failtest: new module.

A module designed to help test "never fails" functions like malloc.

ccan/failtest/LICENSE

+../../licenses/LGPL-3
\ No newline at end of file

ccan/failtest/_info

+#include <stdio.h>
+#include <string.h>
+#include "config.h"
+
+/**
+ * failtest - unit test helpers for testing malloc and other failures.
+ *
+ * The failtest module overrides various standard functions, and forks
+ * your unit test at those points to test failure paths.  The failing
+ * child are expected to fail (eg. when malloc fails), but should not
+ * leak memory or crash.
+ *
+ * The unit test is a normal CCAN tap-style test, except it should
+ * start by calling failtest_init() and end by calling
+ * failtest_exit().  
+ *
+ * You can control what functions fail: see failtest_hook.
+ *
+ * Example:
+ *	#include <stdio.h>
+ *	#include <stdlib.h>
+ *	#include <string.h>
+ *	#include <ccan/tap/tap.h>
+ *	#include <ccan/failtest/failtest_override.h>
+ *	#include <ccan/failtest/failtest.h>
+ *
+ *	int main(int argc, char *argv[])
+ *	{
+ *		void *a, *b;
+ *
+ *		failtest_init(argc, argv);
+ *		plan_tests(3);
+ *
+ *		// Simple malloc test.
+ *		a = malloc(100);
+ *		if (ok1(a)) {
+ *			// Fill the memory.
+ *			memset(a, 'x', 100);
+ *			b = realloc(a, 200);
+ *			if (ok1(b)) {
+ *				// Fill the rest of the memory.
+ *				memset(b + 100, 'y', 100);
+ *				// Check it got a copy of a as expected.
+ *				ok1(strspn(b, "x") == 100);
+ *				free(b);
+ *			} else {
+ *				// Easy to miss: free a on realloc failure!
+ *				free(a);
+ *			}
+ *		}
+ *		failtest_exit(exit_status());
+ *	}
+ *
+ * License: LGPL
+ * Author: Rusty Russell <rusty@rustcorp.com.au>
+ */
+int main(int argc, char *argv[])
+{
+	if (argc != 2)
+		return 1;
+
+	if (strcmp(argv[1], "depends") == 0) {
+		printf("ccan/compiler\n");
+		printf("ccan/read_write_all\n");
+		return 0;
+	}
+
+	return 1;
+}

ccan/failtest/failtest.h

+#ifndef CCAN_FAILTEST_H
+#define CCAN_FAILTEST_H
+#include <sys/types.h>
+#include <stdbool.h>
+#include <ccan/compiler/compiler.h>
+
+/**
+ * failtest_init - initialize the failtest module
+ * @argc: the number of commandline arguments
+ * @argv: the commandline argument array
+ *
+ * This initializes the module, and in particular if argv[1] is "--failpath="
+ * then it ensures that failures follow that pattern.  This allows easy
+ * debugging of complex failure paths.
+ */
+void failtest_init(int argc, char *argv[]);
+
+/**
+ * failtest_exit - clean up and exit the test
+ * @status: the status (usually exit_status() from ccan/tap).
+ *
+ * This cleans up and changes to files made in this child, and exits the test.
+ * It also calls your failtest_default_hook, if any.
+ *
+ * A child which does not exit via failtest_exit() will cause the overall test
+ * to fail.
+ */
+void NORETURN failtest_exit(int status);
+
+/**
+ * enum failtest_call_type - discriminator for failtest_call.u
+ */
+enum failtest_call_type {
+	FAILTEST_MALLOC,
+	FAILTEST_CALLOC,
+	FAILTEST_REALLOC,
+	FAILTEST_OPEN,
+	FAILTEST_PIPE,
+	FAILTEST_READ,
+	FAILTEST_WRITE,
+};
+
+struct calloc_call {
+	void *ret;
+	size_t nmemb;
+	size_t size;
+};
+
+struct malloc_call {
+	void *ret;
+	size_t size;
+};
+
+struct realloc_call {
+	void *ret;
+	void *ptr;
+	size_t size;
+};
+
+struct open_call {
+	int ret;
+	const char *pathname;
+	int flags;
+	mode_t mode;
+};
+
+struct pipe_call {
+	int ret;
+	int fds[2];
+};
+
+struct read_call {
+	ssize_t ret;
+	int fd;
+	void *buf;
+	size_t count;
+};
+
+struct write_call {
+	ssize_t ret;
+	int fd;
+	const void *buf;
+	size_t count;
+};
+
+/**
+ * struct failtest_call - description of a call redirected to failtest module
+ * @type: the call type
+ * @file: the filename of the caller
+ * @line: the line number of the caller
+ * @fail: did this call fail
+ * @error: the errno (if any)
+ * @u: the union of call data
+ *
+ * This structure is used to represent the ordered history of calls.
+ *
+ * See Also:
+ *	failtest_hook, failtest_exit_check
+ */
+struct failtest_call {
+	enum failtest_call_type type;
+	/* Where we were called from. */
+	const char *file;
+	unsigned int line;
+	/* Did we fail? */
+	bool fail;
+	/* What we set errno to. */
+	int error;
+	/* The actual call data. */
+	union {
+		struct calloc_call calloc;
+		struct malloc_call malloc;
+		struct realloc_call realloc;
+		struct open_call open;
+		struct pipe_call pipe;
+		struct read_call read;
+		struct write_call write;
+	} u;
+};
+
+/**
+ * failtest_hook - whether a certain call should fail or not.
+ * @history: the ordered history of all failtest calls.
+ * @num: the number of elements in @history (greater than 0)
+ *
+ * The default value of this hook is failtest_default_hook(), which returns
+ * true (ie. yes, fail the call).
+ *
+ * You can override it, and avoid failing certain calls.  The parameters
+ * of the call (but not the return value(s)) will be filled in for the last
+ * call.
+ *
+ * Example:
+ *	static bool dont_fail_allocations(struct failtest_call *history,
+ *					  unsigned num)
+ *	{
+ *		return history[num-1].type != FAILTEST_MALLOC
+ *			&& history[num-1].type != FAILTEST_CALLOC
+ *			&& history[num-1].type != FAILTEST_REALLOC;
+ *	}
+ *	...
+ *		failtest_hook = dont_fail_allocations;
+ */
+extern bool (*failtest_hook)(struct failtest_call *history, unsigned num);
+
+/**
+ * failtest_exit_check - hook for additional checks on a failed child.
+ * @history: the ordered history of all failtest calls.
+ * @num: the number of elements in @history (greater than 0)
+ *
+ * Your program might have additional checks to do on failure, such as
+ * check that a file is not corrupted, or than an error message has been
+ * logged.
+ *
+ * If this returns false, the path to this failure will be printed and the
+ * overall test will fail.
+ */
+extern bool (*failtest_exit_check)(struct failtest_call *history,
+				   unsigned num);
+
+/* This usually fails the call. */
+bool failtest_default_hook(struct failtest_call *history, unsigned num);
+
+/**
+ * failtest_timeout_ms - how long to wait before killing child.
+ *
+ * Default is 20,000 (20 seconds).
+ */
+extern unsigned int failtest_timeout_ms;
+#endif /* CCAN_FAILTEST_H */

ccan/failtest/failtest_override.h

+#ifndef CCAN_FAILTEST_OVERRIDE_H
+#define CCAN_FAILTEST_OVERRIDE_H
+/* This file is included before the source file to test. */
+
+/* Replacement of allocators. */
+#include <stdlib.h>
+
+#undef calloc
+#define calloc(nmemb, size)	\
+	failtest_calloc((nmemb), (size), __FILE__, __LINE__)
+
+#undef malloc
+#define malloc(size)	\
+	failtest_malloc((size), __FILE__, __LINE__)
+
+#undef realloc
+#define realloc(ptr, size)					\
+	failtest_realloc((ptr), (size), __FILE__, __LINE__)
+
+/* Replacement of I/O. */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#undef open
+#define open(pathname, flags, ...) \
+	failtest_open((pathname), (flags), __FILE__, __LINE__, __VA_ARGS__)
+
+#undef pipe
+#define pipe(pipefd) \
+	failtest_pipe((pipefd), __FILE__, __LINE__)
+
+#undef read
+#define read(fd, buf, count) \
+	failtest_read((fd), (buf), (count), __FILE__, __LINE__)
+
+#undef write
+#define write(fd, buf, count) \
+	failtest_write((fd), (buf), (count), __FILE__, __LINE__)
+
+#undef close
+#define close(fd) failtest_close(fd)
+
+#include <ccan/failtest/failtest_proto.h>
+
+#endif /* CCAN_FAILTEST_OVERRIDE_H */

ccan/failtest/failtest_proto.h

+#ifndef CCAN_FAILTEST_PROTO_H
+#define CCAN_FAILTEST_PROTO_H
+#include <stdlib.h>
+
+/* Potentially-failing versions of routines; #defined in failtest.h */
+void *failtest_calloc(size_t nmemb, size_t size,
+		      const char *file, unsigned line);
+void *failtest_malloc(size_t size, const char *file, unsigned line);
+void *failtest_realloc(void *ptr, size_t size,
+		       const char *file, unsigned line);
+int failtest_open(const char *pathname, int flags,
+		  const char *file, unsigned line, ...);
+int failtest_pipe(int pipefd[2], const char *file, unsigned line);
+ssize_t failtest_read(int fd, void *buf, size_t count,
+		      const char *file, unsigned line);
+ssize_t failtest_write(int fd, const void *buf, size_t count,
+		       const char *file, unsigned line);
+int failtest_close(int fd);
+
+#endif /* CCAN_FAILTEST_PROTO_H */

ccan/failtest/test/run-failpath.c

+#include <stdlib.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ccan/tap/tap.h>
+#include <ccan/failtest/failtest.c>
+
+int main(void)
+{
+	int fds[2], fd;
+	void *p;
+
+	plan_tests(14);
+
+	failpath = "mceopwrMCEOPWR";
+
+	ok1((p = failtest_malloc(10, "run-failpath.c", 1)) != NULL);
+	ok1(failtest_calloc(10, 5, "run-failpath.c", 1) != NULL);
+	ok1((p = failtest_realloc(p, 100, "run-failpath.c", 1)) != NULL);
+	ok1((fd = failtest_open("failpath-scratch", O_RDWR|O_CREAT,
+				"run-failpath.c", 1, 0600)) >= 0);
+	ok1(failtest_pipe(fds, "run-failpath.c", 1) == 0);
+	ok1(failtest_write(fd, "xxxx", 4, "run-failpath.c", 1) == 4);
+	lseek(fd, 0, SEEK_SET);
+	ok1(failtest_read(fd, p, 5, "run-failpath.c", 1) == 4);
+
+	/* Now we're into the failures. */
+	ok1(failtest_malloc(10, "run-failpath.c", 1) == NULL);
+	ok1(failtest_calloc(10, 5, "run-failpath.c", 1) == NULL);
+	ok1(failtest_realloc(p, 100, "run-failpath.c", 1) == NULL);
+	ok1(failtest_open("failpath-scratch", O_RDWR|O_CREAT,
+			  "run-failpath.c", 1, 0600) == -1);
+	ok1(failtest_pipe(fds, "run-failpath.c", 1) == -1);
+	ok1(failtest_write(fd, "xxxx", 4, "run-failpath.c", 1) == -1);
+	lseek(fd, 0, SEEK_SET);
+	ok1(failtest_read(fd, p, 5, "run-failpath.c", 1) == -1);
+	return exit_status();
+}

ccan/failtest/test/run-history.c

+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ccan/tap/tap.h>
+
+#define printf saved_printf
+static int saved_printf(const char *fmt, ...);
+
+#define fprintf saved_fprintf
+static int saved_fprintf(FILE *ignored, const char *fmt, ...);
+
+/* Include the C files directly. */
+#include <ccan/failtest/failtest.c>
+
+static char *output = NULL;
+
+static int saved_vprintf(const char *fmt, va_list ap)
+{
+	int ret = vsnprintf(NULL, 0, fmt, ap);
+	int len = 0;
+
+	if (output)
+		len = strlen(output);
+
+	output = realloc(output, len + ret + 1);
+	return vsprintf(output + len, fmt, ap);
+}
+
+static int saved_printf(const char *fmt, ...)
+{
+	va_list ap;
+	int ret;
+
+	va_start(ap, fmt);
+	ret = saved_vprintf(fmt, ap);
+	va_end(ap);
+	return ret;
+}	
+
+static int saved_fprintf(FILE *ignored, const char *fmt, ...)
+{
+	va_list ap;
+	int ret;
+
+	va_start(ap, fmt);
+	ret = saved_vprintf(fmt, ap);
+	va_end(ap);
+	return ret;
+}	
+
+int main(void)
+{
+	struct failtest_call *call;
+	struct calloc_call calloc_call;
+	struct malloc_call malloc_call;
+	struct realloc_call realloc_call;
+	struct open_call open_call;
+	struct pipe_call pipe_call;
+	struct read_call read_call;
+	struct write_call write_call;
+	char buf[20];
+	unsigned int i;
+
+	/* This is how many tests you plan to run */
+	plan_tests(47);
+
+	calloc_call.ret = calloc(1, 2);
+	calloc_call.nmemb = 1;
+	calloc_call.size = 2;
+	call = add_history(FAILTEST_CALLOC, "run-history.c", 1, &calloc_call);
+	ok1(call->type == FAILTEST_CALLOC);
+	ok1(strcmp(call->file, "run-history.c") == 0);
+	ok1(call->line == 1);
+	ok1(call->u.calloc.ret == calloc_call.ret);
+	ok1(call->u.calloc.nmemb == calloc_call.nmemb);
+	ok1(call->u.calloc.size == calloc_call.size);
+
+	malloc_call.ret = malloc(2);
+	malloc_call.size = 2;
+	call = add_history(FAILTEST_MALLOC, "run-history.c", 2, &malloc_call);
+	ok1(call->type == FAILTEST_MALLOC);
+	ok1(strcmp(call->file, "run-history.c") == 0);
+	ok1(call->line == 2);
+	ok1(call->u.malloc.ret == malloc_call.ret);
+	ok1(call->u.malloc.size == malloc_call.size);
+
+	realloc_call.ret = realloc(malloc_call.ret, 3);
+	realloc_call.ptr = malloc_call.ret;
+	realloc_call.size = 3;
+	call = add_history(FAILTEST_REALLOC, "run-history.c",
+			   3, &realloc_call);
+	ok1(call->type == FAILTEST_REALLOC);
+	ok1(strcmp(call->file, "run-history.c") == 0);
+	ok1(call->line == 3);
+	ok1(call->u.realloc.ret == realloc_call.ret);
+	ok1(call->u.realloc.ptr == realloc_call.ptr);
+	ok1(call->u.realloc.size == realloc_call.size);
+
+	open_call.ret = open("test/run_history.c", O_RDONLY);
+	open_call.pathname = "test/run_history.c";
+	open_call.flags = O_RDONLY;
+	open_call.mode = 0;
+	call = add_history(FAILTEST_OPEN, "run-history.c", 4, &open_call);
+	ok1(call->type == FAILTEST_OPEN);
+	ok1(strcmp(call->file, "run-history.c") == 0);
+	ok1(call->line == 4);
+	ok1(call->u.open.ret == open_call.ret);
+	ok1(strcmp(call->u.open.pathname, open_call.pathname) == 0);
+	ok1(call->u.open.flags == open_call.flags);
+	ok1(call->u.open.mode == open_call.mode);
+
+	pipe_call.ret = pipe(pipe_call.fds);
+	call = add_history(FAILTEST_PIPE, "run-history.c", 5, &pipe_call);
+	ok1(call->type == FAILTEST_PIPE);
+	ok1(strcmp(call->file, "run-history.c") == 0);
+	ok1(call->line == 5);
+	ok1(call->u.pipe.ret == pipe_call.ret);
+	ok1(call->u.pipe.fds[0] == pipe_call.fds[0]);
+	ok1(call->u.pipe.fds[1] == pipe_call.fds[1]);
+
+	read_call.ret = read(open_call.ret, buf, 20);
+	read_call.buf = buf;
+	read_call.fd = open_call.ret;
+	read_call.count = 20;
+	call = add_history(FAILTEST_READ, "run-history.c", 6, &read_call);
+	ok1(call->type == FAILTEST_READ);
+	ok1(strcmp(call->file, "run-history.c") == 0);
+	ok1(call->line == 6);
+	ok1(call->u.read.ret == read_call.ret);
+	ok1(call->u.read.buf == read_call.buf);
+	ok1(call->u.read.fd == read_call.fd);
+	ok1(call->u.read.count == read_call.count);
+
+	write_call.ret = 20;
+	write_call.buf = buf;
+	write_call.fd = open_call.ret;
+	write_call.count = 20;
+	call = add_history(FAILTEST_WRITE, "run-history.c", 7, &write_call);
+	ok1(call->type == FAILTEST_WRITE);
+	ok1(strcmp(call->file, "run-history.c") == 0);
+	ok1(call->line == 7);
+	ok1(call->u.write.ret == write_call.ret);
+	ok1(call->u.write.buf == write_call.buf);
+	ok1(call->u.write.fd == write_call.fd);
+	ok1(call->u.write.count == write_call.count);
+
+	ok1(history_num == 7);
+
+	for (i = 0; i < history_num; i++)
+		history[i].fail = false;
+
+	print_reproduce();
+	ok1(strcmp(output, "To reproduce: --failpath=cmeoprw\n") == 0);
+	free(output);
+	output = NULL;
+
+	for (i = 0; i < history_num; i++)
+		history[i].fail = true;
+
+	print_reproduce();
+	ok1(strcmp(output, "To reproduce: --failpath=CMEOPRW\n") == 0);
+	free(output);
+	output = NULL;
+
+	return exit_status();
+}

ccan/failtest/test/run-malloc.c

+#include <stdlib.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <ccan/tap/tap.h>
+
+/* We don't actually want it to exit... */
+static jmp_buf exited;
+#define exit(status) longjmp(exited, (status) + 1)
+
+#define printf saved_printf
+static int saved_printf(const char *fmt, ...);
+
+#define fprintf saved_fprintf
+static int saved_fprintf(FILE *ignored, const char *fmt, ...);
+
+#define vfprintf saved_vfprintf
+static int saved_vfprintf(FILE *ignored, const char *fmt, va_list ap);
+
+/* Hack to avoid a memory leak which valgrind complains about. */
+#define realloc set_realloc
+static void *set_realloc(void *ptr, size_t size);
+
+#define free set_free
+static void set_free(void *ptr);
+
+/* Include the C files directly. */
+#include <ccan/failtest/failtest.c>
+
+#undef realloc
+#undef free
+
+static char *buffer;
+static void *set_realloc(void *ptr, size_t size)
+{
+	return buffer = realloc(ptr, size);
+}
+
+static void set_free(void *ptr)
+{
+	if (ptr == buffer)
+		buffer = NULL;
+	free(ptr);
+}
+
+static char *output = NULL;
+
+static int saved_vprintf(const char *fmt, va_list ap)
+{
+	int ret = vsnprintf(NULL, 0, fmt, ap);
+	int len = 0;
+
+	if (output)
+		len = strlen(output);
+
+	output = realloc(output, len + ret + 1);
+	return vsprintf(output + len, fmt, ap);
+}
+
+static int saved_vfprintf(FILE *ignored, const char *fmt, va_list ap)
+{
+	return saved_vprintf(fmt, ap);
+}
+
+static int saved_printf(const char *fmt, ...)
+{
+	va_list ap;
+	int ret;
+
+	va_start(ap, fmt);
+	ret = saved_vprintf(fmt, ap);
+	va_end(ap);
+	return ret;
+}	
+
+static int saved_fprintf(FILE *ignored, const char *fmt, ...)
+{
+	va_list ap;
+	int ret;
+
+	va_start(ap, fmt);
+	ret = saved_vprintf(fmt, ap);
+	va_end(ap);
+	return ret;
+}	
+
+int main(void)
+{
+	int status;
+
+	plan_tests(3);
+
+	status = setjmp(exited);
+	if (status == 0) {
+		char *p = failtest_malloc(1, "run-malloc.c", 1);
+		/* If we just segv, valgrind counts that as a failure.
+		 * So kill ourselves creatively. */
+		if (!p)
+			kill(getpid(), SIGSEGV);
+		fail("Expected child to crash!");
+	} else {
+		ok1(status == 2);
+		ok1(strstr(output, "Killed by signal"));
+		ok1(strstr(output, "--failpath=M\n"));
+	}
+	free(buffer);
+	return exit_status();
+}

ccan/failtest/test/run-write.c

+#include <stdlib.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <ccan/tap/tap.h>
+/* Include the C files directly. */
+#include <ccan/failtest/failtest.c>
+
+int main(void)
+{
+	int fd;
+	char *p;
+	char buf[] = "Hello world!";
+
+	plan_tests(5);
+
+	fd = open("run-write-scratchpad", O_RDWR|O_CREAT, 0600);
+	write(fd, buf, strlen(buf));
+	ok1(lseek(fd, 0, SEEK_CUR) == strlen(buf));
+
+	p = failtest_malloc(100, "run-write.c", 1);
+	if (!p) {
+		/* We are the child.  Do a heap of writes. */
+		unsigned int i;
+
+		for (i = 0; i < strlen(buf)+1; i++)
+			if (failtest_write(fd, "x", 1, "run-write.c", 1) == 1)
+				break;
+		failtest_exit(0);
+	}
+
+	/* Seek pointer should be left alone! */
+	ok1(lseek(fd, 0, SEEK_CUR) == strlen(buf));
+	/* Length should be restored. */
+	ok1(lseek(fd, 0, SEEK_END) == strlen(buf));
+	lseek(fd, 0, SEEK_SET);
+	ok1(read(fd, buf, strlen(buf)) == strlen("Hello world!"));
+	ok1(strcmp(buf, "Hello world!") == 0);
+
+	return exit_status();
+}