Before 1.0.0, we should add stronger memory-safety testing for the FFI/native path.
The current test suite gives us good functional coverage, but native crypto code also needs protection against:
- leaks
- use-after-free
- invalid ownership transfer
- lifetime bugs across scopes/finalizers
- GC-related assumptions that only fail under stress
It may be easy to miss cases where GC, scoped lifetimes, or native ownership expectations interact badly, even if ordinary correctness tests stay green.
Areas of concern
The FFI implementation does a lot of explicit lifetime/ownership management, especially in:
lib/src/impl_ffi/impl_ffi.utils.dart
_PKEYWrapperNativeFinalizer_Scope_SslAllocatormove(...), defer(...), create(...), dataAsPointer(...)
- many FFI call sites under
lib/src/impl_ffi/
- AES, RSA, EC, HMAC, HKDF, PBKDF2, digest, random, etc.
- wrapper/native ownership boundaries in exported/imported key code
- places where BoringSSL takes ownership and the Dart side intentionally "moves" handles out of scope
Goal
Add explicit safety-oriented validation for the native path, not just functional tests.
Proposed work
1. Valgrind on Linux
Add at least one CI lane that runs native VM tests under valgrind on Linux.
Initial target:
dart test test/webcrypto_test.dart
Later we can decide whether to expand coverage selectively.
2. Memory-pressure / lifetime stress tests
Add targeted tests that try to shake out:
- early frees
- invalid scope assumptions
- ownership mistakes
- finalizer/lifetime issues
3. Possibly later sanitizer coverage
If practical, evaluate native sanitizer coverage, especially:
- ASan for use-after-free / invalid memory access
- LSan for leaks
UBSan may also be worth evaluating later, but it is lower priority than memory-access and leak detection for this codebase.
Before
1.0.0, we should add stronger memory-safety testing for the FFI/native path.The current test suite gives us good functional coverage, but native crypto code also needs protection against:
It may be easy to miss cases where GC, scoped lifetimes, or native ownership expectations interact badly, even if ordinary correctness tests stay green.
Areas of concern
The FFI implementation does a lot of explicit lifetime/ownership management, especially in:
lib/src/impl_ffi/impl_ffi.utils.dart_PKEYWrapperNativeFinalizer_Scope_SslAllocatormove(...),defer(...),create(...),dataAsPointer(...)lib/src/impl_ffi/Goal
Add explicit safety-oriented validation for the native path, not just functional tests.
Proposed work
1. Valgrind on Linux
Add at least one CI lane that runs native VM tests under
valgrindon Linux.Initial target:
dart test test/webcrypto_test.dartLater we can decide whether to expand coverage selectively.
2. Memory-pressure / lifetime stress tests
Add targeted tests that try to shake out:
3. Possibly later sanitizer coverage
If practical, evaluate native sanitizer coverage, especially:
UBSan may also be worth evaluating later, but it is lower priority than memory-access and leak detection for this codebase.