From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) by sourceware.org (Postfix) with ESMTPS id F30C83857C5F for ; Wed, 24 Mar 2021 12:31:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org F30C83857C5F Received: by mail-qk1-x730.google.com with SMTP id c3so17750862qkc.5 for ; Wed, 24 Mar 2021 05:31:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=NYqg1lKrVAj6HdP8wjngsFbUjjZ6wEuhL3d9locrTL8=; b=VNdIA3C99GS8hwLAprow2dtazIC5TVViyfFG1EpOdTJXuMyUAoIWfzp9UCfvvmvAzk ek8QYRTLDHm0wyMBsMB+IMxa8P/VDwa6s1+6iK8HHU+9KTMkyd8RYpjgD5dkBGwlA1uz 9wIiND+Jy09hRt6+HOt5ZqEHprs5cbiFamrpdbW1Hp3UDoXkkKGEZYNFHc8rJNkUoWAN THBxUUiO2rEmwyQoC6N5EtOWLbgpkWmK+pNiyk4PyD15qKhyTZNkvEHxgMR9wPh9cWMX QGbKkZTlSNB5MhbKBs2eAGTe77qggheoYivr5elP1wYEFqEh2xiJe8xYqKGl3DH+aNf/ g7Ug== X-Gm-Message-State: AOAM531rbOMfY15+wKVakSJ92Jf+gXowvHP2eTAQ93mRERCgh74CtkEc XMs9l166UYwqJddr7cHAIIIGCwOAlZQhgQ== X-Google-Smtp-Source: ABdhPJy5E2vumZhq8Gq1ySwcmQ7I+/nWrTTN92FrOA0/If/Il+KjsZ1U2K9Efn3Zp6S6jfM6mmwObw== X-Received: by 2002:a37:a2c8:: with SMTP id l191mr2755330qke.413.1616589099056; Wed, 24 Mar 2021 05:31:39 -0700 (PDT) Received: from [192.168.1.132] ([177.194.41.149]) by smtp.gmail.com with ESMTPSA id a138sm1581964qkg.29.2021.03.24.05.31.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Mar 2021 05:31:38 -0700 (PDT) Subject: Re: Does glibc has complete test coverage? To: Peng Yu , Mike Frysinger Cc: libc-help References: From: Adhemerval Zanella Message-ID: <21036b70-f6f9-dffe-cc99-ad3eb0bf46f3@linaro.org> Date: Wed, 24 Mar 2021 09:31:36 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-help@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-help mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2021 12:31:41 -0000 On 24/03/2021 00:13, Peng Yu via Libc-help wrote: > On Tue, Mar 23, 2021 at 8:13 PM Mike Frysinger wrote: > >> On 23 Mar 2021 17:02, Jeffrey Walton wrote: >>> On Tue, Mar 23, 2021 at 4:43 PM Mike Frysinger wrote: >>>> On 23 Mar 2021 11:39, Peng Yu via Libc-help wrote: >>>>> https://www.kernel.org/doc/man-pages/missing_pages.html >>>>> >>>>> "... quite a few kernel and glibc bugs have been uncovered while >>>>> writing test programs during the preparation of man pages. " >>>>> >>>>> I see the above text. It doesn't make too much sense, as it indicates >>>>> that glibc does not have complete test coverage. >>>>> >>>>> Why not taking an approach of always accompanying each line of source >>>>> code with appopriate test cases? If this approach is taken, then most >>>>> bugs should have been eliminated beforehand? >>>> >>>> ignoring the legacy aspect (code that's in the tree now but lacks >> tests), >>>> you have diminishing returns when it comes to writing unittests, and, >> as >>>> can be seen in a recent discussion, glibc is pretty tightly coupled to >>>> the runtime environment (i.e. the host kernel). so getting an env that >>>> matches all the different code paths is challenging. >>>> >>>> plus it comes down a bit to this being an open source project for many >>>> of us, not a job, and you have to be respectful of balancing quality >>>> and developer time with any requests you make on other volunteers. >>>> >>>> along those lines, this is an open source project where "patches are >>>> welcome", so if you wanted to spend your time improving the frameworks >>>> and coverage of our tests, we'd welcome you. >>> >>> Interns are usually a good choice for writing test cases. It gets them >>> familiar with the code, frees up a senior developer's time, and helps >>> avoid the developer's bias. >>> >>> Test cases are monkey work that should be delegated. When delegation >>> does not occur it usually points back to shortcomings in project >>> management. >> >> many are good for delegation, but that doesn't mean quantity is the same as >> quality. if we could get 100% coverage but it took weeks to run, but 90% >> coverage took <1 hour, is that 10% worth it ? this isn't exactly hyperbole >> when we have targets that run on simulators or FPGAs and have <<1GHz CPUs. >> >> for example, how much of LTP should be part of glibc ? they have over 1000 >> "syscall" tests which mostly go through the C library's APIs and can catch >> bugs, but they also take a long time to run. >> >> how much should glibc be exercising different kernel versions ? a lot of >> our work & APIs depend heavily on the kernel working correctly. should >> we be running against every Linux release since 3.2 ? do we test the many >> different ways kernels can be compiled ? do we workaround kernel bugs ? >> https://sourceware.org/pipermail/libc-alpha/2021-March/123486.html >> https://sourceware.org/pipermail/libc-alpha/2021-March/123582.html >> >> glibc has a matrix of build tools that it can utilize and significantly >> affects its behavior & output. do we try every combo of GCC & binutils >> that we support ? >> >> glibc runs on like 20 diff architectures, and many of those have ISA >> specific optimizations (like x86_64 SSE/AVX/etc...). that's another >> huge multiplier. > > > You mentioned ”balance” in another email. But isn’t it a balance to not to > support so many architecture? It sounds like supporting so many > architectures can cause bugs. Alternatively, it is better to assume certain > things, that the underlying architecture must meet. If not, add glue in > between, which should be separate from glibc. In this way, it should be > much easier to isolate bugs out of glibc. The extra architectures does adds an extra burden, that's why I am pushing a lot of implementation consolidation to compartmentalize the architecture bits and minimize the duplicate code. The idea is architecture specific should be added only for optimizations (for instance string or memory optimizations), arch-specific glue (such as relocation handling) or arch specific features (such as Intel CET or ARM PAC/BTI). The refactor kind of work does not really yield immediate gains for the code base, so architecture maintainer does not focus on this changes. For instance, I send a long patchset [1] that aims to simplify the code base for syscall generation on multiple architecture that haven't seen any review so far. > > Also, the test cases should be white boxed instead of black boxed. If the > test cases can be made white boxed, it is much less likely to have bugs in > them than based black boxed strategies. > > The current test cases do not seem to be mostly white boxed? No one is really against make whitebox tests, the *main* problem for glibc project is *workforce*. We have a very limited number of developers working actively and a lot of features and long-standing fixes to work on. We have now a backlog of 564 patches that need review. But we did improve testing a *lot* over the years: the current policy is add tests for each new feature and bug fix; we added a internal library (libsupport) that aims to simplify test creation; we added a minimal container test infrastructure to test pieces that required root or change system status, and the most senior developers do actively constantly work on newer tests. The problem again is we need extra engagement to move this forward. So if you are willing to work on whitebox support for glibc I can help you devise a strategy the required internal bits. > > Also, using a white boxed approach, the original programmers should also > write the test cases. But the current way of waiting others to add test > cases making it hard to use the white boxed approach. The code complexities > can not be reduce in the black boxed approach. Therefore, I don’t think > just adding more patches is an efficient way to eliminate the bugs. That's not what is current practice for glibc development: each new feature or bugfix is required to add testcase. The problem is have a large code base where a lot of features were added without proper testcases. We are trying to improve on this front, but there is a lot of work do to. > > BTW, is there a way to know which part of the code is not covered? Also, > even a line is covered,how well is tested against corner cases? There is a lot of feature and code that is not covered from any testing, I just sent a patchset that add some tests for missing interfaces [2]. I guess there are a lot of corner cases not handled. [1] https://patchwork.sourceware.org/project/glibc/list/?series=1153 [2] https://patchwork.sourceware.org/project/glibc/list/?series=1893