diff options
author | Rusty Russell <rusty@rustcorp.com.au> | 2012-02-22 14:59:32 +1030 |
---|---|---|
committer | Amitay Isaacs <amitay@gmail.com> | 2012-03-07 13:16:16 +1100 |
commit | 361f3ea9ee577c5a3e2fed687a0b417b257c31de (patch) | |
tree | 6d356c3aa64317c609ff4e208be76e18996a55f8 /lib/ccan/failtest | |
parent | 4f5412dda687c3ff76b426842bf284d01d56a997 (diff) | |
download | samba-361f3ea9ee577c5a3e2fed687a0b417b257c31de.tar.gz samba-361f3ea9ee577c5a3e2fed687a0b417b257c31de.tar.bz2 samba-361f3ea9ee577c5a3e2fed687a0b417b257c31de.zip |
lib/ccan: import failtest and required ccan modules for TDB2 unit tests.
New modules: failtest, list, time, read_write_all and tlist.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'lib/ccan/failtest')
-rw-r--r-- | lib/ccan/failtest/LICENSE | 165 | ||||
-rw-r--r-- | lib/ccan/failtest/_info | 76 | ||||
-rw-r--r-- | lib/ccan/failtest/failtest.c | 1713 | ||||
-rw-r--r-- | lib/ccan/failtest/failtest.d | 70 | ||||
-rw-r--r-- | lib/ccan/failtest/failtest.h | 258 | ||||
-rw-r--r-- | lib/ccan/failtest/failtest_override.h | 81 | ||||
-rw-r--r-- | lib/ccan/failtest/failtest_proto.h | 31 | ||||
-rw-r--r-- | lib/ccan/failtest/failtest_undo.h | 49 | ||||
-rw-r--r-- | lib/ccan/failtest/test/run-failpath.c | 39 | ||||
-rw-r--r-- | lib/ccan/failtest/test/run-history.c | 183 | ||||
-rw-r--r-- | lib/ccan/failtest/test/run-locking.c | 134 | ||||
-rw-r--r-- | lib/ccan/failtest/test/run-malloc.c | 116 | ||||
-rw-r--r-- | lib/ccan/failtest/test/run-open.c | 72 | ||||
-rw-r--r-- | lib/ccan/failtest/test/run-write.c | 51 |
14 files changed, 3038 insertions, 0 deletions
diff --git a/lib/ccan/failtest/LICENSE b/lib/ccan/failtest/LICENSE new file mode 100644 index 0000000000..cca7fc278f --- /dev/null +++ b/lib/ccan/failtest/LICENSE @@ -0,0 +1,165 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library. diff --git a/lib/ccan/failtest/_info b/lib/ccan/failtest/_info new file mode 100644 index 0000000000..14dcb783be --- /dev/null +++ b/lib/ccan/failtest/_info @@ -0,0 +1,76 @@ +#include <stdio.h> +#include <string.h> +#include "config.h" + +/** + * failtest - unit test helpers for testing malloc and other failures. + * + * The failtest module overrides various standard functions, and forks + * your unit test at those points to test failure paths. The failing + * child are expected to fail (eg. when malloc fails), but should not + * leak memory or crash. After including failtest_override.h, you can + * include failtest_restore.h to return to non-failing versions. + * + * The unit test is a normal CCAN tap-style test, except it should + * start by calling failtest_init() and end by calling + * failtest_exit(). + * + * You can control what functions fail: see failtest_hook. + * + * Example: + * #include <stdio.h> + * #include <stdlib.h> + * #include <string.h> + * #include <ccan/tap/tap.h> + * #include <ccan/failtest/failtest_override.h> + * #include <ccan/failtest/failtest.h> + * + * int main(int argc, char *argv[]) + * { + * char *a, *b; + * + * failtest_init(argc, argv); + * plan_tests(3); + * + * // Simple malloc test. + * a = malloc(100); + * if (ok1(a)) { + * // Fill the memory. + * memset(a, 'x', 100); + * b = realloc(a, 200); + * if (ok1(b)) { + * // Fill the rest of the memory. + * memset(b + 100, 'y', 100); + * // Check it got a copy of a as expected. + * ok1(strspn(b, "x") == 100); + * free(b); + * } else { + * // Easy to miss: free a on realloc failure! + * free(a); + * } + * } + * failtest_exit(exit_status()); + * } + * + * License: LGPL + * Author: Rusty Russell <rusty@rustcorp.com.au> + */ +int main(int argc, char *argv[]) +{ + if (argc != 2) + return 1; + + if (strcmp(argv[1], "depends") == 0) { + printf("ccan/build_assert\n"); + printf("ccan/compiler\n"); + printf("ccan/hash\n"); + printf("ccan/htable\n"); + printf("ccan/read_write_all\n"); + printf("ccan/str\n"); + printf("ccan/time\n"); + printf("ccan/tlist\n"); + return 0; + } + + return 1; +} diff --git a/lib/ccan/failtest/failtest.c b/lib/ccan/failtest/failtest.c new file mode 100644 index 0000000000..701586e9b8 --- /dev/null +++ b/lib/ccan/failtest/failtest.c @@ -0,0 +1,1713 @@ +/* Licensed under LGPL - see LICENSE file for details */ +#include <ccan/failtest/failtest.h> +#include <stdarg.h> +#include <string.h> +#include <stdio.h> +#include <stdarg.h> +#include <ctype.h> +#include <err.h> +#include <unistd.h> +#include <poll.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/mman.h> +#include <signal.h> +#include <assert.h> +#include <ccan/time/time.h> +#include <ccan/read_write_all/read_write_all.h> +#include <ccan/failtest/failtest_proto.h> +#include <ccan/build_assert/build_assert.h> +#include <ccan/hash/hash.h> +#include <ccan/htable/htable_type.h> +#include <ccan/str/str.h> +#include <ccan/compiler/compiler.h> + +enum failtest_result (*failtest_hook)(struct tlist_calls *); + +static FILE *tracef = NULL, *warnf; +static int traceindent = 0; + +unsigned int failtest_timeout_ms = 20000; + +const char *failpath; +const char *debugpath; + +enum info_type { + WRITE, + RELEASE_LOCKS, + FAILURE, + SUCCESS, + UNEXPECTED +}; + +struct lock_info { + int fd; + /* end is inclusive: you can't have a 0-byte lock. */ + off_t start, end; + int type; +}; + +/* We hash the call location together with its backtrace. */ +static size_t hash_call(const struct failtest_call *call) +{ + return hash(call->file, strlen(call->file), + hash(&call->line, 1, + hash(call->backtrace, call->backtrace_num, + call->type))); +} + +static bool call_eq(const struct failtest_call *call1, + const struct failtest_call *call2) +{ + unsigned int i; + + if (strcmp(call1->file, call2->file) != 0 + || call1->line != call2->line + || call1->type != call2->type + || call1->backtrace_num != call2->backtrace_num) + return false; + + for (i = 0; i < call1->backtrace_num; i++) + if (call1->backtrace[i] != call2->backtrace[i]) + return false; + + return true; +} + +/* Defines struct failtable. */ +HTABLE_DEFINE_TYPE(struct failtest_call, (struct failtest_call *), hash_call, + call_eq, failtable); + +bool (*failtest_exit_check)(struct tlist_calls *history); + +/* The entire history of all calls. */ +static struct tlist_calls history = TLIST_INIT(history); +/* If we're a child, the fd two write control info to the parent. */ +static int control_fd = -1; +/* If we're a child, this is the first call we did ourselves. */ +static struct failtest_call *our_history_start = NULL; +/* For printing runtime with --trace. */ +static struct timeval start; +/* Set when failtest_hook returns FAIL_PROBE */ +static bool probing = false; +/* Table to track duplicates. */ +static struct failtable failtable; + +/* Array of writes which our child did. We report them on failure. */ +static struct write_call *child_writes = NULL; +static unsigned int child_writes_num = 0; + +/* fcntl locking info. */ +static pid_t lock_owner; +static struct lock_info *locks = NULL; +static unsigned int lock_num = 0; + +/* Our original pid, which we return to anyone who asks. */ +static pid_t orig_pid; + +/* Mapping from failtest_type to char. */ +static const char info_to_arg[] = "mceoxprwfal"; + +/* Dummy call used for failtest_undo wrappers. */ +static struct failtest_call unrecorded_call; + +struct contents_saved { + size_t count; + off_t off; + off_t old_len; + char contents[1]; +}; + +/* File contents, saved in this child only. */ +struct saved_mmapped_file { + struct saved_mmapped_file *next; + struct failtest_call *opener; + struct contents_saved *s; +}; + +static struct saved_mmapped_file *saved_mmapped_files; + +#if HAVE_BACKTRACE +#include <execinfo.h> + +static void **get_backtrace(unsigned int *num) +{ + static unsigned int max_back = 100; + void **ret; + +again: + ret = malloc(max_back * sizeof(void *)); + *num = backtrace(ret, max_back); + if (*num == max_back) { + free(ret); + max_back *= 2; + goto again; + } + return ret; +} +#else +/* This will test slightly less, since will consider all of the same + * calls as identical. But, it's slightly faster! */ +static void **get_backtrace(unsigned int *num) +{ + *num = 0; + return NULL; +} +#endif /* HAVE_BACKTRACE */ + +static struct failtest_call *add_history_(enum failtest_call_type type, + bool can_leak, + const char *file, + unsigned int line, + const void *elem, + size_t elem_size) +{ + struct failtest_call *call; + + /* NULL file is how we suppress failure. */ + if (!file) + return &unrecorded_call; + + call = malloc(sizeof *call); + call->type = type; + call->can_leak = can_leak; + call->file = file; + call->line = line; + call->cleanup = NULL; + call->backtrace = get_backtrace(&call->backtrace_num); + memcpy(&call->u, elem, elem_size); + tlist_add_tail(&history, call, list); + return call; +} + +#define add_history(type, can_leak, file, line, elem) \ + add_history_((type), (can_leak), (file), (line), (elem), sizeof(*(elem))) + +/* We do a fake call inside a sizeof(), to check types. */ +#define set_cleanup(call, clean, type) \ + (call)->cleanup = (void *)((void)sizeof(clean((type *)NULL, false),1), (clean)) + +/* Dup the fd to a high value (out of the way I hope!), and close the old fd. */ +static int move_fd_to_high(int fd) +{ + int i; + + for (i = FD_SETSIZE - 1; i >= 0; i--) { + if (fcntl(i, F_GETFL) == -1 && errno == EBADF) { + if (dup2(fd, i) == -1) + err(1, "Failed to dup fd %i to %i", fd, i); + close(fd); + return i; + } + } + /* Nothing? Really? Er... ok? */ + return fd; +} + +static bool read_write_info(int fd) +{ + struct write_call *w; + char *buf; + + /* We don't need all of this, but it's simple. */ + child_writes = realloc(child_writes, + (child_writes_num+1) * sizeof(child_writes[0])); + w = &child_writes[child_writes_num]; + if (!read_all(fd, w, sizeof(*w))) + return false; + + w->buf = buf = malloc(w->count); + if (!read_all(fd, buf, w->count)) + return false; + + child_writes_num++; + return true; +} + +static char *failpath_string(void) +{ + struct failtest_call *i; + char *ret = strdup(""); + unsigned len = 0; + + /* Inefficient, but who cares? */ + tlist_for_each(&history, i, list) { + ret = realloc(ret, len + 2); + ret[len] = info_to_arg[i->type]; + if (i->fail) + ret[len] = toupper(ret[len]); + ret[++len] = '\0'; + } + return ret; +} + +static void do_warn(int e, const char *fmt, va_list ap) +{ + char *p = failpath_string(); + + vfprintf(warnf, fmt, ap); + if (e != -1) + fprintf(warnf, ": %s", strerror(e)); + fprintf(warnf, " [%s]\n", p); + free(p); +} + +static void fwarn(const char *fmt, ...) +{ + va_list ap; + int e = errno; + + va_start(ap, fmt); + do_warn(e, fmt, ap); + va_end(ap); +} + + +static void fwarnx(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + do_warn(-1, fmt, ap); + va_end(ap); +} + +static void tell_parent(enum info_type type) +{ + if (control_fd != -1) + write_all(control_fd, &type, sizeof(type)); +} + +static void child_fail(const char *out, size_t outlen, const char *fmt, ...) +{ + va_list ap; + char *path = failpath_string(); + + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); + + fprintf(stderr, "%.*s", (int)outlen, out); + printf("To reproduce: --failpath=%s\n", path); + free(path); + tell_parent(FAILURE); + exit(1); +} + +static void PRINTF_FMT(1, 2) trace(const char *fmt, ...) +{ + va_list ap; + unsigned int i; + char *p; + static int idx; + + if (!tracef) + return; + + for (i = 0; i < traceindent; i++) + fprintf(tracef, " "); + + p = failpath_string(); + fprintf(tracef, "%i: %u: %s ", idx++, getpid(), p); + va_start(ap, fmt); + vfprintf(tracef, fmt, ap); + va_end(ap); + free(p); +} + +static pid_t child; + +static void hand_down(int signum) +{ + kill(child, signum); +} + +static void release_locks(void) +{ + /* Locks were never acquired/reacquired? */ + if (lock_owner == 0) + return; + + /* We own them? Release them all. */ + if (lock_owner == getpid()) { + unsigned int i; + struct flock fl; + fl.l_type = F_UNLCK; + fl.l_whence = SEEK_SET; + fl.l_start = 0; + fl.l_len = 0; + + trace("Releasing %u locks\n", lock_num); + for (i = 0; i < lock_num; i++) + fcntl(locks[i].fd, F_SETLK, &fl); + } else { + /* Our parent must have them; pass request up. */ + enum info_type type = RELEASE_LOCKS; + assert(control_fd != -1); + write_all(control_fd, &type, sizeof(type)); + } + lock_owner = 0; +} + +/* off_t is a signed type. Getting its max is non-trivial. */ +static off_t off_max(void) +{ + BUILD_ASSERT(sizeof(off_t) == 4 || sizeof(off_t) == 8); + if (sizeof(off_t) == 4) + return (off_t)0x7FFFFFF; + else + return (off_t)0x7FFFFFFFFFFFFFFULL; +} + +static void get_locks(void) +{ + unsigned int i; + struct flock fl; + + if (lock_owner == getpid()) + return; + + if (lock_owner != 0) { + enum info_type type = RELEASE_LOCKS; + assert(control_fd != -1); + trace("Asking parent to release locks\n"); + write_all(control_fd, &type, sizeof(type)); + } + + fl.l_whence = SEEK_SET; + + for (i = 0; i < lock_num; i++) { + fl.l_type = locks[i].type; + fl.l_start = locks[i].start; + if (locks[i].end == off_max()) + fl.l_len = 0; + else + fl.l_len = locks[i].end - locks[i].start + 1; + + if (fcntl(locks[i].fd, F_SETLKW, &fl) != 0) + abort(); + } + trace("Acquired %u locks\n", lock_num); + lock_owner = getpid(); +} + + +static struct contents_saved *save_contents(const char *filename, + int fd, size_t count, off_t off, + const char *why) +{ + struct contents_saved *s = malloc(sizeof(*s) + count); + ssize_t ret; + + s->off = off; + + ret = pread(fd, s->contents, count, off); + if (ret < 0) { + fwarn("failtest_write: failed to save old contents!"); + s->count = 0; + } else + s->count = ret; + + /* Use lseek to get the size of file, but we have to restore + * file offset */ + off = lseek(fd, 0, SEEK_CUR); + s->old_len = lseek(fd, 0, SEEK_END); + lseek(fd, off, SEEK_SET); + + trace("Saving %p %s %zu@%llu after %s (filelength %llu) via fd %i\n", + s, filename, s->count, (long long)s->off, why, + (long long)s->old_len, fd); + return s; +} + +static void restore_contents(struct failtest_call *opener, + struct contents_saved *s, + bool restore_offset, + const char *caller) +{ + int fd; + + /* The top parent doesn't need to restore. */ + if (control_fd == -1) + return; + + /* Has the fd been closed? */ + if (opener->u.open.closed) { + /* Reopen, replace fd, close silently as we clean up. */ + fd = open(opener->u.open.pathname, O_RDWR); + if (fd < 0) { + fwarn("failtest: could not reopen %s to clean up %s!", + opener->u.open.pathname, caller); + return; + } + /* Make it clearly distinguisable from a "normal" fd. */ + fd = move_fd_to_high(fd); + trace("Reopening %s to restore it (was fd %i, now %i)\n", + opener->u.open.pathname, opener->u.open.ret, fd); + opener->u.open.ret = fd; + opener->u.open.closed = false; + } + fd = opener->u.open.ret; + + trace("Restoring %p %s %zu@%llu after %s (filelength %llu) via fd %i\n", + s, opener->u.open.pathname, s->count, (long long)s->off, caller, + (long long)s->old_len, fd); + if (pwrite(fd, s->contents, s->count, s->off) != s->count) { + fwarn("failtest: write failed cleaning up %s for %s!", + opener->u.open.pathname, caller); + } + + if (ftruncate(fd, s->old_len) != 0) { + fwarn("failtest_write: truncate failed cleaning up %s for %s!", + opener->u.open.pathname, caller); + } + + if (restore_offset) { + trace("Restoring offset of fd %i to %llu\n", + fd, (long long)s->off); + lseek(fd, s->off, SEEK_SET); + } +} + +/* We save/restore most things on demand, but always do mmaped files. */ +static void save_mmapped_files(void) +{ + struct failtest_call *i; + trace("Saving mmapped files in child\n"); + + tlist_for_each_rev(&history, i, list) { + struct mmap_call *m = &i->u.mmap; + struct saved_mmapped_file *s; + + if (i->type != FAILTEST_MMAP) + continue; + + /* FIXME: We only handle mmapped files where fd is still open. */ + if (m->opener->u.open.closed) + continue; + + s = malloc(sizeof *s); + s->s = save_contents(m->opener->u.open.pathname, + m->fd, m->length, m->offset, + "mmapped file before fork"); + s->opener = m->opener; + s->next = saved_mmapped_files; + saved_mmapped_files = s; + } +} + +static void free_mmapped_files(bool restore) +{ + trace("%s mmapped files in child\n", + restore ? "Restoring" : "Discarding"); + while (saved_mmapped_files) { + struct saved_mmapped_file *next = saved_mmapped_files->next; + if (restore) + restore_contents(saved_mmapped_files->opener, + saved_mmapped_files->s, false, + "saved mmap"); + free(saved_mmapped_files->s); + free(saved_mmapped_files); + saved_mmapped_files = next; + } +} + +/* Returns a FAILTEST_OPEN, FAILTEST_PIPE or NULL. */ +static struct failtest_call *opener_of(int fd) +{ + struct failtest_call *i; + + /* Don't get confused and match genuinely failed opens. */ + if (fd < 0) + return NULL; + + /* Figure out the set of live fds. */ + tlist_for_each_rev(&history, i, list) { + if (i->fail) + continue; + switch (i->type) { + case FAILTEST_CLOSE: + if (i->u.close.fd == fd) { + return NULL; + } + break; + case FAILTEST_OPEN: + if (i->u.open.ret == fd) { + if (i->u.open.closed) + return NULL; + return i; + } + break; + case FAILTEST_PIPE: + if (i->u.pipe.fds[0] == fd || i->u.pipe.fds[1] == fd) { + return i; + } + break; + default: + break; + } + } + + /* FIXME: socket, dup, etc are untracked! */ + return NULL; +} + +static void free_call(struct failtest_call *call) +{ + /* We don't do this in cleanup: needed even for failed opens. */ + if (call->type == FAILTEST_OPEN) + free((char *)call->u.open.pathname); + free(call->backtrace); + tlist_del_from(&history, call, list); + free(call); +} + +/* Free up memory, so valgrind doesn't report leaks. */ +static void free_everything(void) +{ + struct failtest_call *i; + + while ((i = tlist_top(&history, list)) != NULL) + free_call(i); + + failtable_clear(&failtable); +} + +static NORETURN void failtest_cleanup(bool forced_cleanup, int status) +{ + struct failtest_call *i; + bool restore = true; + + /* For children, we don't care if they "failed" the testing. */ + if (control_fd != -1) + status = 0; + else + /* We don't restore contents for original parent. */ + restore = false; + + /* Cleanup everything, in reverse order. */ + tlist_for_each_rev(&history, i, list) { + /* Don't restore things our parent did. */ + if (i == our_history_start) + restore = false; + + if (i->fail) + continue; + + if (i->cleanup) + i->cleanup(&i->u, restore); + + /* But their program shouldn't leak, even on failure. */ + if (!forced_cleanup && i->can_leak) { + printf("Leak at %s:%u: --failpath=%s\n", + i->file, i->line, failpath_string()); + status = 1; + } + } + + /* Put back mmaped files the way our parent (if any) expects. */ + free_mmapped_files(true); + + free_everything(); + if (status == 0) + tell_parent(SUCCESS); + else + tell_parent(FAILURE); + exit(status); +} + +static bool following_path(void) +{ + if (!failpath) + return false; + /* + means continue after end, like normal. */ + if (*failpath == '+') { + failpath = NULL; + return false; + } + return true; +} + +static bool follow_path(struct failtest_call *call) +{ + if (*failpath == '\0') { + /* Continue, but don't inject errors. */ + return call->fail = false; + } + + if (tolower((unsigned char)*failpath) != info_to_arg[call->type]) + errx(1, "Failpath expected '%s' got '%c'\n", + failpath, info_to_arg[call->type]); + call->fail = cisupper(*(failpath++)); + if (call->fail) + call->can_leak = false; + return call->fail; +} + +static bool should_fail(struct failtest_call *call) +{ + int status; + int control[2], output[2]; + enum info_type type = UNEXPECTED; + char *out = NULL; + size_t outlen = 0; + struct failtest_call *dup; + + if (call == &unrecorded_call) + return false; + + if (following_path()) + return follow_path(call); + + /* Attach debugger if they asked for it. */ + if (debugpath) { + char *path; + + /* Pretend this last call matches whatever path wanted: + * keeps valgrind happy. */ + call->fail = cisupper(debugpath[strlen(debugpath)-1]); + path = failpath_string(); + + if (streq(path, debugpath)) { + char str[80]; + + /* Don't timeout. */ + signal(SIGUSR1, SIG_IGN); + sprintf(str, "xterm -e gdb /proc/%d/exe %d &", + getpid(), getpid()); + if (system(str) == 0) + sleep(5); + } else { + /* Ignore last character: could be upper or lower. */ + path[strlen(path)-1] = '\0'; + if (!strstarts(debugpath, path)) { + fprintf(stderr, + "--debugpath not followed: %s\n", path); + debugpath = NULL; + } + } + free(path); + } + + /* Are we probing? If so, we never fail twice. */ + if (probing) { + trace("Not failing %c due to FAIL_PROBE return\n", + info_to_arg[call->type]); + return call->fail = false; + } + + /* Don't fail more than once in the same place. */ + dup = failtable_get(&failtable, call); + if (dup) { + trace("Not failing %c due to duplicate\n", + info_to_arg[call->type]); + return call->fail = false; + } + + if (failtest_hook) { + switch (failtest_hook(&history)) { + case FAIL_OK: + break; + case FAIL_PROBE: + probing = true; + break; + case FAIL_DONT_FAIL: + trace("Not failing %c due to failhook return\n", + info_to_arg[call->type]); + call->fail = false; + return false; + default: + abort(); + } + } + + /* Add it to our table of calls. */ + failtable_add(&failtable, call); + + /* We're going to fail in the child. */ + call->fail = true; + if (pipe(control) != 0 || pipe(output) != 0) + err(1, "opening pipe"); + + /* Move out the way, to high fds. */ + control[0] = move_fd_to_high(control[0]); + control[1] = move_fd_to_high(control[1]); + output[0] = move_fd_to_high(output[0]); + output[1] = move_fd_to_high(output[1]); + + /* Prevent double-printing (in child and parent) */ + fflush(stdout); + fflush(warnf); + if (tracef) + fflush(tracef); + child = fork(); + if (child == -1) + err(1, "forking failed"); + + if (child == 0) { + traceindent++; + if (tracef) { + struct timeval diff; + const char *p; + char *failpath; + struct failtest_call *c; + + c = tlist_tail(&history, list); + diff = time_sub(time_now(), start); + failpath = failpath_string(); + p = strrchr(c->file, '/'); + if (p) + p++; + else + p = c->file; + trace("%u->%u (%u.%02u): %s (%s:%u)\n", + getppid(), getpid(), + (int)diff.tv_sec, (int)diff.tv_usec / 10000, + failpath, p, c->line); + free(failpath); + } + /* From here on, we have to clean up! */ + our_history_start = tlist_tail(&history, list); + close(control[0]); + close(output[0]); + /* Don't swallow stderr if we're tracing. */ + if (!tracef) { + dup2(output[1], STDOUT_FILENO); + dup2(output[1], STDERR_FILENO); + if (output[1] != STDOUT_FILENO + && output[1] != STDERR_FILENO) + close(output[1]); + } + control_fd = move_fd_to_high(control[1]); + + /* Forget any of our parent's saved files. */ + free_mmapped_files(false); + + /* Now, save any files we need to. */ + save_mmapped_files(); + + /* Failed calls can't leak. */ + call->can_leak = false; + + return true; + } + + signal(SIGUSR1, hand_down); + + close(control[1]); + close(output[1]); + + /* We grab output so we can display it; we grab writes so we + * can compare. */ + do { + struct pollfd pfd[2]; + int ret; + + pfd[0].fd = output[0]; + pfd[0].events = POLLIN|POLLHUP; + pfd[1].fd = control[0]; + pfd[1].events = POLLIN|POLLHUP; + + if (type == SUCCESS) + ret = poll(pfd, 1, failtest_timeout_ms); + else + ret = poll(pfd, 2, failtest_timeout_ms); + + if (ret == 0) + hand_down(SIGUSR1); + if (ret < 0) { + if (errno == EINTR) + continue; + err(1, "Poll returned %i", ret); + } + + if (pfd[0].revents & POLLIN) { + ssize_t len; + + out = realloc(out, outlen + 8192); + len = read(output[0], out + outlen, 8192); + outlen += len; + } else if (type != SUCCESS && (pfd[1].revents & POLLIN)) { + if (read_all(control[0], &type, sizeof(type))) { + if (type == WRITE) { + if (!read_write_info(control[0])) + break; + } else if (type == RELEASE_LOCKS) { + release_locks(); + /* FIXME: Tell them we're done... */ + } + } + } else if (pfd[0].revents & POLLHUP) { + break; + } + } while (type != FAILURE); + + close(output[0]); + close(control[0]); + waitpid(child, &status, 0); + if (!WIFEXITED(status)) { + if (WTERMSIG(status) == SIGUSR1) + child_fail(out, outlen, "Timed out"); + else + child_fail(out, outlen, "Killed by signal %u: ", + WTERMSIG(status)); + } + /* Child printed failure already, just pass up exit code. */ + if (type == FAILURE) { + fprintf(stderr, "%.*s", (int)outlen, out); + tell_parent(type); + exit(WEXITSTATUS(status) ? WEXITSTATUS(status) : 1); + } + if (WEXITSTATUS(status) != 0) + child_fail(out, outlen, "Exited with status %i: ", + WEXITSTATUS(status)); + + free(out); + signal(SIGUSR1, SIG_DFL); + + /* Only child does probe. */ + probing = false; + + /* We continue onwards without failing. */ + call->fail = false; + return false; +} + +static void cleanup_calloc(struct calloc_call *call, bool restore) +{ + trace("undoing calloc %p\n", call->ret); + free(call->ret); +} + +void *failtest_calloc(size_t nmemb, size_t size, + const char *file, unsigned line) +{ + struct failtest_call *p; + struct calloc_call call; + call.nmemb = nmemb; + call.size = size; + p = add_history(FAILTEST_CALLOC, true, file, line, &call); + + if (should_fail(p)) { + p->u.calloc.ret = NULL; + p->error = ENOMEM; + } else { + p->u.calloc.ret = calloc(nmemb, size); + set_cleanup(p, cleanup_calloc, struct calloc_call); + } + trace("calloc %zu x %zu %s:%u -> %p\n", + nmemb, size, file, line, p->u.calloc.ret); + errno = p->error; + return p->u.calloc.ret; +} + +static void cleanup_malloc(struct malloc_call *call, bool restore) +{ + trace("undoing malloc %p\n", call->ret); + free(call->ret); +} + +void *failtest_malloc(size_t size, const char *file, unsigned line) +{ + struct failtest_call *p; + struct malloc_call call; + call.size = size; + + p = add_history(FAILTEST_MALLOC, true, file, line, &call); + if (should_fail(p)) { + p->u.malloc.ret = NULL; + p->error = ENOMEM; + } else { + p->u.malloc.ret = malloc(size); + set_cleanup(p, cleanup_malloc, struct malloc_call); + } + trace("malloc %zu %s:%u -> %p\n", + size, file, line, p->u.malloc.ret); + errno = p->error; + return p->u.malloc.ret; +} + +static void cleanup_realloc(struct realloc_call *call, bool restore) +{ + trace("undoing realloc %p\n", call->ret); + free(call->ret); +} + +/* Walk back and find out if we got this ptr from a previous routine. */ +static void fixup_ptr_history(void *ptr, const char *why) +{ + struct failtest_call *i; + + /* Start at end of history, work back. */ + tlist_for_each_rev(&history, i, list) { + switch (i->type) { + case FAILTEST_REALLOC: + if (i->u.realloc.ret == ptr) { + trace("found realloc %p %s:%u matching %s\n", + ptr, i->file, i->line, why); + i->cleanup = NULL; + i->can_leak = false; + return; + } + break; + case FAILTEST_MALLOC: + if (i->u.malloc.ret == ptr) { + trace("found malloc %p %s:%u matching %s\n", + ptr, i->file, i->line, why); + i->cleanup = NULL; + i->can_leak = false; + return; + } + break; + case FAILTEST_CALLOC: + if (i->u.calloc.ret == ptr) { + trace("found calloc %p %s:%u matching %s\n", + ptr, i->file, i->line, why); + i->cleanup = NULL; + i->can_leak = false; + return; + } + break; + default: + break; + } + } + trace("Did not find %p matching %s\n", ptr, why); +} + +void *failtest_realloc(void *ptr, size_t size, const char *file, unsigned line) +{ + struct failtest_call *p; + struct realloc_call call; + call.size = size; + p = add_history(FAILTEST_REALLOC, true, file, line, &call); + + /* FIXME: Try one child moving allocation, one not. */ + if (should_fail(p)) { + p->u.realloc.ret = NULL; + p->error = ENOMEM; + } else { + /* Don't catch this one in the history fixup... */ + p->u.realloc.ret = NULL; + fixup_ptr_history(ptr, "realloc"); + p->u.realloc.ret = realloc(ptr, size); + set_cleanup(p, cleanup_realloc, struct realloc_call); + } + trace("realloc %p %s:%u -> %p\n", + ptr, file, line, p->u.realloc.ret); + errno = p->error; + return p->u.realloc.ret; +} + +/* FIXME: Record free, so we can terminate fixup_ptr_history correctly. + * If there's an alloc we don't see, it could get confusing if it matches + * a previous allocation we did see. */ +void failtest_free(void *ptr) +{ + fixup_ptr_history(ptr, "free"); + trace("free %p\n", ptr); + free(ptr); +} + + +static struct contents_saved *save_file(const char *pathname) +{ + int fd; + struct contents_saved *s; + + fd = open(pathname, O_RDONLY); + if (fd < 0) + return NULL; + + s = save_contents(pathname, fd, lseek(fd, 0, SEEK_END), 0, + "open with O_TRUNC"); + close(fd); + return s; +} + +/* Optimization: don't create a child for an open which *we know* + * would fail anyway. */ +static bool open_would_fail(const char *pathname, int flags) +{ + if ((flags & O_ACCMODE) == O_RDONLY) + return access(pathname, R_OK) != 0; + if (!(flags & O_CREAT)) { + if ((flags & O_ACCMODE) == O_WRONLY) + return access(pathname, W_OK) != 0; + if ((flags & O_ACCMODE) == O_RDWR) + return access(pathname, W_OK) != 0 + || access(pathname, R_OK) != 0; + } + /* FIXME: We could check if it exists, for O_CREAT|O_EXCL */ + return false; +} + +static void cleanup_open(struct open_call *call, bool restore) +{ + if (restore && call->saved) + restore_contents(container_of(call, struct failtest_call, + u.open), + call->saved, false, "open with O_TRUNC"); + if (!call->closed) { + trace("Cleaning up open %s by closing fd %i\n", + call->pathname, call->ret); + close(call->ret); + call->closed = true; + } + free(call->saved); +} + +int failtest_open(const char *pathname, + const char *file, unsigned line, ...) +{ + struct failtest_call *p; + struct open_call call; + va_list ap; + + call.pathname = strdup(pathname); + va_start(ap, line); + call.flags = va_arg(ap, int); + call.always_save = false; + call.closed = false; + if (call.flags & O_CREAT) { + call.mode = va_arg(ap, int); + va_end(ap); + } + p = add_history(FAILTEST_OPEN, true, file, line, &call); + /* Avoid memory leak! */ + if (p == &unrecorded_call) + free((char *)call.pathname); + + if (should_fail(p)) { + /* Don't bother inserting failures that would happen anyway. */ + if (open_would_fail(pathname, call.flags)) { + trace("Open would have failed anyway: stopping\n"); + failtest_cleanup(true, 0); + } + p->u.open.ret = -1; + /* FIXME: Play with error codes? */ + p->error = EACCES; + } else { + /* Save the old version if they're truncating it. */ + if (call.flags & O_TRUNC) + p->u.open.saved = save_file(pathname); + else + p->u.open.saved = NULL; + p->u.open.ret = open(pathname, call.flags, call.mode); + if (p->u.open.ret == -1) { + p->u.open.closed = true; + p->can_leak = false; + } else { + set_cleanup(p, cleanup_open, struct open_call); + } + } + trace("open %s %s:%u -> %i (opener %p)\n", + pathname, file, line, p->u.open.ret, &p->u.open); + errno = p->error; + return p->u.open.ret; +} + +static void cleanup_mmap(struct mmap_call *mmap, bool restore) +{ + trace("cleaning up mmap @%p (opener %p)\n", + mmap->ret, mmap->opener); + if (restore) + restore_contents(mmap->opener, mmap->saved, false, "mmap"); + free(mmap->saved); +} + +void *failtest_mmap(void *addr, size_t length, int prot, int flags, + int fd, off_t offset, const char *file, unsigned line) +{ + struct failtest_call *p; + struct mmap_call call; + + call.addr = addr; + call.length = length; + call.prot = prot; + call.flags = flags; + call.offset = offset; + call.fd = fd; + call.opener = opener_of(fd); + + /* If we don't know what file it was, don't fail. */ + if (!call.opener) { + if (fd != -1) { + fwarnx("failtest_mmap: couldn't figure out source for" + " fd %i at %s:%u", fd, file, line); + } + addr = mmap(addr, length, prot, flags, fd, offset); + trace("mmap of fd %i -> %p (opener = NULL)\n", fd, addr); + return addr; + } + + p = add_history(FAILTEST_MMAP, false, file, line, &call); + if (should_fail(p)) { + p->u.mmap.ret = MAP_FAILED; + p->error = ENOMEM; + } else { + p->u.mmap.ret = mmap(addr, length, prot, flags, fd, offset); + /* Save contents if we're writing to a normal file */ + if (p->u.mmap.ret != MAP_FAILED + && (prot & PROT_WRITE) + && call.opener->type == FAILTEST_OPEN) { + const char *fname = call.opener->u.open.pathname; + p->u.mmap.saved = save_contents(fname, fd, length, + offset, "being mmapped"); + set_cleanup(p, cleanup_mmap, struct mmap_call); + } + } + trace("mmap of fd %i %s:%u -> %p (opener = %p)\n", + fd, file, line, addr, call.opener); + errno = p->error; + return p->u.mmap.ret; +} + +static void cleanup_pipe(struct pipe_call *call, bool restore) +{ + trace("cleaning up pipe fd=%i%s,%i%s\n", + call->fds[0], call->closed[0] ? "(already closed)" : "", + call->fds[1], call->closed[1] ? "(already closed)" : ""); + if (!call->closed[0]) + close(call->fds[0]); + if (!call->closed[1]) + close(call->fds[1]); +} + +int failtest_pipe(int pipefd[2], const char *file, unsigned line) +{ + struct failtest_call *p; + struct pipe_call call; + + p = add_history(FAILTEST_PIPE, true, file, line, &call); + if (should_fail(p)) { + p->u.open.ret = -1; + /* FIXME: Play with error codes? */ + p->error = EMFILE; + } else { + p->u.pipe.ret = pipe(p->u.pipe.fds); + p->u.pipe.closed[0] = p->u.pipe.closed[1] = false; + set_cleanup(p, cleanup_pipe, struct pipe_call); + } + + trace("pipe %s:%u -> %i,%i\n", file, line, + p->u.pipe.ret ? -1 : p->u.pipe.fds[0], + p->u.pipe.ret ? -1 : p->u.pipe.fds[1]); + + /* This causes valgrind to notice if they use pipefd[] after failure */ + memcpy(pipefd, p->u.pipe.fds, sizeof(p->u.pipe.fds)); + errno = p->error; + return p->u.pipe.ret; +} + +static void cleanup_read(struct read_call *call, bool restore) +{ + if (restore) { + trace("cleaning up read on fd %i: seeking to %llu\n", + call->fd, (long long)call->off); + + /* Read (not readv!) moves file offset! */ + if (lseek(call->fd, call->off, SEEK_SET) != call->off) { + fwarn("Restoring lseek pointer failed (read)"); + } + } +} + +static ssize_t failtest_add_read(int fd, void *buf, size_t count, off_t off, + bool is_pread, const char *file, unsigned line) +{ + struct failtest_call *p; + struct read_call call; + call.fd = fd; + call.buf = buf; + call.count = count; + call.off = off; + p = add_history(FAILTEST_READ, false, file, line, &call); + + /* FIXME: Try partial read returns. */ + if (should_fail(p)) { + p->u.read.ret = -1; + p->error = EIO; + } else { + if (is_pread) + p->u.read.ret = pread(fd, buf, count, off); + else { + p->u.read.ret = read(fd, buf, count); + if (p->u.read.ret != -1) + set_cleanup(p, cleanup_read, struct read_call); + } + } + trace("%sread %s:%u fd %i %zu@%llu -> %i\n", + is_pread ? "p" : "", file, line, fd, count, (long long)off, + p->u.read.ret); + errno = p->error; + return p->u.read.ret; +} + +static void cleanup_write(struct write_call *write, bool restore) +{ + trace("cleaning up write on %s\n", write->opener->u.open.pathname); + if (restore) + restore_contents(write->opener, write->saved, !write->is_pwrite, + "write"); + free(write->saved); +} + +static ssize_t failtest_add_write(int fd, const void *buf, + size_t count, off_t off, + bool is_pwrite, + const char *file, unsigned line) +{ + struct failtest_call *p; + struct write_call call; + + call.fd = fd; + call.buf = buf; + call.count = count; + call.off = off; + call.is_pwrite = is_pwrite; + call.opener = opener_of(fd); + p = add_history(FAILTEST_WRITE, false, file, line, &call); + + /* If we're a child, we need to make sure we write the same thing + * to non-files as the parent does, so tell it. */ + if (control_fd != -1 && off == (off_t)-1) { + enum info_type type = WRITE; + + write_all(control_fd, &type, sizeof(type)); + write_all(control_fd, &p->u.write, sizeof(p->u.write)); + write_all(control_fd, buf, count); + } + + /* FIXME: Try partial write returns. */ + if (should_fail(p)) { + p->u.write.ret = -1; + p->error = EIO; + } else { + bool is_file; + assert(call.opener == p->u.write.opener); + + if (p->u.write.opener) { + is_file = (p->u.write.opener->type == FAILTEST_OPEN); + } else { + /* We can't unwind it, so at least check same + * in parent and child. */ + is_file = false; + } + + /* FIXME: We assume same write order in parent and child */ + if (!is_file && child_writes_num != 0) { + if (child_writes[0].fd != fd) + errx(1, "Child wrote to fd %u, not %u?", + child_writes[0].fd, fd); + if (child_writes[0].off != p->u.write.off) + errx(1, "Child wrote to offset %zu, not %zu?", + (size_t)child_writes[0].off, + (size_t)p->u.write.off); + if (child_writes[0].count != count) + errx(1, "Child wrote length %zu, not %zu?", + child_writes[0].count, count); + if (memcmp(child_writes[0].buf, buf, count)) { + child_fail(NULL, 0, + "Child wrote differently to" + " fd %u than we did!\n", fd); + } + free((char *)child_writes[0].buf); + child_writes_num--; + memmove(&child_writes[0], &child_writes[1], + sizeof(child_writes[0]) * child_writes_num); + + /* Child wrote it already. */ + trace("write %s:%i on fd %i already done by child\n", + file, line, fd); + p->u.write.ret = count; + errno = p->error; + return p->u.write.ret; + } + + if (is_file) { + p->u.write.saved = save_contents(call.opener->u.open.pathname, + fd, count, off, + "being overwritten"); + set_cleanup(p, cleanup_write, struct write_call); + } + + /* Though off is current seek ptr for write case, we need to + * move it. write() does that for us. */ + if (p->u.write.is_pwrite) + p->u.write.ret = pwrite(fd, buf, count, off); + else + p->u.write.ret = write(fd, buf, count); + } + trace("%swrite %s:%i %zu@%llu on fd %i -> %i\n", + p->u.write.is_pwrite ? "p" : "", + file, line, count, (long long)off, fd, p->u.write.ret); + errno = p->error; + return p->u.write.ret; +} + +ssize_t failtest_pwrite(int fd, const void *buf, size_t count, off_t offset, + const char *file, unsigned line) +{ + return failtest_add_write(fd, buf, count, offset, true, file, line); +} + +ssize_t failtest_write(int fd, const void *buf, size_t count, + const char *file, unsigned line) +{ + return failtest_add_write(fd, buf, count, lseek(fd, 0, SEEK_CUR), false, + file, line); +} + +ssize_t failtest_pread(int fd, void *buf, size_t count, off_t off, + const char *file, unsigned line) +{ + return failtest_add_read(fd, buf, count, off, true, file, line); +} + +ssize_t failtest_read(int fd, void *buf, size_t count, + const char *file, unsigned line) +{ + return failtest_add_read(fd, buf, count, lseek(fd, 0, SEEK_CUR), false, + file, line); +} + +static struct lock_info *WARN_UNUSED_RESULT +add_lock(struct lock_info *locks, int fd, off_t start, off_t end, int type) +{ + unsigned int i; + struct lock_info *l; + + for (i = 0; i < lock_num; i++) { + l = &locks[i]; + + if (l->fd != fd) + continue; + /* Four cases we care about: + * Start overlap: + * l = | | + * new = | | + * Mid overlap: + * l = | | + * new = | | + * End overlap: + * l = | | + * new = | | + * Total overlap: + * l = | | + * new = | | + */ + if (start > l->start && end < l->end) { + /* Mid overlap: trim entry, add new one. */ + off_t new_start, new_end; + new_start = end + 1; + new_end = l->end; + trace("splitting lock on fd %i from %llu-%llu" + " to %llu-%llu\n", + fd, (long long)l->start, (long long)l->end, + (long long)l->start, (long long)start - 1); + l->end = start - 1; + locks = add_lock(locks, + fd, new_start, new_end, l->type); + l = &locks[i]; + } else if (start <= l->start && end >= l->end) { + /* Total overlap: eliminate entry. */ + trace("erasing lock on fd %i %llu-%llu\n", + fd, (long long)l->start, (long long)l->end); + l->end = 0; + l->start = 1; + } else if (end >= l->start && end < l->end) { + trace("trimming lock on fd %i from %llu-%llu" + " to %llu-%llu\n", + fd, (long long)l->start, (long long)l->end, + (long long)end + 1, (long long)l->end); + /* Start overlap: trim entry. */ + l->start = end + 1; + } else if (start > l->start && start <= l->end) { + trace("trimming lock on fd %i from %llu-%llu" + " to %llu-%llu\n", + fd, (long long)l->start, (long long)l->end, + (long long)l->start, (long long)start - 1); + /* End overlap: trim entry. */ + l->end = start-1; + } + /* Nothing left? Remove it. */ + if (l->end < l->start) { + trace("forgetting lock on fd %i\n", fd); + memmove(l, l + 1, (--lock_num - i) * sizeof(l[0])); + i--; + } + } + + if (type != F_UNLCK) { + locks = realloc(locks, (lock_num + 1) * sizeof(*locks)); + l = &locks[lock_num++]; + l->fd = fd; + l->start = start; + l->end = end; + l->type = type; + trace("new lock on fd %i %llu-%llu\n", + fd, (long long)l->start, (long long)l->end); + } + return locks; +} + +/* We trap this so we can record it: we don't fail it. */ +int failtest_close(int fd, const char *file, unsigned line) +{ + struct close_call call; + struct failtest_call *p, *opener; + + /* Do this before we add ourselves to history! */ + opener = opener_of(fd); + + call.fd = fd; + p = add_history(FAILTEST_CLOSE, false, file, line, &call); + p->fail = false; + + /* Consume close from failpath (shouldn't tell us to fail). */ + if (following_path()) { + if (follow_path(p)) + abort(); + } + + trace("close on fd %i\n", fd); + if (fd < 0) + return close(fd); + + /* Mark opener as not leaking, remove its cleanup function. */ + if (opener) { + trace("close on fd %i found opener %p\n", fd, opener); + if (opener->type == FAILTEST_PIPE) { + /* From a pipe? */ + if (opener->u.pipe.fds[0] == fd) { + assert(!opener->u.pipe.closed[0]); + opener->u.pipe.closed[0] = true; + } else if (opener->u.pipe.fds[1] == fd) { + assert(!opener->u.pipe.closed[1]); + opener->u.pipe.closed[1] = true; + } else + abort(); + opener->can_leak = (!opener->u.pipe.closed[0] + || !opener->u.pipe.closed[1]); + } else if (opener->type == FAILTEST_OPEN) { + opener->u.open.closed = true; + opener->can_leak = false; + } else + abort(); + } + + /* Restore offset now, in case parent shared (can't do after close!). */ + if (control_fd != -1) { + struct failtest_call *i; + + tlist_for_each_rev(&history, i, list) { + if (i == our_history_start) + break; + if (i == opener) + break; + if (i->type == FAILTEST_LSEEK && i->u.lseek.fd == fd) { + trace("close on fd %i undoes lseek\n", fd); + /* This seeks back. */ + i->cleanup(&i->u, true); + i->cleanup = NULL; + } else if (i->type == FAILTEST_WRITE + && i->u.write.fd == fd + && !i->u.write.is_pwrite) { + trace("close on fd %i undoes write" + " offset change\n", fd); + /* Write (not pwrite!) moves file offset! */ + if (lseek(fd, i->u.write.off, SEEK_SET) + != i->u.write.off) { + fwarn("Restoring lseek pointer failed (write)"); + } + } else if (i->type == FAILTEST_READ + && i->u.read.fd == fd) { + /* preads don't *have* cleanups */ + if (i->cleanup) { + trace("close on fd %i undoes read" + " offset change\n", fd); + /* This seeks back. */ + i->cleanup(&i->u, true); + i->cleanup = NULL; + } + } + } + } + + /* Close unlocks everything. */ + locks = add_lock(locks, fd, 0, off_max(), F_UNLCK); + return close(fd); +} + +/* Zero length means "to end of file" */ +static off_t end_of(off_t start, off_t len) +{ + if (len == 0) + return off_max(); + return start + len - 1; +} + +/* FIXME: This only handles locks, really. */ +int failtest_fcntl(int fd, const char *file, unsigned line, int cmd, ...) +{ + struct failtest_call *p; + struct fcntl_call call; + va_list ap; + + call.fd = fd; + call.cmd = cmd; + + /* Argument extraction. */ + switch (cmd) { + case F_SETFL: + case F_SETFD: + va_start(ap, cmd); + call.arg.l = va_arg(ap, long); + va_end(ap); + trace("fcntl on fd %i F_SETFL/F_SETFD\n", fd); + return fcntl(fd, cmd, call.arg.l); + case F_GETFD: + case F_GETFL: + trace("fcntl on fd %i F_GETFL/F_GETFD\n", fd); + return fcntl(fd, cmd); + case F_GETLK: + trace("fcntl on fd %i F_GETLK\n", fd); + get_locks(); + va_start(ap, cmd); + call.arg.fl = *va_arg(ap, struct flock *); + va_end(ap); + return fcntl(fd, cmd, &call.arg.fl); + case F_SETLK: + case F_SETLKW: + trace("fcntl on fd %i F_SETLK%s\n", + fd, cmd == F_SETLKW ? "W" : ""); + va_start(ap, cmd); + call.arg.fl = *va_arg(ap, struct flock *); + va_end(ap); + break; + default: + /* This means you need to implement it here. */ + err(1, "failtest: unknown fcntl %u", cmd); + } + + p = add_history(FAILTEST_FCNTL, false, file, line, &call); + + if (should_fail(p)) { + p->u.fcntl.ret = -1; + if (p->u.fcntl.cmd == F_SETLK) + p->error = EAGAIN; + else + p->error = EDEADLK; + } else { + get_locks(); + p->u.fcntl.ret = fcntl(p->u.fcntl.fd, p->u.fcntl.cmd, + &p->u.fcntl.arg.fl); + if (p->u.fcntl.ret == -1) + p->error = errno; + else { + /* We don't handle anything else yet. */ + assert(p->u.fcntl.arg.fl.l_whence == SEEK_SET); + locks = add_lock(locks, + p->u.fcntl.fd, + p->u.fcntl.arg.fl.l_start, + end_of(p->u.fcntl.arg.fl.l_start, + p->u.fcntl.arg.fl.l_len), + p->u.fcntl.arg.fl.l_type); + } + } + trace("fcntl on fd %i -> %i\n", fd, p->u.fcntl.ret); + errno = p->error; + return p->u.fcntl.ret; +} + +static void cleanup_lseek(struct lseek_call *call, bool restore) +{ + if (restore) { + trace("cleaning up lseek on fd %i -> %llu\n", + call->fd, (long long)call->old_off); + if (lseek(call->fd, call->old_off, SEEK_SET) != call->old_off) + fwarn("Restoring lseek pointer failed"); + } +} + +/* We trap this so we can undo it: we don't fail it. */ +off_t failtest_lseek(int fd, off_t offset, int whence, const char *file, + unsigned int line) +{ + struct failtest_call *p; + struct lseek_call call; + call.fd = fd; + call.offset = offset; + call.whence = whence; + call.old_off = lseek(fd, 0, SEEK_CUR); + + p = add_history(FAILTEST_LSEEK, false, file, line, &call); + p->fail = false; + + /* Consume lseek from failpath. */ + if (failpath) + if (should_fail(p)) + abort(); + + p->u.lseek.ret = lseek(fd, offset, whence); + + if (p->u.lseek.ret != (off_t)-1) + set_cleanup(p, cleanup_lseek, struct lseek_call); + + trace("lseek %s:%u on fd %i from %llu to %llu%s\n", + file, line, fd, (long long)call.old_off, (long long)offset, + whence == SEEK_CUR ? " (from current off)" : + whence == SEEK_END ? " (from end)" : + whence == SEEK_SET ? "" : " (invalid whence)"); + return p->u.lseek.ret; +} + + +pid_t failtest_getpid(const char *file, unsigned line) +{ + /* You must call failtest_init first! */ + assert(orig_pid); + return orig_pid; +} + +void failtest_init(int argc, char *argv[]) +{ + unsigned int i; + + orig_pid = getpid(); + + warnf = fdopen(move_fd_to_high(dup(STDERR_FILENO)), "w"); + for (i = 1; i < argc; i++) { + if (!strncmp(argv[i], "--failpath=", strlen("--failpath="))) { + failpath = argv[i] + strlen("--failpath="); + } else if (strcmp(argv[i], "--trace") == 0) { + tracef = warnf; + failtest_timeout_ms = -1; + } else if (!strncmp(argv[i], "--debugpath=", + strlen("--debugpath="))) { + debugpath = argv[i] + strlen("--debugpath="); + } + } + failtable_init(&failtable); + start = time_now(); +} + +bool failtest_has_failed(void) +{ + return control_fd != -1; +} + +void failtest_exit(int status) +{ + trace("failtest_exit with status %i\n", status); + if (failtest_exit_check) { + if (!failtest_exit_check(&history)) + child_fail(NULL, 0, "failtest_exit_check failed\n"); + } + + failtest_cleanup(false, status); +} diff --git a/lib/ccan/failtest/failtest.d b/lib/ccan/failtest/failtest.d new file mode 100644 index 0000000000..6aa295d6f8 --- /dev/null +++ b/lib/ccan/failtest/failtest.d @@ -0,0 +1,70 @@ +ccan/failtest/failtest.o: ccan/failtest/failtest.c \ + ccan/failtest/failtest.h config.h \ + /usr/include/i386-linux-gnu/sys/types.h /usr/include/features.h \ + /usr/include/i386-linux-gnu/bits/predefs.h \ + /usr/include/i386-linux-gnu/sys/cdefs.h \ + /usr/include/i386-linux-gnu/bits/wordsize.h \ + /usr/include/i386-linux-gnu/gnu/stubs.h \ + /usr/include/i386-linux-gnu/gnu/stubs-32.h \ + /usr/include/i386-linux-gnu/bits/types.h \ + /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/time.h \ + /usr/lib/gcc/i686-linux-gnu/4.5.4/include/stddef.h /usr/include/endian.h \ + /usr/include/i386-linux-gnu/bits/endian.h \ + /usr/include/i386-linux-gnu/bits/byteswap.h \ + /usr/include/i386-linux-gnu/sys/select.h \ + /usr/include/i386-linux-gnu/bits/select.h \ + /usr/include/i386-linux-gnu/bits/sigset.h \ + /usr/include/i386-linux-gnu/bits/time.h \ + /usr/include/i386-linux-gnu/sys/sysmacros.h \ + /usr/include/i386-linux-gnu/bits/pthreadtypes.h \ + /usr/lib/gcc/i686-linux-gnu/4.5.4/include/stdbool.h /usr/include/fcntl.h \ + /usr/include/i386-linux-gnu/bits/fcntl.h \ + /usr/include/i386-linux-gnu/bits/uio.h \ + /usr/include/i386-linux-gnu/bits/stat.h ccan/compiler/compiler.h \ + ccan/tlist/tlist.h ccan/list/list.h /usr/include/assert.h \ + ccan/container_of/container_of.h ccan/check_type/check_type.h \ + ccan/tcon/tcon.h /usr/lib/gcc/i686-linux-gnu/4.5.4/include/stdarg.h \ + /usr/include/string.h /usr/include/xlocale.h /usr/include/stdio.h \ + /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ + /usr/include/i386-linux-gnu/bits/stdio_lim.h \ + /usr/include/i386-linux-gnu/bits/sys_errlist.h /usr/include/ctype.h \ + /usr/include/err.h /usr/include/unistd.h \ + /usr/include/i386-linux-gnu/bits/posix_opt.h \ + /usr/include/i386-linux-gnu/bits/environments.h \ + /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \ + /usr/include/poll.h /usr/include/i386-linux-gnu/sys/poll.h \ + /usr/include/i386-linux-gnu/bits/poll.h /usr/include/errno.h \ + /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \ + /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \ + /usr/include/asm-generic/errno-base.h \ + /usr/include/i386-linux-gnu/sys/wait.h /usr/include/signal.h \ + /usr/include/i386-linux-gnu/bits/signum.h \ + /usr/include/i386-linux-gnu/bits/siginfo.h \ + /usr/include/i386-linux-gnu/bits/sigaction.h \ + /usr/include/i386-linux-gnu/bits/sigcontext.h \ + /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \ + /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \ + /usr/include/asm-generic/int-ll64.h \ + /usr/include/i386-linux-gnu/asm/bitsperlong.h \ + /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \ + /usr/include/linux/stddef.h \ + /usr/include/i386-linux-gnu/asm/posix_types.h \ + /usr/include/i386-linux-gnu/asm/posix_types_32.h \ + /usr/include/i386-linux-gnu/bits/sigstack.h \ + /usr/include/i386-linux-gnu/sys/ucontext.h \ + /usr/include/i386-linux-gnu/bits/sigthread.h \ + /usr/include/i386-linux-gnu/sys/resource.h \ + /usr/include/i386-linux-gnu/bits/resource.h \ + /usr/include/i386-linux-gnu/bits/waitflags.h \ + /usr/include/i386-linux-gnu/bits/waitstatus.h \ + /usr/include/i386-linux-gnu/sys/stat.h \ + /usr/include/i386-linux-gnu/sys/time.h \ + /usr/include/i386-linux-gnu/sys/mman.h \ + /usr/include/i386-linux-gnu/bits/mman.h ccan/time/time.h \ + /usr/lib/gcc/i686-linux-gnu/4.5.4/include/stdint.h /usr/include/stdint.h \ + /usr/include/i386-linux-gnu/bits/wchar.h \ + ccan/read_write_all/read_write_all.h ccan/failtest/failtest_proto.h \ + /usr/include/stdlib.h /usr/include/alloca.h \ + ccan/build_assert/build_assert.h ccan/hash/hash.h \ + ccan/htable/htable_type.h ccan/htable/htable.h ccan/str/str.h \ + ccan/str/str_debug.h /usr/include/execinfo.h diff --git a/lib/ccan/failtest/failtest.h b/lib/ccan/failtest/failtest.h new file mode 100644 index 0000000000..9af5669678 --- /dev/null +++ b/lib/ccan/failtest/failtest.h @@ -0,0 +1,258 @@ +/* Licensed under LGPL - see LICENSE file for details */ +#ifndef CCAN_FAILTEST_H +#define CCAN_FAILTEST_H +#include "config.h" +#if HAVE_FILE_OFFSET_BITS +#define _FILE_OFFSET_BITS 64 +#endif +#include <sys/types.h> +#include <stdbool.h> +#include <fcntl.h> +#include <ccan/compiler/compiler.h> +#include <ccan/tlist/tlist.h> + +/** + * failtest_init - initialize the failtest module + * @argc: the number of commandline arguments + * @argv: the commandline argument array + * + * This initializes the module, and in particular if argv[1] is "--failpath=" + * then it ensures that failures follow that pattern. This allows easy + * debugging of complex failure paths. + */ +void failtest_init(int argc, char *argv[]); + +/** + * failtest_exit - clean up and exit the test + * @status: the status (usually exit_status() from ccan/tap). + * + * This cleans up and changes to files made in this child, and exits the test. + * It also calls your failtest_default_hook, if any. + * + * A child which does not exit via failtest_exit() will cause the overall test + * to fail. + */ +void NORETURN failtest_exit(int status); + +/** + * enum failtest_call_type - discriminator for failtest_call.u + */ +enum failtest_call_type { + FAILTEST_MALLOC, + FAILTEST_CALLOC, + FAILTEST_REALLOC, + FAILTEST_OPEN, + FAILTEST_CLOSE, + FAILTEST_PIPE, + FAILTEST_READ, + FAILTEST_WRITE, + FAILTEST_FCNTL, + FAILTEST_MMAP, + FAILTEST_LSEEK +}; + +struct calloc_call { + void *ret; + size_t nmemb; + size_t size; +}; + +struct malloc_call { + void *ret; + size_t size; +}; + +struct realloc_call { + void *ret; + void *ptr; + size_t size; +}; + +struct open_call { + int ret; + const char *pathname; + int flags; + mode_t mode; + bool always_save; + bool closed; + /* This is used for O_TRUNC opens on existing files. */ + struct contents_saved *saved; +}; + +struct close_call { + int fd; +}; + +struct pipe_call { + int ret; + int fds[2]; + bool closed[2]; +}; + +struct read_call { + ssize_t ret; + off_t off; + int fd; + void *buf; + size_t count; +}; + +struct write_call { + ssize_t ret; + int fd; + const void *buf; + size_t count; + off_t off; + bool is_pwrite; + struct failtest_call *opener; + struct contents_saved *saved; +}; + +struct fcntl_call { + int ret; + int fd; + int cmd; + union { + struct flock fl; + long l; + int i; + } arg; +}; + +struct mmap_call { + void *ret; + void *addr; + size_t length; + int prot; + int flags; + int fd; + off_t offset; + struct failtest_call *opener; + struct contents_saved *saved; +}; + +struct lseek_call { + ssize_t ret; + int fd; + off_t offset; + int whence; + off_t old_off; +}; + +/** + * struct failtest_call - description of a call redirected to failtest module + * @type: the call type + * @file: the filename of the caller + * @line: the line number of the caller + * @fail: did this call fail + * @error: the errno (if any) + * @u: the union of call data + * + * This structure is used to represent the ordered history of calls. + * + * See Also: + * failtest_hook, failtest_exit_check + */ +struct failtest_call { + /* We're in the history list. */ + struct list_node list; + enum failtest_call_type type; + /* Where we were called from. */ + const char *file; + unsigned int line; + /* Did we fail? */ + bool fail; + /* What we set errno to. */ + int error; + /* How do we clean this up? */ + void (*cleanup)(void *u, bool restore); + /* Should their program have cleaned up? */ + bool can_leak; + /* Backtrace of call chain. */ + void **backtrace; + unsigned int backtrace_num; + /* The actual call data. */ + union { + struct calloc_call calloc; + struct malloc_call malloc; + struct realloc_call realloc; + struct open_call open; + struct close_call close; + struct pipe_call pipe; + struct read_call read; + struct write_call write; + struct fcntl_call fcntl; + struct mmap_call mmap; + struct lseek_call lseek; + } u; +}; + +/* This defines struct tlist_calls. */ +TLIST_TYPE(calls, struct failtest_call); + +enum failtest_result { + /* Yes try failing this call. */ + FAIL_OK, + /* No, don't try failing this call. */ + FAIL_DONT_FAIL, + /* Try failing this call but don't go too far down that path. */ + FAIL_PROBE, +}; + +/** + * failtest_hook - whether a certain call should fail or not. + * @history: the ordered history of all failtest calls. + * + * The default value of this hook is failtest_default_hook(), which returns + * FAIL_OK (ie. yes, fail the call). + * + * You can override it, and avoid failing certain calls. The parameters + * of the call (but not the return value(s)) will be filled in for the last + * call. + * + * Example: + * static enum failtest_result dont_fail_alloc(struct tlist_calls *history) + * { + * struct failtest_call *call; + * call = tlist_tail(history, list); + * if (call->type == FAILTEST_MALLOC + * || call->type == FAILTEST_CALLOC + * || call->type == FAILTEST_REALLOC) + * return FAIL_DONT_FAIL; + * return FAIL_OK; + * } + * ... + * failtest_hook = dont_fail_alloc; + */ +extern enum failtest_result (*failtest_hook)(struct tlist_calls *history); + +/** + * failtest_exit_check - hook for additional checks on a failed child. + * @history: the ordered history of all failtest calls. + * + * Your program might have additional checks to do on failure, such as + * check that a file is not corrupted, or than an error message has been + * logged. + * + * If this returns false, the path to this failure will be printed and the + * overall test will fail. + */ +extern bool (*failtest_exit_check)(struct tlist_calls *history); + +/** + * failtest_has_failed - determine if a failure has occurred. + * + * Sometimes you want to exit immediately if you've experienced an + * injected failure. This is useful when you have four separate tests + * in your test suite, and you don't want to do the next one if you've + * had a failure in a previous one. + */ +extern bool failtest_has_failed(void); + +/** + * failtest_timeout_ms - how long to wait before killing child. + * + * Default is 20,000 (20 seconds). + */ +extern unsigned int failtest_timeout_ms; +#endif /* CCAN_FAILTEST_H */ diff --git a/lib/ccan/failtest/failtest_override.h b/lib/ccan/failtest/failtest_override.h new file mode 100644 index 0000000000..204494b086 --- /dev/null +++ b/lib/ccan/failtest/failtest_override.h @@ -0,0 +1,81 @@ +/* Licensed under LGPL - see LICENSE file for details */ +#ifndef CCAN_FAILTEST_OVERRIDE_H +#define CCAN_FAILTEST_OVERRIDE_H +/* This file is included before the source file to test. */ +#include "config.h" +#if HAVE_FILE_OFFSET_BITS +#define _FILE_OFFSET_BITS 64 +#endif + +/* Replacement of allocators. */ +#include <stdlib.h> + +#undef calloc +#define calloc(nmemb, size) \ + failtest_calloc((nmemb), (size), __FILE__, __LINE__) + +#undef malloc +#define malloc(size) \ + failtest_malloc((size), __FILE__, __LINE__) + +#undef realloc +#define realloc(ptr, size) \ + failtest_realloc((ptr), (size), __FILE__, __LINE__) + +#undef free +#define free(ptr) \ + failtest_free(ptr) + +/* Replacement of I/O. */ +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/mman.h> +#include <fcntl.h> +#include <unistd.h> + +#undef open +#define open(pathname, ...) \ + failtest_open((pathname), __FILE__, __LINE__, __VA_ARGS__) + +#undef pipe +#define pipe(pipefd) \ + failtest_pipe((pipefd), __FILE__, __LINE__) + +#undef read +#define read(fd, buf, count) \ + failtest_read((fd), (buf), (count), __FILE__, __LINE__) + +#undef write +#define write(fd, buf, count) \ + failtest_write((fd), (buf), (count), __FILE__, __LINE__) + +#undef pread +#define pread(fd, buf, count, off) \ + failtest_pread((fd), (buf), (count), (off), __FILE__, __LINE__) + +#undef pwrite +#define pwrite(fd, buf, count, off) \ + failtest_pwrite((fd), (buf), (count), (off), __FILE__, __LINE__) + +#undef close +#define close(fd) failtest_close(fd, __FILE__, __LINE__) + +#undef fcntl +#define fcntl(fd, ...) failtest_fcntl((fd), __FILE__, __LINE__, __VA_ARGS__) + +#undef mmap +#define mmap(addr, length, prot, flags, fd, offset) \ + failtest_mmap((addr), (length), (prot), (flags), (fd), (offset), \ + __FILE__, __LINE__) + +#undef lseek +#define lseek(fd, offset, whence) \ + failtest_lseek((fd), (offset), (whence), __FILE__, __LINE__) + +/* Replacement of getpid (since failtest will fork). */ +#undef getpid +#define getpid() failtest_getpid(__FILE__, __LINE__) + +#include <ccan/failtest/failtest_proto.h> + +#endif /* CCAN_FAILTEST_OVERRIDE_H */ diff --git a/lib/ccan/failtest/failtest_proto.h b/lib/ccan/failtest/failtest_proto.h new file mode 100644 index 0000000000..c7e6b48984 --- /dev/null +++ b/lib/ccan/failtest/failtest_proto.h @@ -0,0 +1,31 @@ +/* Licensed under LGPL - see LICENSE file for details */ +#ifndef CCAN_FAILTEST_PROTO_H +#define CCAN_FAILTEST_PROTO_H +#include <stdlib.h> + +/* Potentially-failing versions of routines; #defined in failtest.h */ +void *failtest_calloc(size_t nmemb, size_t size, + const char *file, unsigned line); +void *failtest_malloc(size_t size, const char *file, unsigned line); +void *failtest_realloc(void *ptr, size_t size, + const char *file, unsigned line); +void failtest_free(void *ptr); +int failtest_open(const char *pathname, + const char *file, unsigned line, ...); +int failtest_pipe(int pipefd[2], const char *file, unsigned line); +ssize_t failtest_read(int fd, void *buf, size_t count, + const char *file, unsigned line); +ssize_t failtest_write(int fd, const void *buf, size_t count, + const char *file, unsigned line); +ssize_t failtest_pread(int fd, void *buf, size_t count, off_t offset, + const char *file, unsigned line); +ssize_t failtest_pwrite(int fd, const void *buf, size_t count, off_t offset, + const char *file, unsigned line); +void *failtest_mmap(void *addr, size_t length, int prot, int flags, + int fd, off_t offset, const char *file, unsigned line); +off_t failtest_lseek(int fd, off_t offset, int whence, + const char *file, unsigned line); +int failtest_close(int fd, const char *file, unsigned line); +int failtest_fcntl(int fd, const char *file, unsigned line, int cmd, ...); +pid_t failtest_getpid(const char *file, unsigned line); +#endif /* CCAN_FAILTEST_PROTO_H */ diff --git a/lib/ccan/failtest/failtest_undo.h b/lib/ccan/failtest/failtest_undo.h new file mode 100644 index 0000000000..3bb953dedd --- /dev/null +++ b/lib/ccan/failtest/failtest_undo.h @@ -0,0 +1,49 @@ +/* Licensed under LGPL - see LICENSE file for details */ +#ifndef CCAN_FAILTEST_RESTORE_H +#define CCAN_FAILTEST_RESTORE_H +/* This file undoes the effect of failtest_override.h. */ + +#undef calloc +#define calloc(nmemb, size) \ + failtest_calloc((nmemb), (size), NULL, 0) + +#undef malloc +#define malloc(size) \ + failtest_malloc((size), NULL, 0) + +#undef realloc +#define realloc(ptr, size) \ + failtest_realloc((ptr), (size), NULL, 0) + +#undef open +#define open(pathname, ...) \ + failtest_open((pathname), NULL, 0, __VA_ARGS__) + +#undef pipe +#define pipe(pipefd) \ + failtest_pipe((pipefd), NULL, 0) + +#undef read +#define read(fd, buf, count) \ + failtest_read((fd), (buf), (count), NULL, 0) + +#undef write +#define write(fd, buf, count) \ + failtest_write((fd), (buf), (count), NULL, 0) + +#undef mmap +#define mmap(addr, length, prot, flags, fd, offset) \ + failtest_mmap((addr), (length), (prot), (flags), (fd), (offset), NULL, 0) + +#undef lseek +#define lseek(fd, off, whence) \ + failtest_lseek((fd), (off), (whence), NULL, 0) + +#undef close +#define close(fd) failtest_close(fd) + +#undef fcntl +#define fcntl(fd, ...) \ + failtest_fcntl((fd), NULL, 0, __VA_ARGS__) + +#endif /* CCAN_FAILTEST_RESTORE_H */ diff --git a/lib/ccan/failtest/test/run-failpath.c b/lib/ccan/failtest/test/run-failpath.c new file mode 100644 index 0000000000..9795ee9d05 --- /dev/null +++ b/lib/ccan/failtest/test/run-failpath.c @@ -0,0 +1,39 @@ +#include <ccan/failtest/failtest.c> +#include <stdlib.h> +#include <setjmp.h> +#include <stdio.h> +#include <stdarg.h> +#include <ccan/tap/tap.h> + +int main(void) +{ + int fds[2], fd; + void *p; + + plan_tests(14); + failtest_init(0, NULL); + + failpath = "mceopwrMCEOPWR"; + + ok1((p = failtest_malloc(10, "run-failpath.c", 1)) != NULL); + ok1(failtest_calloc(10, 5, "run-failpath.c", 1) != NULL); + ok1((p = failtest_realloc(p, 100, "run-failpath.c", 1)) != NULL); + ok1((fd = failtest_open("failpath-scratch", "run-failpath.c", 1, + O_RDWR|O_CREAT, 0600)) >= 0); + ok1(failtest_pipe(fds, "run-failpath.c", 1) == 0); + ok1(failtest_write(fd, "xxxx", 4, "run-failpath.c", 1) == 4); + lseek(fd, 0, SEEK_SET); + ok1(failtest_read(fd, p, 5, "run-failpath.c", 1) == 4); + + /* Now we're into the failures. */ + ok1(failtest_malloc(10, "run-failpath.c", 1) == NULL); + ok1(failtest_calloc(10, 5, "run-failpath.c", 1) == NULL); + ok1(failtest_realloc(p, 100, "run-failpath.c", 1) == NULL); + ok1(failtest_open("failpath-scratch", "run-failpath.c", 1, + O_RDWR|O_CREAT, 0600) == -1); + ok1(failtest_pipe(fds, "run-failpath.c", 1) == -1); + ok1(failtest_write(fd, "xxxx", 4, "run-failpath.c", 1) == -1); + lseek(fd, 0, SEEK_SET); + ok1(failtest_read(fd, p, 5, "run-failpath.c", 1) == -1); + return exit_status(); +} diff --git a/lib/ccan/failtest/test/run-history.c b/lib/ccan/failtest/test/run-history.c new file mode 100644 index 0000000000..b78682f5d5 --- /dev/null +++ b/lib/ccan/failtest/test/run-history.c @@ -0,0 +1,183 @@ +/* Include the C files directly. */ +#include <ccan/failtest/failtest.c> +#include <stdlib.h> +#include <stdio.h> +#include <stdarg.h> +#include <ccan/tap/tap.h> + +int main(void) +{ + struct failtest_call *call; + struct calloc_call calloc_call; + struct malloc_call malloc_call; + struct realloc_call realloc_call; + struct open_call open_call; + struct pipe_call pipe_call; + struct read_call read_call; + struct write_call write_call; + struct mmap_call mmap_call; + char buf[20]; + unsigned int i; + char *path; + + /* This is how many tests you plan to run */ + plan_tests(69); + + calloc_call.ret = calloc(1, 2); + calloc_call.nmemb = 1; + calloc_call.size = 2; + call = add_history(FAILTEST_CALLOC, true, + "run-history.c", 1, &calloc_call); + /* Normally should_fail would set this. */ + call->fail = false; + ok1(call->type == FAILTEST_CALLOC); + ok1(call->can_leak == true); + ok1(strcmp(call->file, "run-history.c") == 0); + ok1(call->line == 1); + ok1(call->u.calloc.ret == calloc_call.ret); + ok1(call->u.calloc.nmemb == calloc_call.nmemb); + ok1(call->u.calloc.size == calloc_call.size); + + malloc_call.ret = malloc(2); + malloc_call.size = 2; + call = add_history(FAILTEST_MALLOC, true, + "run-history.c", 2, &malloc_call); + /* Normally should_fail would set this. */ + call->fail = false; + ok1(call->type == FAILTEST_MALLOC); + ok1(call->can_leak == true); + ok1(strcmp(call->file, "run-history.c") == 0); + ok1(call->line == 2); + ok1(call->u.malloc.ret == malloc_call.ret); + ok1(call->u.malloc.size == malloc_call.size); + + realloc_call.ret = realloc(malloc_call.ret, 3); + realloc_call.ptr = malloc_call.ret; + realloc_call.size = 3; + call = add_history(FAILTEST_REALLOC, true, "run-history.c", 3, + &realloc_call); + /* Normally should_fail would set this. */ + call->fail = false; + ok1(call->type == FAILTEST_REALLOC); + ok1(call->can_leak == true); + ok1(strcmp(call->file, "run-history.c") == 0); + ok1(call->line == 3); + ok1(call->u.realloc.ret == realloc_call.ret); + ok1(call->u.realloc.ptr == realloc_call.ptr); + ok1(call->u.realloc.size == realloc_call.size); + + open_call.ret = open("test/run-history.c", O_RDONLY); + open_call.pathname = "test/run-history.c"; + open_call.flags = O_RDONLY; + open_call.mode = 0; + open_call.closed = false; + call = add_history(FAILTEST_OPEN, true, "run-history.c", 4, &open_call); + /* Normally should_fail would set this. */ + call->fail = false; + ok1(call->type == FAILTEST_OPEN); + ok1(call->can_leak == true); + ok1(strcmp(call->file, "run-history.c") == 0); + ok1(call->line == 4); + ok1(call->u.open.ret == open_call.ret); + ok1(strcmp(call->u.open.pathname, open_call.pathname) == 0); + ok1(call->u.open.flags == open_call.flags); + ok1(call->u.open.mode == open_call.mode); + + pipe_call.ret = pipe(pipe_call.fds); + call = add_history(FAILTEST_PIPE, true, "run-history.c", 5, &pipe_call); + /* Normally should_fail would set this. */ + call->fail = false; + ok1(call->type == FAILTEST_PIPE); + ok1(strcmp(call->file, "run-history.c") == 0); + ok1(call->can_leak == true); + ok1(call->line == 5); + ok1(call->u.pipe.ret == pipe_call.ret); + ok1(call->u.pipe.fds[0] == pipe_call.fds[0]); + ok1(call->u.pipe.fds[1] == pipe_call.fds[1]); + + read_call.ret = read(open_call.ret, buf, 20); + read_call.buf = buf; + read_call.fd = open_call.ret; + read_call.count = 20; + call = add_history(FAILTEST_READ, false, "run-history.c", 6, &read_call); + /* Normally should_fail would set this. */ + call->fail = false; + ok1(call->type == FAILTEST_READ); + ok1(call->can_leak == false); + ok1(strcmp(call->file, "run-history.c") == 0); + ok1(call->line == 6); + ok1(call->u.read.ret == read_call.ret); + ok1(call->u.read.buf == read_call.buf); + ok1(call->u.read.fd == read_call.fd); + ok1(call->u.read.count == read_call.count); + + write_call.ret = 20; + write_call.buf = buf; + write_call.fd = open_call.ret; + write_call.count = 20; + write_call.opener = NULL; + call = add_history(FAILTEST_WRITE, false, "run-history.c", 7, + &write_call); + /* Normally should_fail would set this. */ + call->fail = false; + ok1(call->type == FAILTEST_WRITE); + ok1(call->can_leak == false); + ok1(strcmp(call->file, "run-history.c") == 0); + ok1(call->line == 7); + ok1(call->u.write.ret == write_call.ret); + ok1(call->u.write.buf == write_call.buf); + ok1(call->u.write.fd == write_call.fd); + ok1(call->u.write.count == write_call.count); + ok1(call->u.write.opener == write_call.opener); + + mmap_call.ret = &mmap_call; + mmap_call.addr = NULL; + mmap_call.length = 4096; + mmap_call.prot = PROT_READ; + mmap_call.flags = 0; + mmap_call.fd = open_call.ret; + mmap_call.offset = 0; + mmap_call.opener = opener_of(open_call.ret); + ok1(mmap_call.opener->type == FAILTEST_OPEN); + mmap_call.saved = NULL; + + call = add_history(FAILTEST_MMAP, false, "run-history.c", 8, + &mmap_call); + /* Normally should_fail would set this. */ + call->fail = false; + ok1(call->type == FAILTEST_MMAP); + ok1(call->can_leak == false); + ok1(strcmp(call->file, "run-history.c") == 0); + ok1(call->line == 8); + ok1(call->u.mmap.ret == mmap_call.ret); + ok1(call->u.mmap.addr == mmap_call.addr); + ok1(call->u.mmap.length == mmap_call.length); + ok1(call->u.mmap.prot == mmap_call.prot); + ok1(call->u.mmap.flags == mmap_call.flags); + ok1(call->u.mmap.fd == mmap_call.fd); + ok1(call->u.mmap.offset == mmap_call.offset); + ok1(call->u.mmap.opener == mmap_call.opener); + ok1(call->u.mmap.saved == mmap_call.saved); + + i = 0; + tlist_for_each(&history, call, list) + i++; + + ok1(i == 8); + + tlist_for_each(&history, call, list) + call->fail = false; + + path = failpath_string(); + ok1(streq(path, "cmeoprwa")); + free(path); + + tlist_for_each(&history, call, list) + call->fail = true; + + path = failpath_string(); + ok1(streq(path, "CMEOPRWA")); + free(path); + + return exit_status(); +} diff --git a/lib/ccan/failtest/test/run-locking.c b/lib/ccan/failtest/test/run-locking.c new file mode 100644 index 0000000000..da0ee70fac --- /dev/null +++ b/lib/ccan/failtest/test/run-locking.c @@ -0,0 +1,134 @@ +/* Include the C files directly. */ +#include <ccan/failtest/failtest.c> +#include <stdlib.h> +#include <setjmp.h> +#include <stdio.h> +#include <stdarg.h> +#include <assert.h> +#include <ccan/tap/tap.h> + +#define SIZE 8 + +/* We don't want to fork and fail; we're just testing lock recording. */ +static enum failtest_result dont_fail(struct tlist_calls *history) +{ + return FAIL_DONT_FAIL; +} + +static bool place_lock(int fd, char lockarr[], unsigned pos, unsigned size, + int type) +{ + struct flock fl; + + /* Update record keeping. */ + if (type == F_RDLCK) + memset(lockarr+pos, 1, size); + else if (type == F_WRLCK) + memset(lockarr+pos, 2, size); + else + memset(lockarr+pos, 0, size); + + fl.l_whence = SEEK_SET; + fl.l_type = type; + fl.l_start = pos; + fl.l_len = size; + return failtest_fcntl(fd, "run-locking.c", 1, F_SETLK, &fl) == 0; +} + +static char lock_lookup(int fd, unsigned pos) +{ + char ret = 0; + unsigned int i; + struct lock_info *l; + + for (i = 0; i < lock_num; i++) { + l = &locks[i]; + + if (l->fd != fd) + continue; + + if (pos >= l->start && pos <= l->end) { + if (ret) + ret = 3; + else if (l->type == F_RDLCK) + ret = 1; + else + ret = 2; + } + } + return ret; +} + +static bool test(int fd, + unsigned p1, unsigned s1, + unsigned p2, unsigned s2, + unsigned p3, unsigned s3) +{ + unsigned int i; + char lockarr[SIZE]; + + memset(lockarr, 0, sizeof(lockarr)); + + if (!place_lock(fd, lockarr, p1, s1, F_WRLCK)) + return false; + + if (!place_lock(fd, lockarr, p2, s2, F_RDLCK)) + return false; + + if (!place_lock(fd, lockarr, p3, s3, F_UNLCK)) + return false; + + for (i = 0; i < SIZE; i++) { + if (lock_lookup(fd, i) != lockarr[i]) + return false; + } + + /* Reset lock info. */ + lock_num = 0; + return true; +} + +int main(void) +{ + int fd; + long flags; + unsigned int isize; + + plan_tests(5835); + failtest_init(0, NULL); + failtest_hook = dont_fail; + + fd = open("run-locking-scratch", O_RDWR|O_CREAT, 0600); + /* GETFL and SETFL wrappers should pass through. */ + flags = fcntl(fd, F_GETFL); + ok1(failtest_fcntl(fd, "run-locking.c", 1, F_GETFL) == flags); + flags |= O_NONBLOCK; + ok1(failtest_fcntl(fd, "run-locking.c", 1, F_SETFL, flags) == 0); + ok1(failtest_fcntl(fd, "run-locking.c", 1, F_GETFL) == flags); + + for (isize = 1; isize < 4; isize++) { + unsigned int ipos; + for (ipos = 0; ipos + isize < SIZE; ipos++) { + unsigned int jsize; + for (jsize = 1; jsize < 4; jsize++) { + unsigned int jpos; + for (jpos = 0; jpos + jsize < SIZE; jpos++) { + unsigned int ksize; + for (ksize = 1; ksize < 4; ksize++) { + unsigned int kpos; + for (kpos = 0; + kpos + ksize < SIZE; + kpos++) { + ok1(test(fd, + ipos, isize, + jpos, jsize, + kpos, ksize)); + } + } + } + } + } + } + + return exit_status(); +} diff --git a/lib/ccan/failtest/test/run-malloc.c b/lib/ccan/failtest/test/run-malloc.c new file mode 100644 index 0000000000..96641b8525 --- /dev/null +++ b/lib/ccan/failtest/test/run-malloc.c @@ -0,0 +1,116 @@ +#include "config.h" +#include <stdlib.h> +#include <setjmp.h> +#include <stdio.h> +#include <stdarg.h> +#include <assert.h> +#include <ccan/tap/tap.h> + +/* We don't actually want it to exit... */ +static jmp_buf exited; +#define exit(status) longjmp(exited, (status) + 1) + +#define printf saved_printf +static int saved_printf(const char *fmt, ...); + +#define fprintf saved_fprintf +static int saved_fprintf(FILE *ignored, const char *fmt, ...); + +#define vfprintf saved_vfprintf +static int saved_vfprintf(FILE *ignored, const char *fmt, va_list ap); + +/* Hack to avoid a memory leak which valgrind complains about. */ +#define realloc set_realloc +static void *set_realloc(void *ptr, size_t size); + +#define free set_free +static void set_free(void *ptr); + +/* Include the C files directly. */ +#include <ccan/failtest/failtest.c> + +#undef realloc +#undef free + +static char *buffer; +static void *set_realloc(void *ptr, size_t size) +{ + return buffer = realloc(ptr, size); +} + +static void set_free(void *ptr) +{ + if (ptr == buffer) + buffer = NULL; + free(ptr); +} + +static char *output = NULL; + +static int saved_vprintf(const char *fmt, va_list ap) +{ + int ret; + int len = 0; + va_list ap2; + + va_copy(ap2, ap); + ret = vsnprintf(NULL, 0, fmt, ap2); + va_end(ap2); + + if (output) + len = strlen(output); + + output = realloc(output, len + ret + 1); + return vsprintf(output + len, fmt, ap); +} + +static int saved_vfprintf(FILE *ignored, const char *fmt, va_list ap) +{ + return saved_vprintf(fmt, ap); +} + +static int saved_printf(const char *fmt, ...) +{ + va_list ap; + int ret; + + va_start(ap, fmt); + ret = saved_vprintf(fmt, ap); + va_end(ap); + return ret; +} + +static int saved_fprintf(FILE *ignored, const char *fmt, ...) +{ + va_list ap; + int ret; + + va_start(ap, fmt); + ret = saved_vprintf(fmt, ap); + va_end(ap); + return ret; +} + +int main(void) +{ + int status; + + plan_tests(3); + failtest_init(0, NULL); + + status = setjmp(exited); + if (status == 0) { + char *p = failtest_malloc(1, "run-malloc.c", 1); + /* If we just segv, valgrind counts that as a failure. + * So kill ourselves creatively. */ + if (!p) + kill(getpid(), SIGSEGV); + fail("Expected child to crash!"); + } else { + ok1(status == 2); + ok1(strstr(output, "Killed by signal")); + ok1(strstr(output, "--failpath=M\n")); + } + free(buffer); + return exit_status(); +} diff --git a/lib/ccan/failtest/test/run-open.c b/lib/ccan/failtest/test/run-open.c new file mode 100644 index 0000000000..0166506480 --- /dev/null +++ b/lib/ccan/failtest/test/run-open.c @@ -0,0 +1,72 @@ +/* Include the C files directly. */ +#include <ccan/failtest/failtest.c> +#include <stdlib.h> +#include <setjmp.h> +#include <stdio.h> +#include <stdarg.h> +#include <assert.h> +#include <ccan/tap/tap.h> + +int main(void) +{ + int fd, pfd[2], err; + char buf[] = "Hello world!"; + struct stat st; + + plan_tests(12); + failtest_init(0, NULL); + + if (pipe(pfd)) + abort(); + fd = failtest_open("run-open-scratchpad", "run-open.c", 1, + O_RDWR|O_CREAT, 0600); + if (fd == -1) { + /* We are the child: write error code for parent to check. */ + err = errno; + if (write(pfd[1], &err, sizeof(err)) != sizeof(err)) + abort(); + failtest_exit(0); + } + /* Check it is read-write. */ + ok1(write(fd, buf, strlen(buf)) == strlen(buf)); + lseek(fd, SEEK_SET, 0); + ok1(read(fd, buf, strlen("Hello world!")) == strlen("Hello world!")); + ok1(strcmp(buf, "Hello world!") == 0); + + /* Check name and perms. */ + ok1(stat("run-open-scratchpad", &st) == 0); + ok1(st.st_size == strlen(buf)); + ok1(S_ISREG(st.st_mode)); + ok1((st.st_mode & 0777) == 0600); + + /* Check child got correct errno. */ + ok1(read(pfd[0], &err, sizeof(err)) == sizeof(err)); + ok1(err == EACCES); + + /* Clean up. */ + failtest_close(fd, "run-open.c", 1); + close(pfd[0]); + close(pfd[1]); + + /* Two-arg open. */ + if (pipe(pfd) != 0) + abort(); + fd = failtest_open("run-open-scratchpad", "run-open.c", 1, O_RDONLY); + if (fd == -1) { + /* We are the child: write error code for parent to check. */ + err = errno; + if (write(pfd[1], &err, sizeof(err)) != sizeof(err)) + abort(); + failtest_exit(0); + } + /* Check it is read-only. */ + ok1(write(fd, buf, strlen(buf)) == -1); + ok1(read(fd, buf, strlen("Hello world!")) == strlen("Hello world!")); + ok1(strcmp(buf, "Hello world!") == 0); + /* Clean up. */ + failtest_close(fd, "run-open.c", 1); + close(pfd[0]); + close(pfd[1]); + + return exit_status(); +} diff --git a/lib/ccan/failtest/test/run-write.c b/lib/ccan/failtest/test/run-write.c new file mode 100644 index 0000000000..6a712fec53 --- /dev/null +++ b/lib/ccan/failtest/test/run-write.c @@ -0,0 +1,51 @@ +/* Include the C files directly. */ +#include <ccan/failtest/failtest.c> +#include <stdlib.h> +#include <setjmp.h> +#include <stdio.h> +#include <stdarg.h> +#include <assert.h> +#include <ccan/tap/tap.h> + +int main(int argc, char *argv[]) +{ + int fd; + char *p; + char buf[] = "Hello world!"; + + plan_tests(5); + failtest_init(argc, argv); + + fd = failtest_open("run-write-scratchpad", __FILE__, __LINE__, + O_RDWR|O_CREAT, 0600); + /* Child will fail, ignore. */ + if (fd < 0) + failtest_exit(0); + if (write(fd, buf, strlen(buf)) != strlen(buf)) + abort(); + ok1(lseek(fd, 0, SEEK_CUR) == strlen(buf)); + + p = failtest_malloc(100, __FILE__, __LINE__); + if (!p) { + /* We are the child. Do a heap of writes. */ + unsigned int i; + + for (i = 0; i < strlen(buf)+1; i++) + if (failtest_write(fd, "x", 1, __FILE__, __LINE__) + == 1) + break; + failtest_close(fd, __FILE__, __LINE__); + failtest_exit(0); + } + + /* Seek pointer should be left alone! */ + ok1(lseek(fd, 0, SEEK_CUR) == strlen(buf)); + /* Length should be restored. */ + ok1(lseek(fd, 0, SEEK_END) == strlen(buf)); + lseek(fd, 0, SEEK_SET); + ok1(read(fd, buf, strlen(buf)) == strlen("Hello world!")); + ok1(strcmp(buf, "Hello world!") == 0); + failtest_close(fd, __FILE__, __LINE__); + + return exit_status(); +} |