize {
+    assert_eq!(s1.len(), s2.len());
+    s1.iter()
+        .zip(s2.iter())
+        .map(|(a, b)| (a ^ b).count_ones() as usize)
+        .sum()
+}
+
+// For calls of size `len`, count the number of bits which differ between calls
+// and check that between 3 and 5 bits per byte differ. Probability of failure:
+// ~ 10^(-30) = 2 * CDF[BinomialDistribution[8*256, 0.5], 3*256]
+fn check_bits<T: Copy>(len: usize, v: T, f: fn(&mut [T]) -> Result<&mut [u8], Error>) {
+    let mut num_bytes = 0;
+    let mut diff_bits = 0;
+    while num_bytes < 256 {
+        let mut v1 = vec![v; len];
+        let s1 = f(&mut v1).unwrap();
+        let mut v2 = vec![v; len];
+        let s2 = f(&mut v2).unwrap();
+
+        num_bytes += len;
+        diff_bits += num_diff_bits(s1, s2);
+    }
+
+    assert!(diff_bits > 3 * num_bytes);
+    assert!(diff_bits < 5 * num_bytes);
+}
+
+pub(crate) fn check_small<T: Copy>(v: T, f: fn(&mut [T]) -> Result<&mut [u8], Error>) {
+    for len in 1..=64 {
+        check_bits(len, v, f)
+    }
+}
+
+fn wrapped_fill(dest: &mut [u8]) -> Result<&mut [u8], Error> {
+    getrandom(dest).map(|()| dest)
+}
+
+#[test]
+fn fill_zero() {
+    getrandom(&mut []).unwrap();
+}
+#[test]
+fn fill_zero_uninit() {
+    getrandom_uninit(&mut []).unwrap();
+}
+#[test]
+fn fill_small() {
+    check_small(0, wrapped_fill);
+}
+#[test]
+fn fill_small_uninit() {
+    check_small(MaybeUninit::uninit(), getrandom_uninit);
+}
+#[test]
+fn fill_large() {
+    check_bits(1_000, 0, wrapped_fill);
+}
+#[test]
+fn fill_large_uninit() {
+    check_bits(1_000, MaybeUninit::uninit(), getrandom_uninit);
+}
+#[test]
+fn fill_huge() {
+    check_bits(1_000_000, 0, wrapped_fill);
+}
+#[test]
+fn fill_huge_uninit() {
+    check_bits(1_000_000, MaybeUninit::uninit(), getrandom_uninit);
+}
+
+// On WASM, the thread API always fails/panics
+#[cfg(not(any(target_arch = "wasm32", target_arch = "wasm64")))]
+#[test]
+fn multithreading() {
+    use std::{sync::mpsc, thread};
+
+    let mut txs = vec![];
+    for _ in 0..20 {
+        let (tx, rx) = mpsc::channel();
+        txs.push(tx);
+
+        thread::spawn(move || {
+            // wait until all the tasks are ready to go.
+            rx.recv().unwrap();
+            let mut v = [0u8; 1000];
+
+            for _ in 0..100 {
+                getrandom(&mut v).unwrap();
+                thread::yield_now();
+            }
+        });
+    }
+
+    // start all the tasks
+    for tx in txs.iter() {
+        tx.send(()).unwrap();
+    }
+}
+
+// A simple Linear Congruential Generator (LCG) that passes our RNG tests.
+const A: u32 = 134775813;
+const C: u32 = 1;
+static X: AtomicU32 = AtomicU32::new(0);
+
+fn gen_lcg() -> u32 {
+    X.fetch_update(Ordering::Relaxed, Ordering::Relaxed, |x| {
+        Some(x.wrapping_mul(A).wrapping_add(C))
+    })
+    .unwrap()
+}
+
+// Custom error returned when we get an input of length 1337
+const CUSTOM_CODE: u32 = Error::CUSTOM_START + 1337;
+
+#[allow(dead_code)]
+fn insecure_rng(buf: &mut [u8]) -> Result<(), Error> {
+    // We guarantee no implementation is called with an empty buffer.
+    assert!(!buf.is_empty());
+    if buf.len() == 1337 {
+        return Err(NonZeroU32::new(CUSTOM_CODE).unwrap().into());
+    }
+
+    let mut chunks = buf.chunks_exact_mut(4);
+    for chunk in chunks.by_ref() {
+        chunk.copy_from_slice(&gen_lcg().to_le_bytes());
+    }
+    let tail = chunks.into_remainder();
+    tail.copy_from_slice(&gen_lcg().to_le_bytes()[..tail.len()]);
+    Ok(())
+}
+
+// Test registering a custom implementation, even on supported platforms.
+#[cfg(feature = "custom")]
+register_custom_getrandom!(insecure_rng);
+
+// On a supported platform, make sure the custom implementation isn't used.
+#[cfg(all(feature = "custom", target_os = "linux"))]
+#[test]
+fn custom_not_used() {
+    getrandom(&mut [0; 1337]).unwrap();
+}
+
+// On an unsupported platform, make sure the custom implementation is used.
+#[cfg(all(feature = "custom", target_arch = "wasm32", target_os = "unknown"))]
+#[test]
+fn custom_used() {
+    let err = getrandom(&mut [0; 1337]).unwrap_err();
+    assert_eq!(err.code().get(), CUSTOM_CODE);
+
+    // After resetting the LCG seed, the next numbers generated will be:
+    // 0, C, (A+1)*C
+    let mut buf = [0u8; 12];
+    X.store(0, Ordering::Relaxed);
+    getrandom(&mut buf).unwrap();
+    assert_eq!(buf, [0, 0, 0, 0, 1, 0, 0, 0, 6, 132, 8, 8]);
+}