From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10827 invoked by alias); 24 May 2006 12:53:43 -0000 Received: (qmail 10817 invoked by uid 22791); 24 May 2006 12:53:42 -0000 X-Spam-Check-By: sourceware.org Received: from cs.uku.fi (HELO cs.uku.fi) (193.167.232.254) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 24 May 2006 12:53:38 +0000 Received: from cs.uku.fi (localhost [127.0.0.1]) by cs.uku.fi (8.12.9/8.12.11) with ESMTP id k4OCmSTu009261; Wed, 24 May 2006 15:48:28 +0300 (EEST) Received: from localhost (vertanen@localhost) by cs.uku.fi (8.12.9/8.12.1/Submit) with ESMTP id k4OCmSCW009258; Wed, 24 May 2006 15:48:28 +0300 (EEST) Date: Wed, 24 May 2006 12:53:00 -0000 From: Olli Vertanen To: mauve-discuss@sources.redhat.com cc: classpath@gnu.org Subject: Re: SecurityException throwpoint audit In-Reply-To: <20060518114004.GA16538@redhat.com> Message-ID: References: <20060518114004.GA16538@redhat.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-IsSubscribed: yes Mailing-List: contact mauve-discuss-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: mauve-discuss-owner@sourceware.org X-SW-Source: 2006-q2/txt/msg00007.txt.bz2 Gary, Thanks for your reply! So throwpoint checks are in these security.java testlets under various directories? Do you have a driver that could run just the security tests and nothing else? If not, what would be best strategy to implement one? I can try to write some tests, but your report list seems to be a bit broken right now. I'm interested in the security manager and the access controller. You seem to check unexpected exceptions (I looked at FileInputStream/security.java) but what about checking that expected exceptions are thrown? Olli > Hi Olli, > > Yeah, I'm working on it, slowly but surely. Currently the > only information online is the automatic status page at > http://people.redhat.com/gbenson/throwpoint-report.html. > I have some stuff I wrote the other day for Tom Tromey > and Anthony Green which I'm tidying up for the wiki but > I've attached it below in case you're interested. > > Cheers, > Gary > > ----- Forwarded message from Gary Benson ----- > Date: Mon, 15 May 2006 16:51:31 +0100 > From: Gary Benson > To: Tom Tromey > Cc: Anthony Green > Subject: Re: question about security stuff... > > Hi Tom, Anthony, > > Most of the security work I've been doing is driven by writing > throwpoint tests for Mauve. There's a list of every throwpoint > at http://tinyurl.com/o2ttz and what I do is pick a class and > write a Mauve test for it. Sometimes it's easy, other times > whether or not a check happens is governed by some really bizarre > logic and getting it right is a fiddle. > > If you want to write throwpoint tests then that'd be really > helpful. There's a list of what's done and what's not at > http://tinyurl.com/egrve (updated nightly) so pick something > that's not done and have a go. Currently I'm looking at AWT: > that, java.net and java.security are the gaping holes at the > moment. > > Most of the dirty work happens in TestSecurityManager2. > First you call its prepareChecks() to tell it what permissions > you expect to be checked, then you call whatever should perform > the check, and finally you call its checkAllChecked() method. > Any unexpected checks will cause a SecurityException to be > thrown. As well as a list of must-check permissions you can > supply prepareChecks() with some permissions that may be checked > (there's some cases where Sun or IBM check something incidental > that Classpath does not) and there's also a different way of > running checks to allow stuff like System.exit() to be tested > without actually exiting the VM. > > gnu/testlet/java/io/FileInputStream/security.java is a nice > simple one to base things on. Some stuff requires different > classloaders or different threads and if you need that then > look at gnu/testlet/java/lang/Thread/security.java to see what > I mean. The "// throwpoint:" comments are for the nightly > status page. > > Of course, there's always PR libgcj/13603 if you don't fancy > throwpoint tests... > > Cheers, > Gary >