summaryrefslogtreecommitdiff
path: root/lib/ccan/failtest
diff options
context:
space:
mode:
authorRusty Russell <rusty@rustcorp.com.au>2012-02-22 14:59:32 +1030
committerAmitay Isaacs <amitay@gmail.com>2012-03-07 13:16:16 +1100
commit361f3ea9ee577c5a3e2fed687a0b417b257c31de (patch)
tree6d356c3aa64317c609ff4e208be76e18996a55f8 /lib/ccan/failtest
parent4f5412dda687c3ff76b426842bf284d01d56a997 (diff)
downloadsamba-361f3ea9ee577c5a3e2fed687a0b417b257c31de.tar.gz
samba-361f3ea9ee577c5a3e2fed687a0b417b257c31de.tar.bz2
samba-361f3ea9ee577c5a3e2fed687a0b417b257c31de.zip
lib/ccan: import failtest and required ccan modules for TDB2 unit tests.
New modules: failtest, list, time, read_write_all and tlist. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'lib/ccan/failtest')
-rw-r--r--lib/ccan/failtest/LICENSE165
-rw-r--r--lib/ccan/failtest/_info76
-rw-r--r--lib/ccan/failtest/failtest.c1713
-rw-r--r--lib/ccan/failtest/failtest.d70
-rw-r--r--lib/ccan/failtest/failtest.h258
-rw-r--r--lib/ccan/failtest/failtest_override.h81
-rw-r--r--lib/ccan/failtest/failtest_proto.h31
-rw-r--r--lib/ccan/failtest/failtest_undo.h49
-rw-r--r--lib/ccan/failtest/test/run-failpath.c39
-rw-r--r--lib/ccan/failtest/test/run-history.c183
-rw-r--r--lib/ccan/failtest/test/run-locking.c134
-rw-r--r--lib/ccan/failtest/test/run-malloc.c116
-rw-r--r--lib/ccan/failtest/test/run-open.c72
-rw-r--r--lib/ccan/failtest/test/run-write.c51
14 files changed, 3038 insertions, 0 deletions
diff --git a/lib/ccan/failtest/LICENSE b/lib/ccan/failtest/LICENSE
new file mode 100644
index 0000000000..cca7fc278f
--- /dev/null
+++ b/lib/ccan/failtest/LICENSE
@@ -0,0 +1,165 @@
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+ This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+ 0. Additional Definitions.
+
+ As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+ "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+ An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+ A "Combined Work" is a work produced by combining or linking an
+Application with the Library. The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+ The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+ The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+ 1. Exception to Section 3 of the GNU GPL.
+
+ You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+ 2. Conveying Modified Versions.
+
+ If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+ a) under this License, provided that you make a good faith effort to
+ ensure that, in the event an Application does not supply the
+ function or data, the facility still operates, and performs
+ whatever part of its purpose remains meaningful, or
+
+ b) under the GNU GPL, with none of the additional permissions of
+ this License applicable to that copy.
+
+ 3. Object Code Incorporating Material from Library Header Files.
+
+ The object code form of an Application may incorporate material from
+a header file that is part of the Library. You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+ a) Give prominent notice with each copy of the object code that the
+ Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the object code with a copy of the GNU GPL and this license
+ document.
+
+ 4. Combined Works.
+
+ You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+ a) Give prominent notice with each copy of the Combined Work that
+ the Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the Combined Work with a copy of the GNU GPL and this license
+ document.
+
+ c) For a Combined Work that displays copyright notices during
+ execution, include the copyright notice for the Library among
+ these notices, as well as a reference directing the user to the
+ copies of the GNU GPL and this license document.
+
+ d) Do one of the following:
+
+ 0) Convey the Minimal Corresponding Source under the terms of this
+ License, and the Corresponding Application Code in a form
+ suitable for, and under terms that permit, the user to
+ recombine or relink the Application with a modified version of
+ the Linked Version to produce a modified Combined Work, in the
+ manner specified by section 6 of the GNU GPL for conveying
+ Corresponding Source.
+
+ 1) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (a) uses at run time
+ a copy of the Library already present on the user's computer
+ system, and (b) will operate properly with a modified version
+ of the Library that is interface-compatible with the Linked
+ Version.
+
+ e) Provide Installation Information, but only if you would otherwise
+ be required to provide such information under section 6 of the
+ GNU GPL, and only to the extent that such information is
+ necessary to install and execute a modified version of the
+ Combined Work produced by recombining or relinking the
+ Application with a modified version of the Linked Version. (If
+ you use option 4d0, the Installation Information must accompany
+ the Minimal Corresponding Source and Corresponding Application
+ Code. If you use option 4d1, you must provide the Installation
+ Information in the manner specified by section 6 of the GNU GPL
+ for conveying Corresponding Source.)
+
+ 5. Combined Libraries.
+
+ You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+ a) Accompany the combined library with a copy of the same work based
+ on the Library, uncombined with any other library facilities,
+ conveyed under the terms of this License.
+
+ b) Give prominent notice with the combined library that part of it
+ is a work based on the Library, and explaining where to find the
+ accompanying uncombined form of the same work.
+
+ 6. Revised Versions of the GNU Lesser General Public License.
+
+ The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+ If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.
diff --git a/lib/ccan/failtest/_info b/lib/ccan/failtest/_info
new file mode 100644
index 0000000000..14dcb783be
--- /dev/null
+++ b/lib/ccan/failtest/_info
@@ -0,0 +1,76 @@
+#include <stdio.h>
+#include <string.h>
+#include "config.h"
+
+/**
+ * failtest - unit test helpers for testing malloc and other failures.
+ *
+ * The failtest module overrides various standard functions, and forks
+ * your unit test at those points to test failure paths. The failing
+ * child are expected to fail (eg. when malloc fails), but should not
+ * leak memory or crash. After including failtest_override.h, you can
+ * include failtest_restore.h to return to non-failing versions.
+ *
+ * The unit test is a normal CCAN tap-style test, except it should
+ * start by calling failtest_init() and end by calling
+ * failtest_exit().
+ *
+ * You can control what functions fail: see failtest_hook.
+ *
+ * Example:
+ * #include <stdio.h>
+ * #include <stdlib.h>
+ * #include <string.h>
+ * #include <ccan/tap/tap.h>
+ * #include <ccan/failtest/failtest_override.h>
+ * #include <ccan/failtest/failtest.h>
+ *
+ * int main(int argc, char *argv[])
+ * {
+ * char *a, *b;
+ *
+ * failtest_init(argc, argv);
+ * plan_tests(3);
+ *
+ * // Simple malloc test.
+ * a = malloc(100);
+ * if (ok1(a)) {
+ * // Fill the memory.
+ * memset(a, 'x', 100);
+ * b = realloc(a, 200);
+ * if (ok1(b)) {
+ * // Fill the rest of the memory.
+ * memset(b + 100, 'y', 100);
+ * // Check it got a copy of a as expected.
+ * ok1(strspn(b, "x") == 100);
+ * free(b);
+ * } else {
+ * // Easy to miss: free a on realloc failure!
+ * free(a);
+ * }
+ * }
+ * failtest_exit(exit_status());
+ * }
+ *
+ * License: LGPL
+ * Author: Rusty Russell <rusty@rustcorp.com.au>
+ */
+int main(int argc, char *argv[])
+{
+ if (argc != 2)
+ return 1;
+
+ if (strcmp(argv[1], "depends") == 0) {
+ printf("ccan/build_assert\n");
+ printf("ccan/compiler\n");
+ printf("ccan/hash\n");
+ printf("ccan/htable\n");
+ printf("ccan/read_write_all\n");
+ printf("ccan/str\n");
+ printf("ccan/time\n");
+ printf("ccan/tlist\n");
+ return 0;
+ }
+
+ return 1;
+}
diff --git a/lib/ccan/failtest/failtest.c b/lib/ccan/failtest/failtest.c
new file mode 100644
index 0000000000..701586e9b8
--- /dev/null
+++ b/lib/ccan/failtest/failtest.c
@@ -0,0 +1,1713 @@
+/* Licensed under LGPL - see LICENSE file for details */
+#include <ccan/failtest/failtest.h>
+#include <stdarg.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <err.h>
+#include <unistd.h>
+#include <poll.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/mman.h>
+#include <signal.h>
+#include <assert.h>
+#include <ccan/time/time.h>
+#include <ccan/read_write_all/read_write_all.h>
+#include <ccan/failtest/failtest_proto.h>
+#include <ccan/build_assert/build_assert.h>
+#include <ccan/hash/hash.h>
+#include <ccan/htable/htable_type.h>
+#include <ccan/str/str.h>
+#include <ccan/compiler/compiler.h>
+
+enum failtest_result (*failtest_hook)(struct tlist_calls *);
+
+static FILE *tracef = NULL, *warnf;
+static int traceindent = 0;
+
+unsigned int failtest_timeout_ms = 20000;
+
+const char *failpath;
+const char *debugpath;
+
+enum info_type {
+ WRITE,
+ RELEASE_LOCKS,
+ FAILURE,
+ SUCCESS,
+ UNEXPECTED
+};
+
+struct lock_info {
+ int fd;
+ /* end is inclusive: you can't have a 0-byte lock. */
+ off_t start, end;
+ int type;
+};
+
+/* We hash the call location together with its backtrace. */
+static size_t hash_call(const struct failtest_call *call)
+{
+ return hash(call->file, strlen(call->file),
+ hash(&call->line, 1,
+ hash(call->backtrace, call->backtrace_num,
+ call->type)));
+}
+
+static bool call_eq(const struct failtest_call *call1,
+ const struct failtest_call *call2)
+{
+ unsigned int i;
+
+ if (strcmp(call1->file, call2->file) != 0
+ || call1->line != call2->line
+ || call1->type != call2->type
+ || call1->backtrace_num != call2->backtrace_num)
+ return false;
+
+ for (i = 0; i < call1->backtrace_num; i++)
+ if (call1->backtrace[i] != call2->backtrace[i])
+ return false;
+
+ return true;
+}
+
+/* Defines struct failtable. */
+HTABLE_DEFINE_TYPE(struct failtest_call, (struct failtest_call *), hash_call,
+ call_eq, failtable);
+
+bool (*failtest_exit_check)(struct tlist_calls *history);
+
+/* The entire history of all calls. */
+static struct tlist_calls history = TLIST_INIT(history);
+/* If we're a child, the fd two write control info to the parent. */
+static int control_fd = -1;
+/* If we're a child, this is the first call we did ourselves. */
+static struct failtest_call *our_history_start = NULL;
+/* For printing runtime with --trace. */
+static struct timeval start;
+/* Set when failtest_hook returns FAIL_PROBE */
+static bool probing = false;
+/* Table to track duplicates. */
+static struct failtable failtable;
+
+/* Array of writes which our child did. We report them on failure. */
+static struct write_call *child_writes = NULL;
+static unsigned int child_writes_num = 0;
+
+/* fcntl locking info. */
+static pid_t lock_owner;
+static struct lock_info *locks = NULL;
+static unsigned int lock_num = 0;
+
+/* Our original pid, which we return to anyone who asks. */
+static pid_t orig_pid;
+
+/* Mapping from failtest_type to char. */
+static const char info_to_arg[] = "mceoxprwfal";
+
+/* Dummy call used for failtest_undo wrappers. */
+static struct failtest_call unrecorded_call;
+
+struct contents_saved {
+ size_t count;
+ off_t off;
+ off_t old_len;
+ char contents[1];
+};
+
+/* File contents, saved in this child only. */
+struct saved_mmapped_file {
+ struct saved_mmapped_file *next;
+ struct failtest_call *opener;
+ struct contents_saved *s;
+};
+
+static struct saved_mmapped_file *saved_mmapped_files;
+
+#if HAVE_BACKTRACE
+#include <execinfo.h>
+
+static void **get_backtrace(unsigned int *num)
+{
+ static unsigned int max_back = 100;
+ void **ret;
+
+again:
+ ret = malloc(max_back * sizeof(void *));
+ *num = backtrace(ret, max_back);
+ if (*num == max_back) {
+ free(ret);
+ max_back *= 2;
+ goto again;
+ }
+ return ret;
+}
+#else
+/* This will test slightly less, since will consider all of the same
+ * calls as identical. But, it's slightly faster! */
+static void **get_backtrace(unsigned int *num)
+{
+ *num = 0;
+ return NULL;
+}
+#endif /* HAVE_BACKTRACE */
+
+static struct failtest_call *add_history_(enum failtest_call_type type,
+ bool can_leak,
+ const char *file,
+ unsigned int line,
+ const void *elem,
+ size_t elem_size)
+{
+ struct failtest_call *call;
+
+ /* NULL file is how we suppress failure. */
+ if (!file)
+ return &unrecorded_call;
+
+ call = malloc(sizeof *call);
+ call->type = type;
+ call->can_leak = can_leak;
+ call->file = file;
+ call->line = line;
+ call->cleanup = NULL;
+ call->backtrace = get_backtrace(&call->backtrace_num);
+ memcpy(&call->u, elem, elem_size);
+ tlist_add_tail(&history, call, list);
+ return call;
+}
+
+#define add_history(type, can_leak, file, line, elem) \
+ add_history_((type), (can_leak), (file), (line), (elem), sizeof(*(elem)))
+
+/* We do a fake call inside a sizeof(), to check types. */
+#define set_cleanup(call, clean, type) \
+ (call)->cleanup = (void *)((void)sizeof(clean((type *)NULL, false),1), (clean))
+
+/* Dup the fd to a high value (out of the way I hope!), and close the old fd. */
+static int move_fd_to_high(int fd)
+{
+ int i;
+
+ for (i = FD_SETSIZE - 1; i >= 0; i--) {
+ if (fcntl(i, F_GETFL) == -1 && errno == EBADF) {
+ if (dup2(fd, i) == -1)
+ err(1, "Failed to dup fd %i to %i", fd, i);
+ close(fd);
+ return i;
+ }
+ }
+ /* Nothing? Really? Er... ok? */
+ return fd;
+}
+
+static bool read_write_info(int fd)
+{
+ struct write_call *w;
+ char *buf;
+
+ /* We don't need all of this, but it's simple. */
+ child_writes = realloc(child_writes,
+ (child_writes_num+1) * sizeof(child_writes[0]));
+ w = &child_writes[child_writes_num];
+ if (!read_all(fd, w, sizeof(*w)))
+ return false;
+
+ w->buf = buf = malloc(w->count);
+ if (!read_all(fd, buf, w->count))
+ return false;
+
+ child_writes_num++;
+ return true;
+}
+
+static char *failpath_string(void)
+{
+ struct failtest_call *i;
+ char *ret = strdup("");
+ unsigned len = 0;
+
+ /* Inefficient, but who cares? */
+ tlist_for_each(&history, i, list) {
+ ret = realloc(ret, len + 2);
+ ret[len] = info_to_arg[i->type];
+ if (i->fail)
+ ret[len] = toupper(ret[len]);
+ ret[++len] = '\0';
+ }
+ return ret;
+}
+
+static void do_warn(int e, const char *fmt, va_list ap)
+{
+ char *p = failpath_string();
+
+ vfprintf(warnf, fmt, ap);
+ if (e != -1)
+ fprintf(warnf, ": %s", strerror(e));
+ fprintf(warnf, " [%s]\n", p);
+ free(p);
+}
+
+static void fwarn(const char *fmt, ...)
+{
+ va_list ap;
+ int e = errno;
+
+ va_start(ap, fmt);
+ do_warn(e, fmt, ap);
+ va_end(ap);
+}
+
+
+static void fwarnx(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ do_warn(-1, fmt, ap);
+ va_end(ap);
+}
+
+static void tell_parent(enum info_type type)
+{
+ if (control_fd != -1)
+ write_all(control_fd, &type, sizeof(type));
+}
+
+static void child_fail(const char *out, size_t outlen, const char *fmt, ...)
+{
+ va_list ap;
+ char *path = failpath_string();
+
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+
+ fprintf(stderr, "%.*s", (int)outlen, out);
+ printf("To reproduce: --failpath=%s\n", path);
+ free(path);
+ tell_parent(FAILURE);
+ exit(1);
+}
+
+static void PRINTF_FMT(1, 2) trace(const char *fmt, ...)
+{
+ va_list ap;
+ unsigned int i;
+ char *p;
+ static int idx;
+
+ if (!tracef)
+ return;
+
+ for (i = 0; i < traceindent; i++)
+ fprintf(tracef, " ");
+
+ p = failpath_string();
+ fprintf(tracef, "%i: %u: %s ", idx++, getpid(), p);
+ va_start(ap, fmt);
+ vfprintf(tracef, fmt, ap);
+ va_end(ap);
+ free(p);
+}
+
+static pid_t child;
+
+static void hand_down(int signum)
+{
+ kill(child, signum);
+}
+
+static void release_locks(void)
+{
+ /* Locks were never acquired/reacquired? */
+ if (lock_owner == 0)
+ return;
+
+ /* We own them? Release them all. */
+ if (lock_owner == getpid()) {
+ unsigned int i;
+ struct flock fl;
+ fl.l_type = F_UNLCK;
+ fl.l_whence = SEEK_SET;
+ fl.l_start = 0;
+ fl.l_len = 0;
+
+ trace("Releasing %u locks\n", lock_num);
+ for (i = 0; i < lock_num; i++)
+ fcntl(locks[i].fd, F_SETLK, &fl);
+ } else {
+ /* Our parent must have them; pass request up. */
+ enum info_type type = RELEASE_LOCKS;
+ assert(control_fd != -1);
+ write_all(control_fd, &type, sizeof(type));
+ }
+ lock_owner = 0;
+}
+
+/* off_t is a signed type. Getting its max is non-trivial. */
+static off_t off_max(void)
+{
+ BUILD_ASSERT(sizeof(off_t) == 4 || sizeof(off_t) == 8);
+ if (sizeof(off_t) == 4)
+ return (off_t)0x7FFFFFF;
+ else
+ return (off_t)0x7FFFFFFFFFFFFFFULL;
+}
+
+static void get_locks(void)
+{
+ unsigned int i;
+ struct flock fl;
+
+ if (lock_owner == getpid())
+ return;
+
+ if (lock_owner != 0) {
+ enum info_type type = RELEASE_LOCKS;
+ assert(control_fd != -1);
+ trace("Asking parent to release locks\n");
+ write_all(control_fd, &type, sizeof(type));
+ }
+
+ fl.l_whence = SEEK_SET;
+
+ for (i = 0; i < lock_num; i++) {
+ fl.l_type = locks[i].type;
+ fl.l_start = locks[i].start;
+ if (locks[i].end == off_max())
+ fl.l_len = 0;
+ else
+ fl.l_len = locks[i].end - locks[i].start + 1;
+
+ if (fcntl(locks[i].fd, F_SETLKW, &fl) != 0)
+ abort();
+ }
+ trace("Acquired %u locks\n", lock_num);
+ lock_owner = getpid();
+}
+
+
+static struct contents_saved *save_contents(const char *filename,
+ int fd, size_t count, off_t off,
+ const char *why)
+{
+ struct contents_saved *s = malloc(sizeof(*s) + count);
+ ssize_t ret;
+
+ s->off = off;
+
+ ret = pread(fd, s->contents, count, off);
+ if (ret < 0) {
+ fwarn("failtest_write: failed to save old contents!");
+ s->count = 0;
+ } else
+ s->count = ret;
+
+ /* Use lseek to get the size of file, but we have to restore
+ * file offset */
+ off = lseek(fd, 0, SEEK_CUR);
+ s->old_len = lseek(fd, 0, SEEK_END);
+ lseek(fd, off, SEEK_SET);
+
+ trace("Saving %p %s %zu@%llu after %s (filelength %llu) via fd %i\n",
+ s, filename, s->count, (long long)s->off, why,
+ (long long)s->old_len, fd);
+ return s;
+}
+
+static void restore_contents(struct failtest_call *opener,
+ struct contents_saved *s,
+ bool restore_offset,
+ const char *caller)
+{
+ int fd;
+
+ /* The top parent doesn't need to restore. */
+ if (control_fd == -1)
+ return;
+
+ /* Has the fd been closed? */
+ if (opener->u.open.closed) {
+ /* Reopen, replace fd, close silently as we clean up. */
+ fd = open(opener->u.open.pathname, O_RDWR);
+ if (fd < 0) {
+ fwarn("failtest: could not reopen %s to clean up %s!",
+ opener->u.open.pathname, caller);
+ return;
+ }
+ /* Make it clearly distinguisable from a "normal" fd. */
+ fd = move_fd_to_high(fd);
+ trace("Reopening %s to restore it (was fd %i, now %i)\n",
+ opener->u.open.pathname, opener->u.open.ret, fd);
+ opener->u.open.ret = fd;
+ opener->u.open.closed = false;
+ }
+ fd = opener->u.open.ret;
+
+ trace("Restoring %p %s %zu@%llu after %s (filelength %llu) via fd %i\n",
+ s, opener->u.open.pathname, s->count, (long long)s->off, caller,
+ (long long)s->old_len, fd);
+ if (pwrite(fd, s->contents, s->count, s->off) != s->count) {
+ fwarn("failtest: write failed cleaning up %s for %s!",
+ opener->u.open.pathname, caller);
+ }
+
+ if (ftruncate(fd, s->old_len) != 0) {
+ fwarn("failtest_write: truncate failed cleaning up %s for %s!",
+ opener->u.open.pathname, caller);
+ }
+
+ if (restore_offset) {
+ trace("Restoring offset of fd %i to %llu\n",
+ fd, (long long)s->off);
+ lseek(fd, s->off, SEEK_SET);
+ }
+}
+
+/* We save/restore most things on demand, but always do mmaped files. */
+static void save_mmapped_files(void)
+{
+ struct failtest_call *i;
+ trace("Saving mmapped files in child\n");
+
+ tlist_for_each_rev(&history, i, list) {
+ struct mmap_call *m = &i->u.mmap;
+ struct saved_mmapped_file *s;
+
+ if (i->type != FAILTEST_MMAP)
+ continue;
+
+ /* FIXME: We only handle mmapped files where fd is still open. */
+ if (m->opener->u.open.closed)
+ continue;
+
+ s = malloc(sizeof *s);
+ s->s = save_contents(m->opener->u.open.pathname,
+ m->fd, m->length, m->offset,
+ "mmapped file before fork");
+ s->opener = m->opener;
+ s->next = saved_mmapped_files;
+ saved_mmapped_files = s;
+ }
+}
+
+static void free_mmapped_files(bool restore)
+{
+ trace("%s mmapped files in child\n",
+ restore ? "Restoring" : "Discarding");
+ while (saved_mmapped_files) {
+ struct saved_mmapped_file *next = saved_mmapped_files->next;
+ if (restore)
+ restore_contents(saved_mmapped_files->opener,
+ saved_mmapped_files->s, false,
+ "saved mmap");
+ free(saved_mmapped_files->s);
+ free(saved_mmapped_files);
+ saved_mmapped_files = next;
+ }
+}
+
+/* Returns a FAILTEST_OPEN, FAILTEST_PIPE or NULL. */
+static struct failtest_call *opener_of(int fd)
+{
+ struct failtest_call *i;
+
+ /* Don't get confused and match genuinely failed opens. */
+ if (fd < 0)
+ return NULL;
+
+ /* Figure out the set of live fds. */
+ tlist_for_each_rev(&history, i, list) {
+ if (i->fail)
+ continue;
+ switch (i->type) {
+ case FAILTEST_CLOSE:
+ if (i->u.close.fd == fd) {
+ return NULL;
+ }
+ break;
+ case FAILTEST_OPEN:
+ if (i->u.open.ret == fd) {
+ if (i->u.open.closed)
+ return NULL;
+ return i;
+ }
+ break;
+ case FAILTEST_PIPE:
+ if (i->u.pipe.fds[0] == fd || i->u.pipe.fds[1] == fd) {
+ return i;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
+ /* FIXME: socket, dup, etc are untracked! */
+ return NULL;
+}
+
+static void free_call(struct failtest_call *call)
+{
+ /* We don't do this in cleanup: needed even for failed opens. */
+ if (call->type == FAILTEST_OPEN)
+ free((char *)call->u.open.pathname);
+ free(call->backtrace);
+ tlist_del_from(&history, call, list);
+ free(call);
+}
+
+/* Free up memory, so valgrind doesn't report leaks. */
+static void free_everything(void)
+{
+ struct failtest_call *i;
+
+ while ((i = tlist_top(&history, list)) != NULL)
+ free_call(i);
+
+ failtable_clear(&failtable);
+}
+
+static NORETURN void failtest_cleanup(bool forced_cleanup, int status)
+{
+ struct failtest_call *i;
+ bool restore = true;
+
+ /* For children, we don't care if they "failed" the testing. */
+ if (control_fd != -1)
+ status = 0;
+ else
+ /* We don't restore contents for original parent. */
+ restore = false;
+
+ /* Cleanup everything, in reverse order. */
+ tlist_for_each_rev(&history, i, list) {
+ /* Don't restore things our parent did. */
+ if (i == our_history_start)
+ restore = false;
+
+ if (i->fail)
+ continue;
+
+ if (i->cleanup)
+ i->cleanup(&i->u, restore);
+
+ /* But their program shouldn't leak, even on failure. */
+ if (!forced_cleanup && i->can_leak) {
+ printf("Leak at %s:%u: --failpath=%s\n",
+ i->file, i->line, failpath_string());
+ status = 1;
+ }
+ }
+
+ /* Put back mmaped files the way our parent (if any) expects. */
+ free_mmapped_files(true);
+
+ free_everything();
+ if (status == 0)
+ tell_parent(SUCCESS);
+ else
+ tell_parent(FAILURE);
+ exit(status);
+}
+
+static bool following_path(void)
+{
+ if (!failpath)
+ return false;
+ /* + means continue after end, like normal. */
+ if (*failpath == '+') {
+ failpath = NULL;
+ return false;
+ }
+ return true;
+}
+
+static bool follow_path(struct failtest_call *call)
+{
+ if (*failpath == '\0') {
+ /* Continue, but don't inject errors. */
+ return call->fail = false;
+ }
+
+ if (tolower((unsigned char)*failpath) != info_to_arg[call->type])
+ errx(1, "Failpath expected '%s' got '%c'\n",
+ failpath, info_to_arg[call->type]);
+ call->fail = cisupper(*(failpath++));
+ if (call->fail)
+ call->can_leak = false;
+ return call->fail;
+}
+
+static bool should_fail(struct failtest_call *call)
+{
+ int status;
+ int control[2], output[2];
+ enum info_type type = UNEXPECTED;
+ char *out = NULL;
+ size_t outlen = 0;
+ struct failtest_call *dup;
+
+ if (call == &unrecorded_call)
+ return false;
+
+ if (following_path())
+ return follow_path(call);
+
+ /* Attach debugger if they asked for it. */
+ if (debugpath) {
+ char *path;
+
+ /* Pretend this last call matches whatever path wanted:
+ * keeps valgrind happy. */
+ call->fail = cisupper(debugpath[strlen(debugpath)-1]);
+ path = failpath_string();
+
+ if (streq(path, debugpath)) {
+ char str[80];
+
+ /* Don't timeout. */
+ signal(SIGUSR1, SIG_IGN);
+ sprintf(str, "xterm -e gdb /proc/%d/exe %d &",
+ getpid(), getpid());
+ if (system(str) == 0)
+ sleep(5);
+ } else {
+ /* Ignore last character: could be upper or lower. */
+ path[strlen(path)-1] = '\0';
+ if (!strstarts(debugpath, path)) {
+ fprintf(stderr,
+ "--debugpath not followed: %s\n", path);
+ debugpath = NULL;
+ }
+ }
+ free(path);
+ }
+
+ /* Are we probing? If so, we never fail twice. */
+ if (probing) {
+ trace("Not failing %c due to FAIL_PROBE return\n",
+ info_to_arg[call->type]);
+ return call->fail = false;
+ }
+
+ /* Don't fail more than once in the same place. */
+ dup = failtable_get(&failtable, call);
+ if (dup) {
+ trace("Not failing %c due to duplicate\n",
+ info_to_arg[call->type]);
+ return call->fail = false;
+ }
+
+ if (failtest_hook) {
+ switch (failtest_hook(&history)) {
+ case FAIL_OK:
+ break;
+ case FAIL_PROBE:
+ probing = true;
+ break;
+ case FAIL_DONT_FAIL:
+ trace("Not failing %c due to failhook return\n",
+ info_to_arg[call->type]);
+ call->fail = false;
+ return false;
+ default:
+ abort();
+ }
+ }
+
+ /* Add it to our table of calls. */
+ failtable_add(&failtable, call);
+
+ /* We're going to fail in the child. */
+ call->fail = true;
+ if (pipe(control) != 0 || pipe(output) != 0)
+ err(1, "opening pipe");
+
+ /* Move out the way, to high fds. */
+ control[0] = move_fd_to_high(control[0]);
+ control[1] = move_fd_to_high(control[1]);
+ output[0] = move_fd_to_high(output[0]);
+ output[1] = move_fd_to_high(output[1]);
+
+ /* Prevent double-printing (in child and parent) */
+ fflush(stdout);
+ fflush(warnf);
+ if (tracef)
+ fflush(tracef);
+ child = fork();
+ if (child == -1)
+ err(1, "forking failed");
+
+ if (child == 0) {
+ traceindent++;
+ if (tracef) {
+ struct timeval diff;
+ const char *p;
+ char *failpath;
+ struct failtest_call *c;
+
+ c = tlist_tail(&history, list);
+ diff = time_sub(time_now(), start);
+ failpath = failpath_string();
+ p = strrchr(c->file, '/');
+ if (p)
+ p++;
+ else
+ p = c->file;
+ trace("%u->%u (%u.%02u): %s (%s:%u)\n",
+ getppid(), getpid(),
+ (int)diff.tv_sec, (int)diff.tv_usec / 10000,
+ failpath, p, c->line);
+ free(failpath);
+ }
+ /* From here on, we have to clean up! */
+ our_history_start = tlist_tail(&history, list);
+ close(control[0]);
+ close(output[0]);
+ /* Don't swallow stderr if we're tracing. */
+ if (!tracef) {
+ dup2(output[1], STDOUT_FILENO);
+ dup2(output[1], STDERR_FILENO);
+ if (output[1] != STDOUT_FILENO
+ && output[1] != STDERR_FILENO)
+ close(output[1]);
+ }
+ control_fd = move_fd_to_high(control[1]);
+
+ /* Forget any of our parent's saved files. */
+ free_mmapped_files(false);
+
+ /* Now, save any files we need to. */
+ save_mmapped_files();
+
+ /* Failed calls can't leak. */
+ call->can_leak = false;
+
+ return true;
+ }
+
+ signal(SIGUSR1, hand_down);
+
+ close(control[1]);
+ close(output[1]);
+
+ /* We grab output so we can display it; we grab writes so we
+ * can compare. */
+ do {
+ struct pollfd pfd[2];
+ int ret;
+
+ pfd[0].fd = output[0];
+ pfd[0].events = POLLIN|POLLHUP;
+ pfd[1].fd = control[0];
+ pfd[1].events = POLLIN|POLLHUP;
+
+ if (type == SUCCESS)
+ ret = poll(pfd, 1, failtest_timeout_ms);
+ else
+ ret = poll(pfd, 2, failtest_timeout_ms);
+
+ if (ret == 0)
+ hand_down(SIGUSR1);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ err(1, "Poll returned %i", ret);
+ }
+
+ if (pfd[0].revents & POLLIN) {
+ ssize_t len;
+
+ out = realloc(out, outlen + 8192);
+ len = read(output[0], out + outlen, 8192);
+ outlen += len;
+ } else if (type != SUCCESS && (pfd[1].revents & POLLIN)) {
+ if (read_all(control[0], &type, sizeof(type))) {
+ if (type == WRITE) {
+ if (!read_write_info(control[0]))
+ break;
+ } else if (type == RELEASE_LOCKS) {
+ release_locks();
+ /* FIXME: Tell them we're done... */
+ }
+ }
+ } else if (pfd[0].revents & POLLHUP) {
+ break;
+ }
+ } while (type != FAILURE);
+
+ close(output[0]);
+ close(control[0]);
+ waitpid(child, &status, 0);
+ if (!WIFEXITED(status)) {
+ if (WTERMSIG(status) == SIGUSR1)
+ child_fail(out, outlen, "Timed out");
+ else
+ child_fail(out, outlen, "Killed by signal %u: ",
+ WTERMSIG(status));
+ }
+ /* Child printed failure already, just pass up exit code. */
+ if (type == FAILURE) {
+ fprintf(stderr, "%.*s", (int)outlen, out);
+ tell_parent(type);
+ exit(WEXITSTATUS(status) ? WEXITSTATUS(status) : 1);
+ }
+ if (WEXITSTATUS(status) != 0)
+ child_fail(out, outlen, "Exited with status %i: ",
+ WEXITSTATUS(status));
+
+ free(out);
+ signal(SIGUSR1, SIG_DFL);
+
+ /* Only child does probe. */
+ probing = false;
+
+ /* We continue onwards without failing. */
+ call->fail = false;
+ return false;
+}
+
+static void cleanup_calloc(struct calloc_call *call, bool restore)
+{
+ trace("undoing calloc %p\n", call->ret);
+ free(call->ret);
+}
+
+void *failtest_calloc(size_t nmemb, size_t size,
+ const char *file, unsigned line)
+{
+ struct failtest_call *p;
+ struct calloc_call call;
+ call.nmemb = nmemb;
+ call.size = size;
+ p = add_history(FAILTEST_CALLOC, true, file, line, &call);
+
+ if (should_fail(p)) {
+ p->u.calloc.ret = NULL;
+ p->error = ENOMEM;
+ } else {
+ p->u.calloc.ret = calloc(nmemb, size);
+ set_cleanup(p, cleanup_calloc, struct calloc_call);
+ }
+ trace("calloc %zu x %zu %s:%u -> %p\n",
+ nmemb, size, file, line, p->u.calloc.ret);
+ errno = p->error;
+ return p->u.calloc.ret;
+}
+
+static void cleanup_malloc(struct malloc_call *call, bool restore)
+{
+ trace("undoing malloc %p\n", call->ret);
+ free(call->ret);
+}
+
+void *failtest_malloc(size_t size, const char *file, unsigned line)
+{
+ struct failtest_call *p;
+ struct malloc_call call;
+ call.size = size;
+
+ p = add_history(FAILTEST_MALLOC, true, file, line, &call);
+ if (should_fail(p)) {
+ p->u.malloc.ret = NULL;
+ p->error = ENOMEM;
+ } else {
+ p->u.malloc.ret = malloc(size);
+ set_cleanup(p, cleanup_malloc, struct malloc_call);
+ }
+ trace("malloc %zu %s:%u -> %p\n",
+ size, file, line, p->u.malloc.ret);
+ errno = p->error;
+ return p->u.malloc.ret;
+}
+
+static void cleanup_realloc(struct realloc_call *call, bool restore)
+{
+ trace("undoing realloc %p\n", call->ret);
+ free(call->ret);
+}
+
+/* Walk back and find out if we got this ptr from a previous routine. */
+static void fixup_ptr_history(void *ptr, const char *why)
+{
+ struct failtest_call *i;
+
+ /* Start at end of history, work back. */
+ tlist_for_each_rev(&history, i, list) {
+ switch (i->type) {
+ case FAILTEST_REALLOC:
+ if (i->u.realloc.ret == ptr) {
+ trace("found realloc %p %s:%u matching %s\n",
+ ptr, i->file, i->line, why);
+ i->cleanup = NULL;
+ i->can_leak = false;
+ return;
+ }
+ break;
+ case FAILTEST_MALLOC:
+ if (i->u.malloc.ret == ptr) {
+ trace("found malloc %p %s:%u matching %s\n",
+ ptr, i->file, i->line, why);
+ i->cleanup = NULL;
+ i->can_leak = false;
+ return;
+ }
+ break;
+ case FAILTEST_CALLOC:
+ if (i->u.calloc.ret == ptr) {
+ trace("found calloc %p %s:%u matching %s\n",
+ ptr, i->file, i->line, why);
+ i->cleanup = NULL;
+ i->can_leak = false;
+ return;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ trace("Did not find %p matching %s\n", ptr, why);
+}
+
+void *failtest_realloc(void *ptr, size_t size, const char *file, unsigned line)
+{
+ struct failtest_call *p;
+ struct realloc_call call;
+ call.size = size;
+ p = add_history(FAILTEST_REALLOC, true, file, line, &call);
+
+ /* FIXME: Try one child moving allocation, one not. */
+ if (should_fail(p)) {
+ p->u.realloc.ret = NULL;
+ p->error = ENOMEM;
+ } else {
+ /* Don't catch this one in the history fixup... */
+ p->u.realloc.ret = NULL;
+ fixup_ptr_history(ptr, "realloc");
+ p->u.realloc.ret = realloc(ptr, size);
+ set_cleanup(p, cleanup_realloc, struct realloc_call);
+ }
+ trace("realloc %p %s:%u -> %p\n",
+ ptr, file, line, p->u.realloc.ret);
+ errno = p->error;
+ return p->u.realloc.ret;
+}
+
+/* FIXME: Record free, so we can terminate fixup_ptr_history correctly.
+ * If there's an alloc we don't see, it could get confusing if it matches
+ * a previous allocation we did see. */
+void failtest_free(void *ptr)
+{
+ fixup_ptr_history(ptr, "free");
+ trace("free %p\n", ptr);
+ free(ptr);
+}
+
+
+static struct contents_saved *save_file(const char *pathname)
+{
+ int fd;
+ struct contents_saved *s;
+
+ fd = open(pathname, O_RDONLY);
+ if (fd < 0)
+ return NULL;
+
+ s = save_contents(pathname, fd, lseek(fd, 0, SEEK_END), 0,
+ "open with O_TRUNC");
+ close(fd);
+ return s;
+}
+
+/* Optimization: don't create a child for an open which *we know*
+ * would fail anyway. */
+static bool open_would_fail(const char *pathname, int flags)
+{
+ if ((flags & O_ACCMODE) == O_RDONLY)
+ return access(pathname, R_OK) != 0;
+ if (!(flags & O_CREAT)) {
+ if ((flags & O_ACCMODE) == O_WRONLY)
+ return access(pathname, W_OK) != 0;
+ if ((flags & O_ACCMODE) == O_RDWR)
+ return access(pathname, W_OK) != 0
+ || access(pathname, R_OK) != 0;
+ }
+ /* FIXME: We could check if it exists, for O_CREAT|O_EXCL */
+ return false;
+}
+
+static void cleanup_open(struct open_call *call, bool restore)
+{
+ if (restore && call->saved)
+ restore_contents(container_of(call, struct failtest_call,
+ u.open),
+ call->saved, false, "open with O_TRUNC");
+ if (!call->closed) {
+ trace("Cleaning up open %s by closing fd %i\n",
+ call->pathname, call->ret);
+ close(call->ret);
+ call->closed = true;
+ }
+ free(call->saved);
+}
+
+int failtest_open(const char *pathname,
+ const char *file, unsigned line, ...)
+{
+ struct failtest_call *p;
+ struct open_call call;
+ va_list ap;
+
+ call.pathname = strdup(pathname);
+ va_start(ap, line);
+ call.flags = va_arg(ap, int);
+ call.always_save = false;
+ call.closed = false;
+ if (call.flags & O_CREAT) {
+ call.mode = va_arg(ap, int);
+ va_end(ap);
+ }
+ p = add_history(FAILTEST_OPEN, true, file, line, &call);
+ /* Avoid memory leak! */
+ if (p == &unrecorded_call)
+ free((char *)call.pathname);
+
+ if (should_fail(p)) {
+ /* Don't bother inserting failures that would happen anyway. */
+ if (open_would_fail(pathname, call.flags)) {
+ trace("Open would have failed anyway: stopping\n");
+ failtest_cleanup(true, 0);
+ }
+ p->u.open.ret = -1;
+ /* FIXME: Play with error codes? */
+ p->error = EACCES;
+ } else {
+ /* Save the old version if they're truncating it. */
+ if (call.flags & O_TRUNC)
+ p->u.open.saved = save_file(pathname);
+ else
+ p->u.open.saved = NULL;
+ p->u.open.ret = open(pathname, call.flags, call.mode);
+ if (p->u.open.ret == -1) {
+ p->u.open.closed = true;
+ p->can_leak = false;
+ } else {
+ set_cleanup(p, cleanup_open, struct open_call);
+ }
+ }
+ trace("open %s %s:%u -> %i (opener %p)\n",
+ pathname, file, line, p->u.open.ret, &p->u.open);
+ errno = p->error;
+ return p->u.open.ret;
+}
+
+static void cleanup_mmap(struct mmap_call *mmap, bool restore)
+{
+ trace("cleaning up mmap @%p (opener %p)\n",
+ mmap->ret, mmap->opener);
+ if (restore)
+ restore_contents(mmap->opener, mmap->saved, false, "mmap");
+ free(mmap->saved);
+}
+
+void *failtest_mmap(void *addr, size_t length, int prot, int flags,
+ int fd, off_t offset, const char *file, unsigned line)
+{
+ struct failtest_call *p;
+ struct mmap_call call;
+
+ call.addr = addr;
+ call.length = length;
+ call.prot = prot;
+ call.flags = flags;
+ call.offset = offset;
+ call.fd = fd;
+ call.opener = opener_of(fd);
+
+ /* If we don't know what file it was, don't fail. */
+ if (!call.opener) {
+ if (fd != -1) {
+ fwarnx("failtest_mmap: couldn't figure out source for"
+ " fd %i at %s:%u", fd, file, line);
+ }
+ addr = mmap(addr, length, prot, flags, fd, offset);
+ trace("mmap of fd %i -> %p (opener = NULL)\n", fd, addr);
+ return addr;
+ }
+
+ p = add_history(FAILTEST_MMAP, false, file, line, &call);
+ if (should_fail(p)) {
+ p->u.mmap.ret = MAP_FAILED;
+ p->error = ENOMEM;
+ } else {
+ p->u.mmap.ret = mmap(addr, length, prot, flags, fd, offset);
+ /* Save contents if we're writing to a normal file */
+ if (p->u.mmap.ret != MAP_FAILED
+ && (prot & PROT_WRITE)
+ && call.opener->type == FAILTEST_OPEN) {
+ const char *fname = call.opener->u.open.pathname;
+ p->u.mmap.saved = save_contents(fname, fd, length,
+ offset, "being mmapped");
+ set_cleanup(p, cleanup_mmap, struct mmap_call);
+ }
+ }
+ trace("mmap of fd %i %s:%u -> %p (opener = %p)\n",
+ fd, file, line, addr, call.opener);
+ errno = p->error;
+ return p->u.mmap.ret;
+}
+
+static void cleanup_pipe(struct pipe_call *call, bool restore)
+{
+ trace("cleaning up pipe fd=%i%s,%i%s\n",
+ call->fds[0], call->closed[0] ? "(already closed)" : "",
+ call->fds[1], call->closed[1] ? "(already closed)" : "");
+ if (!call->closed[0])
+ close(call->fds[0]);
+ if (!call->closed[1])
+ close(call->fds[1]);
+}
+
+int failtest_pipe(int pipefd[2], const char *file, unsigned line)
+{
+ struct failtest_call *p;
+ struct pipe_call call;
+
+ p = add_history(FAILTEST_PIPE, true, file, line, &call);
+ if (should_fail(p)) {
+ p->u.open.ret = -1;
+ /* FIXME: Play with error codes? */
+ p->error = EMFILE;
+ } else {
+ p->u.pipe.ret = pipe(p->u.pipe.fds);
+ p->u.pipe.closed[0] = p->u.pipe.closed[1] = false;
+ set_cleanup(p, cleanup_pipe, struct pipe_call);
+ }
+
+ trace("pipe %s:%u -> %i,%i\n", file, line,
+ p->u.pipe.ret ? -1 : p->u.pipe.fds[0],
+ p->u.pipe.ret ? -1 : p->u.pipe.fds[1]);
+
+ /* This causes valgrind to notice if they use pipefd[] after failure */
+ memcpy(pipefd, p->u.pipe.fds, sizeof(p->u.pipe.fds));
+ errno = p->error;
+ return p->u.pipe.ret;
+}
+
+static void cleanup_read(struct read_call *call, bool restore)
+{
+ if (restore) {
+ trace("cleaning up read on fd %i: seeking to %llu\n",
+ call->fd, (long long)call->off);
+
+ /* Read (not readv!) moves file offset! */
+ if (lseek(call->fd, call->off, SEEK_SET) != call->off) {
+ fwarn("Restoring lseek pointer failed (read)");
+ }
+ }
+}
+
+static ssize_t failtest_add_read(int fd, void *buf, size_t count, off_t off,
+ bool is_pread, const char *file, unsigned line)
+{
+ struct failtest_call *p;
+ struct read_call call;
+ call.fd = fd;
+ call.buf = buf;
+ call.count = count;
+ call.off = off;
+ p = add_history(FAILTEST_READ, false, file, line, &call);
+
+ /* FIXME: Try partial read returns. */
+ if (should_fail(p)) {
+ p->u.read.ret = -1;
+ p->error = EIO;
+ } else {
+ if (is_pread)
+ p->u.read.ret = pread(fd, buf, count, off);
+ else {
+ p->u.read.ret = read(fd, buf, count);
+ if (p->u.read.ret != -1)
+ set_cleanup(p, cleanup_read, struct read_call);
+ }
+ }
+ trace("%sread %s:%u fd %i %zu@%llu -> %i\n",
+ is_pread ? "p" : "", file, line, fd, count, (long long)off,
+ p->u.read.ret);
+ errno = p->error;
+ return p->u.read.ret;
+}
+
+static void cleanup_write(struct write_call *write, bool restore)
+{
+ trace("cleaning up write on %s\n", write->opener->u.open.pathname);
+ if (restore)
+ restore_contents(write->opener, write->saved, !write->is_pwrite,
+ "write");
+ free(write->saved);
+}
+
+static ssize_t failtest_add_write(int fd, const void *buf,
+ size_t count, off_t off,
+ bool is_pwrite,
+ const char *file, unsigned line)
+{
+ struct failtest_call *p;
+ struct write_call call;
+
+ call.fd = fd;
+ call.buf = buf;
+ call.count = count;
+ call.off = off;
+ call.is_pwrite = is_pwrite;
+ call.opener = opener_of(fd);
+ p = add_history(FAILTEST_WRITE, false, file, line, &call);
+
+ /* If we're a child, we need to make sure we write the same thing
+ * to non-files as the parent does, so tell it. */
+ if (control_fd != -1 && off == (off_t)-1) {
+ enum info_type type = WRITE;
+
+ write_all(control_fd, &type, sizeof(type));
+ write_all(control_fd, &p->u.write, sizeof(p->u.write));
+ write_all(control_fd, buf, count);
+ }
+
+ /* FIXME: Try partial write returns. */
+ if (should_fail(p)) {
+ p->u.write.ret = -1;
+ p->error = EIO;
+ } else {
+ bool is_file;
+ assert(call.opener == p->u.write.opener);
+
+ if (p->u.write.opener) {
+ is_file = (p->u.write.opener->type == FAILTEST_OPEN);
+ } else {
+ /* We can't unwind it, so at least check same
+ * in parent and child. */
+ is_file = false;
+ }
+
+ /* FIXME: We assume same write order in parent and child */
+ if (!is_file && child_writes_num != 0) {
+ if (child_writes[0].fd != fd)
+ errx(1, "Child wrote to fd %u, not %u?",
+ child_writes[0].fd, fd);
+ if (child_writes[0].off != p->u.write.off)
+ errx(1, "Child wrote to offset %zu, not %zu?",
+ (size_t)child_writes[0].off,
+ (size_t)p->u.write.off);
+ if (child_writes[0].count != count)
+ errx(1, "Child wrote length %zu, not %zu?",
+ child_writes[0].count, count);
+ if (memcmp(child_writes[0].buf, buf, count)) {
+ child_fail(NULL, 0,
+ "Child wrote differently to"
+ " fd %u than we did!\n", fd);
+ }
+ free((char *)child_writes[0].buf);
+ child_writes_num--;
+ memmove(&child_writes[0], &child_writes[1],
+ sizeof(child_writes[0]) * child_writes_num);
+
+ /* Child wrote it already. */
+ trace("write %s:%i on fd %i already done by child\n",
+ file, line, fd);
+ p->u.write.ret = count;
+ errno = p->error;
+ return p->u.write.ret;
+ }
+
+ if (is_file) {
+ p->u.write.saved = save_contents(call.opener->u.open.pathname,
+ fd, count, off,
+ "being overwritten");
+ set_cleanup(p, cleanup_write, struct write_call);
+ }
+
+ /* Though off is current seek ptr for write case, we need to
+ * move it. write() does that for us. */
+ if (p->u.write.is_pwrite)
+ p->u.write.ret = pwrite(fd, buf, count, off);
+ else
+ p->u.write.ret = write(fd, buf, count);
+ }
+ trace("%swrite %s:%i %zu@%llu on fd %i -> %i\n",
+ p->u.write.is_pwrite ? "p" : "",
+ file, line, count, (long long)off, fd, p->u.write.ret);
+ errno = p->error;
+ return p->u.write.ret;
+}
+
+ssize_t failtest_pwrite(int fd, const void *buf, size_t count, off_t offset,
+ const char *file, unsigned line)
+{
+ return failtest_add_write(fd, buf, count, offset, true, file, line);
+}
+
+ssize_t failtest_write(int fd, const void *buf, size_t count,
+ const char *file, unsigned line)
+{
+ return failtest_add_write(fd, buf, count, lseek(fd, 0, SEEK_CUR), false,
+ file, line);
+}
+
+ssize_t failtest_pread(int fd, void *buf, size_t count, off_t off,
+ const char *file, unsigned line)
+{
+ return failtest_add_read(fd, buf, count, off, true, file, line);
+}
+
+ssize_t failtest_read(int fd, void *buf, size_t count,
+ const char *file, unsigned line)
+{
+ return failtest_add_read(fd, buf, count, lseek(fd, 0, SEEK_CUR), false,
+ file, line);
+}
+
+static struct lock_info *WARN_UNUSED_RESULT
+add_lock(struct lock_info *locks, int fd, off_t start, off_t end, int type)
+{
+ unsigned int i;
+ struct lock_info *l;
+
+ for (i = 0; i < lock_num; i++) {
+ l = &locks[i];
+
+ if (l->fd != fd)
+ continue;
+ /* Four cases we care about:
+ * Start overlap:
+ * l = | |
+ * new = | |
+ * Mid overlap:
+ * l = | |
+ * new = | |
+ * End overlap:
+ * l = | |
+ * new = | |
+ * Total overlap:
+ * l = | |
+ * new = | |
+ */
+ if (start > l->start && end < l->end) {
+ /* Mid overlap: trim entry, add new one. */
+ off_t new_start, new_end;
+ new_start = end + 1;
+ new_end = l->end;
+ trace("splitting lock on fd %i from %llu-%llu"
+ " to %llu-%llu\n",
+ fd, (long long)l->start, (long long)l->end,
+ (long long)l->start, (long long)start - 1);
+ l->end = start - 1;
+ locks = add_lock(locks,
+ fd, new_start, new_end, l->type);
+ l = &locks[i];
+ } else if (start <= l->start && end >= l->end) {
+ /* Total overlap: eliminate entry. */
+ trace("erasing lock on fd %i %llu-%llu\n",
+ fd, (long long)l->start, (long long)l->end);
+ l->end = 0;
+ l->start = 1;
+ } else if (end >= l->start && end < l->end) {
+ trace("trimming lock on fd %i from %llu-%llu"
+ " to %llu-%llu\n",
+ fd, (long long)l->start, (long long)l->end,
+ (long long)end + 1, (long long)l->end);
+ /* Start overlap: trim entry. */
+ l->start = end + 1;
+ } else if (start > l->start && start <= l->end) {
+ trace("trimming lock on fd %i from %llu-%llu"
+ " to %llu-%llu\n",
+ fd, (long long)l->start, (long long)l->end,
+ (long long)l->start, (long long)start - 1);
+ /* End overlap: trim entry. */
+ l->end = start-1;
+ }
+ /* Nothing left? Remove it. */
+ if (l->end < l->start) {
+ trace("forgetting lock on fd %i\n", fd);
+ memmove(l, l + 1, (--lock_num - i) * sizeof(l[0]));
+ i--;
+ }
+ }
+
+ if (type != F_UNLCK) {
+ locks = realloc(locks, (lock_num + 1) * sizeof(*locks));
+ l = &locks[lock_num++];
+ l->fd = fd;
+ l->start = start;
+ l->end = end;
+ l->type = type;
+ trace("new lock on fd %i %llu-%llu\n",
+ fd, (long long)l->start, (long long)l->end);
+ }
+ return locks;
+}
+
+/* We trap this so we can record it: we don't fail it. */
+int failtest_close(int fd, const char *file, unsigned line)
+{
+ struct close_call call;
+ struct failtest_call *p, *opener;
+
+ /* Do this before we add ourselves to history! */
+ opener = opener_of(fd);
+
+ call.fd = fd;
+ p = add_history(FAILTEST_CLOSE, false, file, line, &call);
+ p->fail = false;
+
+ /* Consume close from failpath (shouldn't tell us to fail). */
+ if (following_path()) {
+ if (follow_path(p))
+ abort();
+ }
+
+ trace("close on fd %i\n", fd);
+ if (fd < 0)
+ return close(fd);
+
+ /* Mark opener as not leaking, remove its cleanup function. */
+ if (opener) {
+ trace("close on fd %i found opener %p\n", fd, opener);
+ if (opener->type == FAILTEST_PIPE) {
+ /* From a pipe? */
+ if (opener->u.pipe.fds[0] == fd) {
+ assert(!opener->u.pipe.closed[0]);
+ opener->u.pipe.closed[0] = true;
+ } else if (opener->u.pipe.fds[1] == fd) {
+ assert(!opener->u.pipe.closed[1]);
+ opener->u.pipe.closed[1] = true;
+ } else
+ abort();
+ opener->can_leak = (!opener->u.pipe.closed[0]
+ || !opener->u.pipe.closed[1]);
+ } else if (opener->type == FAILTEST_OPEN) {
+ opener->u.open.closed = true;
+ opener->can_leak = false;
+ } else
+ abort();
+ }
+
+ /* Restore offset now, in case parent shared (can't do after close!). */
+ if (control_fd != -1) {
+ struct failtest_call *i;
+
+ tlist_for_each_rev(&history, i, list) {
+ if (i == our_history_start)
+ break;
+ if (i == opener)
+ break;
+ if (i->type == FAILTEST_LSEEK && i->u.lseek.fd == fd) {
+ trace("close on fd %i undoes lseek\n", fd);
+ /* This seeks back. */
+ i->cleanup(&i->u, true);
+ i->cleanup = NULL;
+ } else if (i->type == FAILTEST_WRITE
+ && i->u.write.fd == fd
+ && !i->u.write.is_pwrite) {
+ trace("close on fd %i undoes write"
+ " offset change\n", fd);
+ /* Write (not pwrite!) moves file offset! */
+ if (lseek(fd, i->u.write.off, SEEK_SET)
+ != i->u.write.off) {
+ fwarn("Restoring lseek pointer failed (write)");
+ }
+ } else if (i->type == FAILTEST_READ
+ && i->u.read.fd == fd) {
+ /* preads don't *have* cleanups */
+ if (i->cleanup) {
+ trace("close on fd %i undoes read"
+ " offset change\n", fd);
+ /* This seeks back. */
+ i->cleanup(&i->u, true);
+ i->cleanup = NULL;
+ }
+ }
+ }
+ }
+
+ /* Close unlocks everything. */
+ locks = add_lock(locks, fd, 0, off_max(), F_UNLCK);
+ return close(fd);
+}
+
+/* Zero length means "to end of file" */
+static off_t end_of(off_t start, off_t len)
+{
+ if (len == 0)
+ return off_max();
+ return start + len - 1;
+}
+
+/* FIXME: This only handles locks, really. */
+int failtest_fcntl(int fd, const char *file, unsigned line, int cmd, ...)
+{
+ struct failtest_call *p;
+ struct fcntl_call call;
+ va_list ap;
+
+ call.fd = fd;
+ call.cmd = cmd;
+
+ /* Argument extraction. */
+ switch (cmd) {
+ case F_SETFL:
+ case F_SETFD:
+ va_start(ap, cmd);
+ call.arg.l = va_arg(ap, long);
+ va_end(ap);
+ trace("fcntl on fd %i F_SETFL/F_SETFD\n", fd);
+ return fcntl(fd, cmd, call.arg.l);
+ case F_GETFD:
+ case F_GETFL:
+ trace("fcntl on fd %i F_GETFL/F_GETFD\n", fd);
+ return fcntl(fd, cmd);
+ case F_GETLK:
+ trace("fcntl on fd %i F_GETLK\n", fd);
+ get_locks();
+ va_start(ap, cmd);
+ call.arg.fl = *va_arg(ap, struct flock *);
+ va_end(ap);
+ return fcntl(fd, cmd, &call.arg.fl);
+ case F_SETLK:
+ case F_SETLKW:
+ trace("fcntl on fd %i F_SETLK%s\n",
+ fd, cmd == F_SETLKW ? "W" : "");
+ va_start(ap, cmd);
+ call.arg.fl = *va_arg(ap, struct flock *);
+ va_end(ap);
+ break;
+ default:
+ /* This means you need to implement it here. */
+ err(1, "failtest: unknown fcntl %u", cmd);
+ }
+
+ p = add_history(FAILTEST_FCNTL, false, file, line, &call);
+
+ if (should_fail(p)) {
+ p->u.fcntl.ret = -1;
+ if (p->u.fcntl.cmd == F_SETLK)
+ p->error = EAGAIN;
+ else
+ p->error = EDEADLK;
+ } else {
+ get_locks();
+ p->u.fcntl.ret = fcntl(p->u.fcntl.fd, p->u.fcntl.cmd,
+ &p->u.fcntl.arg.fl);
+ if (p->u.fcntl.ret == -1)
+ p->error = errno;
+ else {
+ /* We don't handle anything else yet. */
+ assert(p->u.fcntl.arg.fl.l_whence == SEEK_SET);
+ locks = add_lock(locks,
+ p->u.fcntl.fd,
+ p->u.fcntl.arg.fl.l_start,
+ end_of(p->u.fcntl.arg.fl.l_start,
+ p->u.fcntl.arg.fl.l_len),
+ p->u.fcntl.arg.fl.l_type);
+ }
+ }
+ trace("fcntl on fd %i -> %i\n", fd, p->u.fcntl.ret);
+ errno = p->error;
+ return p->u.fcntl.ret;
+}
+
+static void cleanup_lseek(struct lseek_call *call, bool restore)
+{
+ if (restore) {
+ trace("cleaning up lseek on fd %i -> %llu\n",
+ call->fd, (long long)call->old_off);
+ if (lseek(call->fd, call->old_off, SEEK_SET) != call->old_off)
+ fwarn("Restoring lseek pointer failed");
+ }
+}
+
+/* We trap this so we can undo it: we don't fail it. */
+off_t failtest_lseek(int fd, off_t offset, int whence, const char *file,
+ unsigned int line)
+{
+ struct failtest_call *p;
+ struct lseek_call call;
+ call.fd = fd;
+ call.offset = offset;
+ call.whence = whence;
+ call.old_off = lseek(fd, 0, SEEK_CUR);
+
+ p = add_history(FAILTEST_LSEEK, false, file, line, &call);
+ p->fail = false;
+
+ /* Consume lseek from failpath. */
+ if (failpath)
+ if (should_fail(p))
+ abort();
+
+ p->u.lseek.ret = lseek(fd, offset, whence);
+
+ if (p->u.lseek.ret != (off_t)-1)
+ set_cleanup(p, cleanup_lseek, struct lseek_call);
+
+ trace("lseek %s:%u on fd %i from %llu to %llu%s\n",
+ file, line, fd, (long long)call.old_off, (long long)offset,
+ whence == SEEK_CUR ? " (from current off)" :
+ whence == SEEK_END ? " (from end)" :
+ whence == SEEK_SET ? "" : " (invalid whence)");
+ return p->u.lseek.ret;
+}
+
+
+pid_t failtest_getpid(const char *file, unsigned line)
+{
+ /* You must call failtest_init first! */
+ assert(orig_pid);
+ return orig_pid;
+}
+
+void failtest_init(int argc, char *argv[])
+{
+ unsigned int i;
+
+ orig_pid = getpid();
+
+ warnf = fdopen(move_fd_to_high(dup(STDERR_FILENO)), "w");
+ for (i = 1; i < argc; i++) {
+ if (!strncmp(argv[i], "--failpath=", strlen("--failpath="))) {
+ failpath = argv[i] + strlen("--failpath=");
+ } else if (strcmp(argv[i], "--trace") == 0) {
+ tracef = warnf;
+ failtest_timeout_ms = -1;
+ } else if (!strncmp(argv[i], "--debugpath=",
+ strlen("--debugpath="))) {
+ debugpath = argv[i] + strlen("--debugpath=");
+ }
+ }
+ failtable_init(&failtable);
+ start = time_now();
+}
+
+bool failtest_has_failed(void)
+{
+ return control_fd != -1;
+}
+
+void failtest_exit(int status)
+{
+ trace("failtest_exit with status %i\n", status);
+ if (failtest_exit_check) {
+ if (!failtest_exit_check(&history))
+ child_fail(NULL, 0, "failtest_exit_check failed\n");
+ }
+
+ failtest_cleanup(false, status);
+}
diff --git a/lib/ccan/failtest/failtest.d b/lib/ccan/failtest/failtest.d
new file mode 100644
index 0000000000..6aa295d6f8
--- /dev/null
+++ b/lib/ccan/failtest/failtest.d
@@ -0,0 +1,70 @@
+ccan/failtest/failtest.o: ccan/failtest/failtest.c \
+ ccan/failtest/failtest.h config.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/time.h \
+ /usr/lib/gcc/i686-linux-gnu/4.5.4/include/stddef.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h \
+ /usr/lib/gcc/i686-linux-gnu/4.5.4/include/stdbool.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/stat.h ccan/compiler/compiler.h \
+ ccan/tlist/tlist.h ccan/list/list.h /usr/include/assert.h \
+ ccan/container_of/container_of.h ccan/check_type/check_type.h \
+ ccan/tcon/tcon.h /usr/lib/gcc/i686-linux-gnu/4.5.4/include/stdarg.h \
+ /usr/include/string.h /usr/include/xlocale.h /usr/include/stdio.h \
+ /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h /usr/include/ctype.h \
+ /usr/include/err.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/poll.h /usr/include/i386-linux-gnu/sys/poll.h \
+ /usr/include/i386-linux-gnu/bits/poll.h /usr/include/errno.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/include/i386-linux-gnu/sys/wait.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h \
+ /usr/include/i386-linux-gnu/sys/resource.h \
+ /usr/include/i386-linux-gnu/bits/resource.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h \
+ /usr/include/i386-linux-gnu/sys/stat.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/mman.h \
+ /usr/include/i386-linux-gnu/bits/mman.h ccan/time/time.h \
+ /usr/lib/gcc/i686-linux-gnu/4.5.4/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ ccan/read_write_all/read_write_all.h ccan/failtest/failtest_proto.h \
+ /usr/include/stdlib.h /usr/include/alloca.h \
+ ccan/build_assert/build_assert.h ccan/hash/hash.h \
+ ccan/htable/htable_type.h ccan/htable/htable.h ccan/str/str.h \
+ ccan/str/str_debug.h /usr/include/execinfo.h
diff --git a/lib/ccan/failtest/failtest.h b/lib/ccan/failtest/failtest.h
new file mode 100644
index 0000000000..9af5669678
--- /dev/null
+++ b/lib/ccan/failtest/failtest.h
@@ -0,0 +1,258 @@
+/* Licensed under LGPL - see LICENSE file for details */
+#ifndef CCAN_FAILTEST_H
+#define CCAN_FAILTEST_H
+#include "config.h"
+#if HAVE_FILE_OFFSET_BITS
+#define _FILE_OFFSET_BITS 64
+#endif
+#include <sys/types.h>
+#include <stdbool.h>
+#include <fcntl.h>
+#include <ccan/compiler/compiler.h>
+#include <ccan/tlist/tlist.h>
+
+/**
+ * failtest_init - initialize the failtest module
+ * @argc: the number of commandline arguments
+ * @argv: the commandline argument array
+ *
+ * This initializes the module, and in particular if argv[1] is "--failpath="
+ * then it ensures that failures follow that pattern. This allows easy
+ * debugging of complex failure paths.
+ */
+void failtest_init(int argc, char *argv[]);
+
+/**
+ * failtest_exit - clean up and exit the test
+ * @status: the status (usually exit_status() from ccan/tap).
+ *
+ * This cleans up and changes to files made in this child, and exits the test.
+ * It also calls your failtest_default_hook, if any.
+ *
+ * A child which does not exit via failtest_exit() will cause the overall test
+ * to fail.
+ */
+void NORETURN failtest_exit(int status);
+
+/**
+ * enum failtest_call_type - discriminator for failtest_call.u
+ */
+enum failtest_call_type {
+ FAILTEST_MALLOC,
+ FAILTEST_CALLOC,
+ FAILTEST_REALLOC,
+ FAILTEST_OPEN,
+ FAILTEST_CLOSE,
+ FAILTEST_PIPE,
+ FAILTEST_READ,
+ FAILTEST_WRITE,
+ FAILTEST_FCNTL,
+ FAILTEST_MMAP,
+ FAILTEST_LSEEK
+};
+
+struct calloc_call {
+ void *ret;
+ size_t nmemb;
+ size_t size;
+};
+
+struct malloc_call {
+ void *ret;
+ size_t size;
+};
+
+struct realloc_call {
+ void *ret;
+ void *ptr;
+ size_t size;
+};
+
+struct open_call {
+ int ret;
+ const char *pathname;
+ int flags;
+ mode_t mode;
+ bool always_save;
+ bool closed;
+ /* This is used for O_TRUNC opens on existing files. */
+ struct contents_saved *saved;
+};
+
+struct close_call {
+ int fd;
+};
+
+struct pipe_call {
+ int ret;
+ int fds[2];
+ bool closed[2];
+};
+
+struct read_call {
+ ssize_t ret;
+ off_t off;
+ int fd;
+ void *buf;
+ size_t count;
+};
+
+struct write_call {
+ ssize_t ret;
+ int fd;
+ const void *buf;
+ size_t count;
+ off_t off;
+ bool is_pwrite;
+ struct failtest_call *opener;
+ struct contents_saved *saved;
+};
+
+struct fcntl_call {
+ int ret;
+ int fd;
+ int cmd;
+ union {
+ struct flock fl;
+ long l;
+ int i;
+ } arg;
+};
+
+struct mmap_call {
+ void *ret;
+ void *addr;
+ size_t length;
+ int prot;
+ int flags;
+ int fd;
+ off_t offset;
+ struct failtest_call *opener;
+ struct contents_saved *saved;
+};
+
+struct lseek_call {
+ ssize_t ret;
+ int fd;
+ off_t offset;
+ int whence;
+ off_t old_off;
+};
+
+/**
+ * struct failtest_call - description of a call redirected to failtest module
+ * @type: the call type
+ * @file: the filename of the caller
+ * @line: the line number of the caller
+ * @fail: did this call fail
+ * @error: the errno (if any)
+ * @u: the union of call data
+ *
+ * This structure is used to represent the ordered history of calls.
+ *
+ * See Also:
+ * failtest_hook, failtest_exit_check
+ */
+struct failtest_call {
+ /* We're in the history list. */
+ struct list_node list;
+ enum failtest_call_type type;
+ /* Where we were called from. */
+ const char *file;
+ unsigned int line;
+ /* Did we fail? */
+ bool fail;
+ /* What we set errno to. */
+ int error;
+ /* How do we clean this up? */
+ void (*cleanup)(void *u, bool restore);
+ /* Should their program have cleaned up? */
+ bool can_leak;
+ /* Backtrace of call chain. */
+ void **backtrace;
+ unsigned int backtrace_num;
+ /* The actual call data. */
+ union {
+ struct calloc_call calloc;
+ struct malloc_call malloc;
+ struct realloc_call realloc;
+ struct open_call open;
+ struct close_call close;
+ struct pipe_call pipe;
+ struct read_call read;
+ struct write_call write;
+ struct fcntl_call fcntl;
+ struct mmap_call mmap;
+ struct lseek_call lseek;
+ } u;
+};
+
+/* This defines struct tlist_calls. */
+TLIST_TYPE(calls, struct failtest_call);
+
+enum failtest_result {
+ /* Yes try failing this call. */
+ FAIL_OK,
+ /* No, don't try failing this call. */
+ FAIL_DONT_FAIL,
+ /* Try failing this call but don't go too far down that path. */
+ FAIL_PROBE,
+};
+
+/**
+ * failtest_hook - whether a certain call should fail or not.
+ * @history: the ordered history of all failtest calls.
+ *
+ * The default value of this hook is failtest_default_hook(), which returns
+ * FAIL_OK (ie. yes, fail the call).
+ *
+ * You can override it, and avoid failing certain calls. The parameters
+ * of the call (but not the return value(s)) will be filled in for the last
+ * call.
+ *
+ * Example:
+ * static enum failtest_result dont_fail_alloc(struct tlist_calls *history)
+ * {
+ * struct failtest_call *call;
+ * call = tlist_tail(history, list);
+ * if (call->type == FAILTEST_MALLOC
+ * || call->type == FAILTEST_CALLOC
+ * || call->type == FAILTEST_REALLOC)
+ * return FAIL_DONT_FAIL;
+ * return FAIL_OK;
+ * }
+ * ...
+ * failtest_hook = dont_fail_alloc;
+ */
+extern enum failtest_result (*failtest_hook)(struct tlist_calls *history);
+
+/**
+ * failtest_exit_check - hook for additional checks on a failed child.
+ * @history: the ordered history of all failtest calls.
+ *
+ * Your program might have additional checks to do on failure, such as
+ * check that a file is not corrupted, or than an error message has been
+ * logged.
+ *
+ * If this returns false, the path to this failure will be printed and the
+ * overall test will fail.
+ */
+extern bool (*failtest_exit_check)(struct tlist_calls *history);
+
+/**
+ * failtest_has_failed - determine if a failure has occurred.
+ *
+ * Sometimes you want to exit immediately if you've experienced an
+ * injected failure. This is useful when you have four separate tests
+ * in your test suite, and you don't want to do the next one if you've
+ * had a failure in a previous one.
+ */
+extern bool failtest_has_failed(void);
+
+/**
+ * failtest_timeout_ms - how long to wait before killing child.
+ *
+ * Default is 20,000 (20 seconds).
+ */
+extern unsigned int failtest_timeout_ms;
+#endif /* CCAN_FAILTEST_H */
diff --git a/lib/ccan/failtest/failtest_override.h b/lib/ccan/failtest/failtest_override.h
new file mode 100644
index 0000000000..204494b086
--- /dev/null
+++ b/lib/ccan/failtest/failtest_override.h
@@ -0,0 +1,81 @@
+/* Licensed under LGPL - see LICENSE file for details */
+#ifndef CCAN_FAILTEST_OVERRIDE_H
+#define CCAN_FAILTEST_OVERRIDE_H
+/* This file is included before the source file to test. */
+#include "config.h"
+#if HAVE_FILE_OFFSET_BITS
+#define _FILE_OFFSET_BITS 64
+#endif
+
+/* Replacement of allocators. */
+#include <stdlib.h>
+
+#undef calloc
+#define calloc(nmemb, size) \
+ failtest_calloc((nmemb), (size), __FILE__, __LINE__)
+
+#undef malloc
+#define malloc(size) \
+ failtest_malloc((size), __FILE__, __LINE__)
+
+#undef realloc
+#define realloc(ptr, size) \
+ failtest_realloc((ptr), (size), __FILE__, __LINE__)
+
+#undef free
+#define free(ptr) \
+ failtest_free(ptr)
+
+/* Replacement of I/O. */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#undef open
+#define open(pathname, ...) \
+ failtest_open((pathname), __FILE__, __LINE__, __VA_ARGS__)
+
+#undef pipe
+#define pipe(pipefd) \
+ failtest_pipe((pipefd), __FILE__, __LINE__)
+
+#undef read
+#define read(fd, buf, count) \
+ failtest_read((fd), (buf), (count), __FILE__, __LINE__)
+
+#undef write
+#define write(fd, buf, count) \
+ failtest_write((fd), (buf), (count), __FILE__, __LINE__)
+
+#undef pread
+#define pread(fd, buf, count, off) \
+ failtest_pread((fd), (buf), (count), (off), __FILE__, __LINE__)
+
+#undef pwrite
+#define pwrite(fd, buf, count, off) \
+ failtest_pwrite((fd), (buf), (count), (off), __FILE__, __LINE__)
+
+#undef close
+#define close(fd) failtest_close(fd, __FILE__, __LINE__)
+
+#undef fcntl
+#define fcntl(fd, ...) failtest_fcntl((fd), __FILE__, __LINE__, __VA_ARGS__)
+
+#undef mmap
+#define mmap(addr, length, prot, flags, fd, offset) \
+ failtest_mmap((addr), (length), (prot), (flags), (fd), (offset), \
+ __FILE__, __LINE__)
+
+#undef lseek
+#define lseek(fd, offset, whence) \
+ failtest_lseek((fd), (offset), (whence), __FILE__, __LINE__)
+
+/* Replacement of getpid (since failtest will fork). */
+#undef getpid
+#define getpid() failtest_getpid(__FILE__, __LINE__)
+
+#include <ccan/failtest/failtest_proto.h>
+
+#endif /* CCAN_FAILTEST_OVERRIDE_H */
diff --git a/lib/ccan/failtest/failtest_proto.h b/lib/ccan/failtest/failtest_proto.h
new file mode 100644
index 0000000000..c7e6b48984
--- /dev/null
+++ b/lib/ccan/failtest/failtest_proto.h
@@ -0,0 +1,31 @@
+/* Licensed under LGPL - see LICENSE file for details */
+#ifndef CCAN_FAILTEST_PROTO_H
+#define CCAN_FAILTEST_PROTO_H
+#include <stdlib.h>
+
+/* Potentially-failing versions of routines; #defined in failtest.h */
+void *failtest_calloc(size_t nmemb, size_t size,
+ const char *file, unsigned line);
+void *failtest_malloc(size_t size, const char *file, unsigned line);
+void *failtest_realloc(void *ptr, size_t size,
+ const char *file, unsigned line);
+void failtest_free(void *ptr);
+int failtest_open(const char *pathname,
+ const char *file, unsigned line, ...);
+int failtest_pipe(int pipefd[2], const char *file, unsigned line);
+ssize_t failtest_read(int fd, void *buf, size_t count,
+ const char *file, unsigned line);
+ssize_t failtest_write(int fd, const void *buf, size_t count,
+ const char *file, unsigned line);
+ssize_t failtest_pread(int fd, void *buf, size_t count, off_t offset,
+ const char *file, unsigned line);
+ssize_t failtest_pwrite(int fd, const void *buf, size_t count, off_t offset,
+ const char *file, unsigned line);
+void *failtest_mmap(void *addr, size_t length, int prot, int flags,
+ int fd, off_t offset, const char *file, unsigned line);
+off_t failtest_lseek(int fd, off_t offset, int whence,
+ const char *file, unsigned line);
+int failtest_close(int fd, const char *file, unsigned line);
+int failtest_fcntl(int fd, const char *file, unsigned line, int cmd, ...);
+pid_t failtest_getpid(const char *file, unsigned line);
+#endif /* CCAN_FAILTEST_PROTO_H */
diff --git a/lib/ccan/failtest/failtest_undo.h b/lib/ccan/failtest/failtest_undo.h
new file mode 100644
index 0000000000..3bb953dedd
--- /dev/null
+++ b/lib/ccan/failtest/failtest_undo.h
@@ -0,0 +1,49 @@
+/* Licensed under LGPL - see LICENSE file for details */
+#ifndef CCAN_FAILTEST_RESTORE_H
+#define CCAN_FAILTEST_RESTORE_H
+/* This file undoes the effect of failtest_override.h. */
+
+#undef calloc
+#define calloc(nmemb, size) \
+ failtest_calloc((nmemb), (size), NULL, 0)
+
+#undef malloc
+#define malloc(size) \
+ failtest_malloc((size), NULL, 0)
+
+#undef realloc
+#define realloc(ptr, size) \
+ failtest_realloc((ptr), (size), NULL, 0)
+
+#undef open
+#define open(pathname, ...) \
+ failtest_open((pathname), NULL, 0, __VA_ARGS__)
+
+#undef pipe
+#define pipe(pipefd) \
+ failtest_pipe((pipefd), NULL, 0)
+
+#undef read
+#define read(fd, buf, count) \
+ failtest_read((fd), (buf), (count), NULL, 0)
+
+#undef write
+#define write(fd, buf, count) \
+ failtest_write((fd), (buf), (count), NULL, 0)
+
+#undef mmap
+#define mmap(addr, length, prot, flags, fd, offset) \
+ failtest_mmap((addr), (length), (prot), (flags), (fd), (offset), NULL, 0)
+
+#undef lseek
+#define lseek(fd, off, whence) \
+ failtest_lseek((fd), (off), (whence), NULL, 0)
+
+#undef close
+#define close(fd) failtest_close(fd)
+
+#undef fcntl
+#define fcntl(fd, ...) \
+ failtest_fcntl((fd), NULL, 0, __VA_ARGS__)
+
+#endif /* CCAN_FAILTEST_RESTORE_H */
diff --git a/lib/ccan/failtest/test/run-failpath.c b/lib/ccan/failtest/test/run-failpath.c
new file mode 100644
index 0000000000..9795ee9d05
--- /dev/null
+++ b/lib/ccan/failtest/test/run-failpath.c
@@ -0,0 +1,39 @@
+#include <ccan/failtest/failtest.c>
+#include <stdlib.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ccan/tap/tap.h>
+
+int main(void)
+{
+ int fds[2], fd;
+ void *p;
+
+ plan_tests(14);
+ failtest_init(0, NULL);
+
+ failpath = "mceopwrMCEOPWR";
+
+ ok1((p = failtest_malloc(10, "run-failpath.c", 1)) != NULL);
+ ok1(failtest_calloc(10, 5, "run-failpath.c", 1) != NULL);
+ ok1((p = failtest_realloc(p, 100, "run-failpath.c", 1)) != NULL);
+ ok1((fd = failtest_open("failpath-scratch", "run-failpath.c", 1,
+ O_RDWR|O_CREAT, 0600)) >= 0);
+ ok1(failtest_pipe(fds, "run-failpath.c", 1) == 0);
+ ok1(failtest_write(fd, "xxxx", 4, "run-failpath.c", 1) == 4);
+ lseek(fd, 0, SEEK_SET);
+ ok1(failtest_read(fd, p, 5, "run-failpath.c", 1) == 4);
+
+ /* Now we're into the failures. */
+ ok1(failtest_malloc(10, "run-failpath.c", 1) == NULL);
+ ok1(failtest_calloc(10, 5, "run-failpath.c", 1) == NULL);
+ ok1(failtest_realloc(p, 100, "run-failpath.c", 1) == NULL);
+ ok1(failtest_open("failpath-scratch", "run-failpath.c", 1,
+ O_RDWR|O_CREAT, 0600) == -1);
+ ok1(failtest_pipe(fds, "run-failpath.c", 1) == -1);
+ ok1(failtest_write(fd, "xxxx", 4, "run-failpath.c", 1) == -1);
+ lseek(fd, 0, SEEK_SET);
+ ok1(failtest_read(fd, p, 5, "run-failpath.c", 1) == -1);
+ return exit_status();
+}
diff --git a/lib/ccan/failtest/test/run-history.c b/lib/ccan/failtest/test/run-history.c
new file mode 100644
index 0000000000..b78682f5d5
--- /dev/null
+++ b/lib/ccan/failtest/test/run-history.c
@@ -0,0 +1,183 @@
+/* Include the C files directly. */
+#include <ccan/failtest/failtest.c>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ccan/tap/tap.h>
+
+int main(void)
+{
+ struct failtest_call *call;
+ struct calloc_call calloc_call;
+ struct malloc_call malloc_call;
+ struct realloc_call realloc_call;
+ struct open_call open_call;
+ struct pipe_call pipe_call;
+ struct read_call read_call;
+ struct write_call write_call;
+ struct mmap_call mmap_call;
+ char buf[20];
+ unsigned int i;
+ char *path;
+
+ /* This is how many tests you plan to run */
+ plan_tests(69);
+
+ calloc_call.ret = calloc(1, 2);
+ calloc_call.nmemb = 1;
+ calloc_call.size = 2;
+ call = add_history(FAILTEST_CALLOC, true,
+ "run-history.c", 1, &calloc_call);
+ /* Normally should_fail would set this. */
+ call->fail = false;
+ ok1(call->type == FAILTEST_CALLOC);
+ ok1(call->can_leak == true);
+ ok1(strcmp(call->file, "run-history.c") == 0);
+ ok1(call->line == 1);
+ ok1(call->u.calloc.ret == calloc_call.ret);
+ ok1(call->u.calloc.nmemb == calloc_call.nmemb);
+ ok1(call->u.calloc.size == calloc_call.size);
+
+ malloc_call.ret = malloc(2);
+ malloc_call.size = 2;
+ call = add_history(FAILTEST_MALLOC, true,
+ "run-history.c", 2, &malloc_call);
+ /* Normally should_fail would set this. */
+ call->fail = false;
+ ok1(call->type == FAILTEST_MALLOC);
+ ok1(call->can_leak == true);
+ ok1(strcmp(call->file, "run-history.c") == 0);
+ ok1(call->line == 2);
+ ok1(call->u.malloc.ret == malloc_call.ret);
+ ok1(call->u.malloc.size == malloc_call.size);
+
+ realloc_call.ret = realloc(malloc_call.ret, 3);
+ realloc_call.ptr = malloc_call.ret;
+ realloc_call.size = 3;
+ call = add_history(FAILTEST_REALLOC, true, "run-history.c", 3,
+ &realloc_call);
+ /* Normally should_fail would set this. */
+ call->fail = false;
+ ok1(call->type == FAILTEST_REALLOC);
+ ok1(call->can_leak == true);
+ ok1(strcmp(call->file, "run-history.c") == 0);
+ ok1(call->line == 3);
+ ok1(call->u.realloc.ret == realloc_call.ret);
+ ok1(call->u.realloc.ptr == realloc_call.ptr);
+ ok1(call->u.realloc.size == realloc_call.size);
+
+ open_call.ret = open("test/run-history.c", O_RDONLY);
+ open_call.pathname = "test/run-history.c";
+ open_call.flags = O_RDONLY;
+ open_call.mode = 0;
+ open_call.closed = false;
+ call = add_history(FAILTEST_OPEN, true, "run-history.c", 4, &open_call);
+ /* Normally should_fail would set this. */
+ call->fail = false;
+ ok1(call->type == FAILTEST_OPEN);
+ ok1(call->can_leak == true);
+ ok1(strcmp(call->file, "run-history.c") == 0);
+ ok1(call->line == 4);
+ ok1(call->u.open.ret == open_call.ret);
+ ok1(strcmp(call->u.open.pathname, open_call.pathname) == 0);
+ ok1(call->u.open.flags == open_call.flags);
+ ok1(call->u.open.mode == open_call.mode);
+
+ pipe_call.ret = pipe(pipe_call.fds);
+ call = add_history(FAILTEST_PIPE, true, "run-history.c", 5, &pipe_call);
+ /* Normally should_fail would set this. */
+ call->fail = false;
+ ok1(call->type == FAILTEST_PIPE);
+ ok1(strcmp(call->file, "run-history.c") == 0);
+ ok1(call->can_leak == true);
+ ok1(call->line == 5);
+ ok1(call->u.pipe.ret == pipe_call.ret);
+ ok1(call->u.pipe.fds[0] == pipe_call.fds[0]);
+ ok1(call->u.pipe.fds[1] == pipe_call.fds[1]);
+
+ read_call.ret = read(open_call.ret, buf, 20);
+ read_call.buf = buf;
+ read_call.fd = open_call.ret;
+ read_call.count = 20;
+ call = add_history(FAILTEST_READ, false, "run-history.c", 6, &read_call);
+ /* Normally should_fail would set this. */
+ call->fail = false;
+ ok1(call->type == FAILTEST_READ);
+ ok1(call->can_leak == false);
+ ok1(strcmp(call->file, "run-history.c") == 0);
+ ok1(call->line == 6);
+ ok1(call->u.read.ret == read_call.ret);
+ ok1(call->u.read.buf == read_call.buf);
+ ok1(call->u.read.fd == read_call.fd);
+ ok1(call->u.read.count == read_call.count);
+
+ write_call.ret = 20;
+ write_call.buf = buf;
+ write_call.fd = open_call.ret;
+ write_call.count = 20;
+ write_call.opener = NULL;
+ call = add_history(FAILTEST_WRITE, false, "run-history.c", 7,
+ &write_call);
+ /* Normally should_fail would set this. */
+ call->fail = false;
+ ok1(call->type == FAILTEST_WRITE);
+ ok1(call->can_leak == false);
+ ok1(strcmp(call->file, "run-history.c") == 0);
+ ok1(call->line == 7);
+ ok1(call->u.write.ret == write_call.ret);
+ ok1(call->u.write.buf == write_call.buf);
+ ok1(call->u.write.fd == write_call.fd);
+ ok1(call->u.write.count == write_call.count);
+ ok1(call->u.write.opener == write_call.opener);
+
+ mmap_call.ret = &mmap_call;
+ mmap_call.addr = NULL;
+ mmap_call.length = 4096;
+ mmap_call.prot = PROT_READ;
+ mmap_call.flags = 0;
+ mmap_call.fd = open_call.ret;
+ mmap_call.offset = 0;
+ mmap_call.opener = opener_of(open_call.ret);
+ ok1(mmap_call.opener->type == FAILTEST_OPEN);
+ mmap_call.saved = NULL;
+
+ call = add_history(FAILTEST_MMAP, false, "run-history.c", 8,
+ &mmap_call);
+ /* Normally should_fail would set this. */
+ call->fail = false;
+ ok1(call->type == FAILTEST_MMAP);
+ ok1(call->can_leak == false);
+ ok1(strcmp(call->file, "run-history.c") == 0);
+ ok1(call->line == 8);
+ ok1(call->u.mmap.ret == mmap_call.ret);
+ ok1(call->u.mmap.addr == mmap_call.addr);
+ ok1(call->u.mmap.length == mmap_call.length);
+ ok1(call->u.mmap.prot == mmap_call.prot);
+ ok1(call->u.mmap.flags == mmap_call.flags);
+ ok1(call->u.mmap.fd == mmap_call.fd);
+ ok1(call->u.mmap.offset == mmap_call.offset);
+ ok1(call->u.mmap.opener == mmap_call.opener);
+ ok1(call->u.mmap.saved == mmap_call.saved);
+
+ i = 0;
+ tlist_for_each(&history, call, list)
+ i++;
+
+ ok1(i == 8);
+
+ tlist_for_each(&history, call, list)
+ call->fail = false;
+
+ path = failpath_string();
+ ok1(streq(path, "cmeoprwa"));
+ free(path);
+
+ tlist_for_each(&history, call, list)
+ call->fail = true;
+
+ path = failpath_string();
+ ok1(streq(path, "CMEOPRWA"));
+ free(path);
+
+ return exit_status();
+}
diff --git a/lib/ccan/failtest/test/run-locking.c b/lib/ccan/failtest/test/run-locking.c
new file mode 100644
index 0000000000..da0ee70fac
--- /dev/null
+++ b/lib/ccan/failtest/test/run-locking.c
@@ -0,0 +1,134 @@
+/* Include the C files directly. */
+#include <ccan/failtest/failtest.c>
+#include <stdlib.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <ccan/tap/tap.h>
+
+#define SIZE 8
+
+/* We don't want to fork and fail; we're just testing lock recording. */
+static enum failtest_result dont_fail(struct tlist_calls *history)
+{
+ return FAIL_DONT_FAIL;
+}
+
+static bool place_lock(int fd, char lockarr[], unsigned pos, unsigned size,
+ int type)
+{
+ struct flock fl;
+
+ /* Update record keeping. */
+ if (type == F_RDLCK)
+ memset(lockarr+pos, 1, size);
+ else if (type == F_WRLCK)
+ memset(lockarr+pos, 2, size);
+ else
+ memset(lockarr+pos, 0, size);
+
+ fl.l_whence = SEEK_SET;
+ fl.l_type = type;
+ fl.l_start = pos;
+ fl.l_len = size;
+ return failtest_fcntl(fd, "run-locking.c", 1, F_SETLK, &fl) == 0;
+}
+
+static char lock_lookup(int fd, unsigned pos)
+{
+ char ret = 0;
+ unsigned int i;
+ struct lock_info *l;
+
+ for (i = 0; i < lock_num; i++) {
+ l = &locks[i];
+
+ if (l->fd != fd)
+ continue;
+
+ if (pos >= l->start && pos <= l->end) {
+ if (ret)
+ ret = 3;
+ else if (l->type == F_RDLCK)
+ ret = 1;
+ else
+ ret = 2;
+ }
+ }
+ return ret;
+}
+
+static bool test(int fd,
+ unsigned p1, unsigned s1,
+ unsigned p2, unsigned s2,
+ unsigned p3, unsigned s3)
+{
+ unsigned int i;
+ char lockarr[SIZE];
+
+ memset(lockarr, 0, sizeof(lockarr));
+
+ if (!place_lock(fd, lockarr, p1, s1, F_WRLCK))
+ return false;
+
+ if (!place_lock(fd, lockarr, p2, s2, F_RDLCK))
+ return false;
+
+ if (!place_lock(fd, lockarr, p3, s3, F_UNLCK))
+ return false;
+
+ for (i = 0; i < SIZE; i++) {
+ if (lock_lookup(fd, i) != lockarr[i])
+ return false;
+ }
+
+ /* Reset lock info. */
+ lock_num = 0;
+ return true;
+}
+
+int main(void)
+{
+ int fd;
+ long flags;
+ unsigned int isize;
+
+ plan_tests(5835);
+ failtest_init(0, NULL);
+ failtest_hook = dont_fail;
+
+ fd = open("run-locking-scratch", O_RDWR|O_CREAT, 0600);
+ /* GETFL and SETFL wrappers should pass through. */
+ flags = fcntl(fd, F_GETFL);
+ ok1(failtest_fcntl(fd, "run-locking.c", 1, F_GETFL) == flags);
+ flags |= O_NONBLOCK;
+ ok1(failtest_fcntl(fd, "run-locking.c", 1, F_SETFL, flags) == 0);
+ ok1(failtest_fcntl(fd, "run-locking.c", 1, F_GETFL) == flags);
+
+ for (isize = 1; isize < 4; isize++) {
+ unsigned int ipos;
+ for (ipos = 0; ipos + isize < SIZE; ipos++) {
+ unsigned int jsize;
+ for (jsize = 1; jsize < 4; jsize++) {
+ unsigned int jpos;
+ for (jpos = 0; jpos + jsize < SIZE; jpos++) {
+ unsigned int ksize;
+ for (ksize = 1; ksize < 4; ksize++) {
+ unsigned int kpos;
+ for (kpos = 0;
+ kpos + ksize < SIZE;
+ kpos++) {
+ ok1(test(fd,
+ ipos, isize,
+ jpos, jsize,
+ kpos, ksize));
+ }
+ }
+ }
+ }
+ }
+ }
+
+ return exit_status();
+}
diff --git a/lib/ccan/failtest/test/run-malloc.c b/lib/ccan/failtest/test/run-malloc.c
new file mode 100644
index 0000000000..96641b8525
--- /dev/null
+++ b/lib/ccan/failtest/test/run-malloc.c
@@ -0,0 +1,116 @@
+#include "config.h"
+#include <stdlib.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <ccan/tap/tap.h>
+
+/* We don't actually want it to exit... */
+static jmp_buf exited;
+#define exit(status) longjmp(exited, (status) + 1)
+
+#define printf saved_printf
+static int saved_printf(const char *fmt, ...);
+
+#define fprintf saved_fprintf
+static int saved_fprintf(FILE *ignored, const char *fmt, ...);
+
+#define vfprintf saved_vfprintf
+static int saved_vfprintf(FILE *ignored, const char *fmt, va_list ap);
+
+/* Hack to avoid a memory leak which valgrind complains about. */
+#define realloc set_realloc
+static void *set_realloc(void *ptr, size_t size);
+
+#define free set_free
+static void set_free(void *ptr);
+
+/* Include the C files directly. */
+#include <ccan/failtest/failtest.c>
+
+#undef realloc
+#undef free
+
+static char *buffer;
+static void *set_realloc(void *ptr, size_t size)
+{
+ return buffer = realloc(ptr, size);
+}
+
+static void set_free(void *ptr)
+{
+ if (ptr == buffer)
+ buffer = NULL;
+ free(ptr);
+}
+
+static char *output = NULL;
+
+static int saved_vprintf(const char *fmt, va_list ap)
+{
+ int ret;
+ int len = 0;
+ va_list ap2;
+
+ va_copy(ap2, ap);
+ ret = vsnprintf(NULL, 0, fmt, ap2);
+ va_end(ap2);
+
+ if (output)
+ len = strlen(output);
+
+ output = realloc(output, len + ret + 1);
+ return vsprintf(output + len, fmt, ap);
+}
+
+static int saved_vfprintf(FILE *ignored, const char *fmt, va_list ap)
+{
+ return saved_vprintf(fmt, ap);
+}
+
+static int saved_printf(const char *fmt, ...)
+{
+ va_list ap;
+ int ret;
+
+ va_start(ap, fmt);
+ ret = saved_vprintf(fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+static int saved_fprintf(FILE *ignored, const char *fmt, ...)
+{
+ va_list ap;
+ int ret;
+
+ va_start(ap, fmt);
+ ret = saved_vprintf(fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+int main(void)
+{
+ int status;
+
+ plan_tests(3);
+ failtest_init(0, NULL);
+
+ status = setjmp(exited);
+ if (status == 0) {
+ char *p = failtest_malloc(1, "run-malloc.c", 1);
+ /* If we just segv, valgrind counts that as a failure.
+ * So kill ourselves creatively. */
+ if (!p)
+ kill(getpid(), SIGSEGV);
+ fail("Expected child to crash!");
+ } else {
+ ok1(status == 2);
+ ok1(strstr(output, "Killed by signal"));
+ ok1(strstr(output, "--failpath=M\n"));
+ }
+ free(buffer);
+ return exit_status();
+}
diff --git a/lib/ccan/failtest/test/run-open.c b/lib/ccan/failtest/test/run-open.c
new file mode 100644
index 0000000000..0166506480
--- /dev/null
+++ b/lib/ccan/failtest/test/run-open.c
@@ -0,0 +1,72 @@
+/* Include the C files directly. */
+#include <ccan/failtest/failtest.c>
+#include <stdlib.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <ccan/tap/tap.h>
+
+int main(void)
+{
+ int fd, pfd[2], err;
+ char buf[] = "Hello world!";
+ struct stat st;
+
+ plan_tests(12);
+ failtest_init(0, NULL);
+
+ if (pipe(pfd))
+ abort();
+ fd = failtest_open("run-open-scratchpad", "run-open.c", 1,
+ O_RDWR|O_CREAT, 0600);
+ if (fd == -1) {
+ /* We are the child: write error code for parent to check. */
+ err = errno;
+ if (write(pfd[1], &err, sizeof(err)) != sizeof(err))
+ abort();
+ failtest_exit(0);
+ }
+ /* Check it is read-write. */
+ ok1(write(fd, buf, strlen(buf)) == strlen(buf));
+ lseek(fd, SEEK_SET, 0);
+ ok1(read(fd, buf, strlen("Hello world!")) == strlen("Hello world!"));
+ ok1(strcmp(buf, "Hello world!") == 0);
+
+ /* Check name and perms. */
+ ok1(stat("run-open-scratchpad", &st) == 0);
+ ok1(st.st_size == strlen(buf));
+ ok1(S_ISREG(st.st_mode));
+ ok1((st.st_mode & 0777) == 0600);
+
+ /* Check child got correct errno. */
+ ok1(read(pfd[0], &err, sizeof(err)) == sizeof(err));
+ ok1(err == EACCES);
+
+ /* Clean up. */
+ failtest_close(fd, "run-open.c", 1);
+ close(pfd[0]);
+ close(pfd[1]);
+
+ /* Two-arg open. */
+ if (pipe(pfd) != 0)
+ abort();
+ fd = failtest_open("run-open-scratchpad", "run-open.c", 1, O_RDONLY);
+ if (fd == -1) {
+ /* We are the child: write error code for parent to check. */
+ err = errno;
+ if (write(pfd[1], &err, sizeof(err)) != sizeof(err))
+ abort();
+ failtest_exit(0);
+ }
+ /* Check it is read-only. */
+ ok1(write(fd, buf, strlen(buf)) == -1);
+ ok1(read(fd, buf, strlen("Hello world!")) == strlen("Hello world!"));
+ ok1(strcmp(buf, "Hello world!") == 0);
+ /* Clean up. */
+ failtest_close(fd, "run-open.c", 1);
+ close(pfd[0]);
+ close(pfd[1]);
+
+ return exit_status();
+}
diff --git a/lib/ccan/failtest/test/run-write.c b/lib/ccan/failtest/test/run-write.c
new file mode 100644
index 0000000000..6a712fec53
--- /dev/null
+++ b/lib/ccan/failtest/test/run-write.c
@@ -0,0 +1,51 @@
+/* Include the C files directly. */
+#include <ccan/failtest/failtest.c>
+#include <stdlib.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <ccan/tap/tap.h>
+
+int main(int argc, char *argv[])
+{
+ int fd;
+ char *p;
+ char buf[] = "Hello world!";
+
+ plan_tests(5);
+ failtest_init(argc, argv);
+
+ fd = failtest_open("run-write-scratchpad", __FILE__, __LINE__,
+ O_RDWR|O_CREAT, 0600);
+ /* Child will fail, ignore. */
+ if (fd < 0)
+ failtest_exit(0);
+ if (write(fd, buf, strlen(buf)) != strlen(buf))
+ abort();
+ ok1(lseek(fd, 0, SEEK_CUR) == strlen(buf));
+
+ p = failtest_malloc(100, __FILE__, __LINE__);
+ if (!p) {
+ /* We are the child. Do a heap of writes. */
+ unsigned int i;
+
+ for (i = 0; i < strlen(buf)+1; i++)
+ if (failtest_write(fd, "x", 1, __FILE__, __LINE__)
+ == 1)
+ break;
+ failtest_close(fd, __FILE__, __LINE__);
+ failtest_exit(0);
+ }
+
+ /* Seek pointer should be left alone! */
+ ok1(lseek(fd, 0, SEEK_CUR) == strlen(buf));
+ /* Length should be restored. */
+ ok1(lseek(fd, 0, SEEK_END) == strlen(buf));
+ lseek(fd, 0, SEEK_SET);
+ ok1(read(fd, buf, strlen(buf)) == strlen("Hello world!"));
+ ok1(strcmp(buf, "Hello world!") == 0);
+ failtest_close(fd, __FILE__, __LINE__);
+
+ return exit_status();
+}