Additional C test infrastructure

[paulidale]

• tests are added or updated

Very preliminary test infrastructure additions.

Rather than charging full steam ahead, I'd prefer some feedback to see if this is along desirable lines...

The intention is to provide a suite of functions along the lines of the existing strings_equal routine that test a condition and print a uniformly formatted message if it is false.

[paulidale]

@ekasper, is this along the lines of what you envisioned?

[paulidale]

Pretty much ignore the changes to ssl_test.c and ssl_test_ctx_test.c, these are fixing calls to strings_equal() so they compile.

The new functionality is in testutil.{c,h}.

I've updated my recent stack_test.c to use the new calls and to define a local suite of comparison functions.

[levitte]

Other than this, I like it so far.

[levitte]

Shouldn't this fprintf go away?

[paulidale]

Oops, I thought I'd replaced this already :( It will go away. @jon-oracle found it soon after I made the initial commit.

[levitte]

A small nit; considering all other comparisons have singular names so far, it seems odd to have plural "strings" here...

[paulidale]

Yeah, I'd picked up on this already. Should we use the singular or plural for the function names? They are an argument to the macros so either is possible.

The original function was strings_equal() but that seemed unnatural to me.

[levitte]

I prefer singular... not sure how to rationalise it, though. Maybe by saying that the name denotes the type, not the objects?

[paulidale]

Okay, I'll change them to singular tomorrow.
I prefer this too :)

[levitte]

... and here

[levitte]

I'd like to see a static variant of IMPLEMENT_COMPARISONS... it would be fitting here.

[ekasper]

Why do we need this here rather than just adding to the common header?

[paulidale]

I guess the question is do we want all of these test functions defined in testutil.c and used everywhere or do we want them in testutil.h so tests can create individual instances of them?

At the moment there is the flexibility to do either (although local versions aren't static). What is ideal here?

[ekasper]

I think all the basic types should go to testutil.h (as they did). Can you give an example where tests would then still need individual instances? Are you thinking typedef'ed types?

[ekasper]

Yes, that's exactly what I had in mind. Thanks so much for taking this on!

[ekasper]

Why do we need this here rather than just adding to the common header?

[ekasper]

maybe test_true and test_false?

On naming, how about calling them all with a TEST_ prefix to make it stand out that these are test macros:

TEST_int_eq
TEST_true
TEST_false
TEST_ptr_not_null

[ekasper]

And on pointers specifically, I'd probs call this TEST_ptr - less typing, and I think if (!TEST_ptr(p)) is easier to read than the double negative if (!TEST_ptr_not_null(p)).

We may also want an aborting flavour of this one. It's bad value for effort to write all the extra goto end boilerplate to exit cleanly on say malloc failures in tests (which just never happen). You don't have to do it in this PR, though.

[levitte]

@ekasper, how would you rename ptr_null?

[ekasper]

Does this need its own macro? You could simply use TEST_ptr_eq(p, NULL).

[levitte]

Ah, so you were thinking TEST_ptr in addition to TEST_ptr_eq and TEST_ptr_ne? That escaped me, and in that case I have no concerns in the matter...

[paulidale]

I've got some embryonic ideas as to how to do automated malloc testing -- i.e. run through all the calls to malloc and cause each to fail in turn. Having test cases that abort early due to this would be detrimental to the effort.

Are we agreed to prefix these functions with TEST_ and to shorten the ptr not null name?

[ekasper]

"... if the condition is true (i.e., the value is non-zero)".

Within OpenSSL, 0 sometimes means true :(

[ekasper]

The fail_message method signature is hard to comprehend. Can you give an example in the comments how it is supposed to be used, and what the resulting output looks like?

If this is not meant to be used by tests (but only by the other macros), then perhaps move into a separate header?

[paulidale]

I'm assuming that the output of fail_message is in a dreadful format and will be changed. I'll add better descriptions as to what its arguments are and do.

[ekasper]

Ideally I'd like to see __FILE__ and __LINE__ here. You'd need to move the implementation to a header, though.

With __FILE__ and __LINE__ we probably won't even need desc in most cases, so we could make custom descriptions optional (less typing):

ret = TEST_int_eq(a, b);

And optionally

ret = TEST_int_eq_msg(a[i], b[i], "%d th element mismatch", i);

[paulidale]

I don't see how adding FILE & LINE to the arguments is going to be possible. We'd want macros to do this which then call the underlying functions with the extra arguments. How do I generate the macros automatically? Generating the functions is easy enough and doing macros for predefined ones would be possible (by listing them out). How would I go with e.g. IMPLEMENT_COMPARISONS(struct fred *, fredptrs, "%p")
I'd need to generate fredpts_eq(...) and the wrapper macro TEST_fredpts_eq(...).

[paulidale]

Is there even an OpenSSL approved method of varadic macros?

[levitte]

Not as far as I know. That came with later C standards...

[paulidale]

It would be possible to have macro versions of these without the description or at least without the description with arguments. That might be sufficient. I'll mulled it over a bit....

[ekasper]

It'd be nice if you could spell out, at least once here, what the resulting method signatures are.

[ekasper]

Here's an idea for a future PR: collect all errors in a static variable and make each test automatically fail if one of the test assertions fails.

Not sure how ugly the implementation would be with the tooling we have (C90) but worth a thought.

[paulidale]

Collecting the errors wouldn't be too hard. A stack of strings, malloc buffers and sprintf into them.
Fail if the stack isn't empty.

[paulidale]

Currently not done: FILE & LINE support via macros.
Prefixing functions with TEST_. I used test_ instead.
I think I've addressed the other concerns.

[paulidale]

How's this? I've added TEST_ macros that use the description field to display the file and line number -- the user doesn't get to provide a description here but they can always fall back to the underlying function directly for this.

I've updated some of the tests in stack_test.c to use the macros.

[richsalz]

we have the tooling to do malloc failures; look at the code in crypto/mem.c

[richsalz]

No varadic macro support.

[paulidale]

I've seen the crypto mem code, it is sufficient. I'm still figuring out a good way to attack the problem so such testing can become integral to the test framework. There's little point doing ad-hoc tests, each implemented differently. It's a WIP but I'm reasonably confident it's workable. But that is for later.

[ekasper]

Cool!

[ekasper]

This looks good! However I'd still like to preserve file and line numbers for the custom error messages too. Now we can't do that in general (because no support for variadic macros in C90) but you could do something like this I think?

# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
# define TEST_error test_error_c90
#else
# define TEST_error(...) test_error(__FILE__, __LINE__, __VA_ARGS__)
#endif

where test_error_c90 takes a format string and args, and test_error additionally takes the file and line number.

Then hide the lowercase functions in a separate internal header (testutil_internal.h) so that tests don't use them directly. Code that previously called test_int_eq would do

if (!TEST_int_eq(a[i], b[i])) {
  TEST_error("%d th element mismatch", i);
}

Or you could also provide a macro per comparison, TEST_int_eq_msg(a, b, msg), etc.

What do you think?

[paulidale]

I'm not convinced that TEST_error needs to show the file and line number. With the usage example given, the file and line will be produced by TEST_int_eq and would be redundant. Perhaps call the function TEST_extra or TEST_info

I don't like the TEST_int_eq_msg suggestion because we don't have variadic macros so there can be no arguments to the message.

Are you suggesting hiding the test_xxx functions in an header but still creating them in testutil.c ?

[ekasper]

I meant you'd do TEST_int_eq_msgsame as TEST_error - variadic macros where you can, and fall back to a function (losing the file and line number) otherwise. I think that works?

Re file and line numbers, I don't think they ever hurt. I'd probably have TEST_error for errors (starts with ERROR or FAIL as you have it) and TEST_info for info (starts with INFO) to make it easy to grep for failure lines - but I don't really have a strong opinion. Whatever feels most natural to you!

Re test_xxx functions, I think so? It's not so important - I only suggested moving the declarations to another header to make it easier to find the public bits you're supposed to use in tests.

[paulidale]

I think the TEST_xxx_msg flavours can be made to work, it will introduce quite a bit of bloat to the header file -- is the gain worthwhile? The if (TEST_xxx()) TEST_ERROR() sequence seems reasonable and sufficiently terse. At least to me. I kind of suspect that the TEST_xxx__msg versions won't be heavily used -- people often seem to not like writing tests and when they do, they make them as short and unhelpful as possible. Slightly exaggerated perhaps.

You're right, the line numbers won't hurt. I'll add the info versions.

The declarations need to be visible in testutil.h to avoid compiler warnings about undefined functions. Whether they are in another .h file or not seems to be the concern. I'd don't have a strong feeling either way here.

[ekasper]

I'd suggest long and ulong ("lint" makes me think of linters).

[ekasper]

Simply long and unsigned long (drop the int).

[paulidale]

I think this addresses the next round of changes. I've added the TEST_error macro and hidden the definition macros (in testutil.c rather than a separate header file).

[paulidale]

Regarding the TEST_xxx_msg flavours, I can't help but feel that they aren't worthwhile.
The whole point of these tests is that they should pass and the message is never seen. If a test does fail, somebody is going to have to go and debug the code and the file + line number is adequate to get started. A message is a nicety but isn't really necessary. Plus messages are available with test_ERROR and test_INFO and can easily be added to a failing test.

[ekasper]

Nice call on testing the tests!

This looks good to me, a few small comments left. I'll let the second reviewer take a fresh look, then let's see it in action.

You may want to post to openssl-dev@ pointing out this work, so devs know to start using this over printf.

[ekasper]

nit: bad indent

I'd just pass in const char* prefix rather than int error, makes the call site more readable.

[paulidale]

Good suggestion :)

[ekasper]

Is this c90?

[levitte]

That's C since way back. A little quirk of the language. Ever tried this?

#include <stdio.h>

int main()
{
    printf("%c", 3["123456789"]);
}

Of course, the other way around, "123456789"[3], is just as possible and equivalent.

[richsalz]

yeah, let's flip it around to avoid questions.

[paulidale]

This originally comes from K&R C and has remained ever since. a[b] is defined to be *(a + b). Thus, the order doesn't matter.

Little quirk in my coding to hex conversions...

[ekasper]

TEST_error? (Everywhere where errors are logged?)

[paulidale]

The TEST_int_eq will produce the error message. This is extra additional info: the position where the error occurred. I don't think it should raise a second error, since it isn't. I'll get rid of the duplicated information though. There are probably a few cases like this still.

[ekasper]

I believe we avoid custom copyright statements in file headers these days. (The CLA does not transfer copyright - just that additional copyrights don't need to be listed in our headers.)

[paulidale]

Should be good to go. Run make test TESTS=test_test V=1 to see the output of failed messages. All the information is there but if anyone feels changes are desirable, we should do them before any announcement.

I've also updated test/README to not include the bit about editing the makefile and to have a short section about this.

[paulidale]

Any thoughts about dedicating a code health Tuesday to modifying existing test cases to use this infrastructure more uniformly?

[richsalz]

@pauli-oracle that's a great idea! I'll push it. Looks like @levitte;s conerns were address. I also approve and can merge.

[paulidale]

Thanks @richsalz. The single build failure is due to a problem with documentation (i.e. not part of this PR).

[richsalz]

I needed these changes:

diff --git a/test/test_test.c b/test/test_test.c
index 842b449..de39917 100644
--- a/test/test_test.c
+++ b/test/test_test.c
@@ -254,8 +254,9 @@ err:

 static int test_messages(void)
 {
-    TEST_INFO("This is an %s message.", "info");
-    TEST_ERROR("This is an %s message.", "error");
+    TEST_info("This is an %s message.", "info");
+    TEST_error("This is an %s message.", "error");
+    return 0;
 }

And also the test_test recipe needs to be changed. Not sure how to say "failure is success" @levitte ?

[paulidale]

Sorry, I hadn't pushed that capitalisation change yet. I realised I'd not executed those two functions in the test. Done now.

There is no need to modify the recipe, the test_test.c program checks the failing return codes and acts accordingly. The failure messages will be printed out but the executable returns the correct code and the test passes.

[paulidale]

This could be a pain when grepping for ERRORs.

I also just noticed that there is no test name in the diagnostics...

[richsalz]

TEST_INFO is a struct, as you saw I assume.Do you want to push a change to fix the logging issue?

[richsalz]

@levitte or @ekasper reconfirm?

[paulidale]

I've fixed the test_test.c issue. I'm not concerned about the test name -- we've got file/line number information in the output already so it isn't essential. The error messages are a little busy already.

[richsalz]

So we just need a second reviewer for that last bit.

[paulidale]

Both lines of it :)

[t-j-h]

Which two lines?

[paulidale]

test/test_test.c lines 263 & 264. Well, actually that whole six line function and the line at the bottom that adds it as a test. But only two lines of content :)

[paulidale]

static int test_messages(void)
{
    TEST_info("This is an %s message.", "info");
    TEST_error("This is an %s message.", "error");
    return 1;
}

and

    ADD_TEST(test_messages);

[t-j-h]

+1 on the "last bit".

[richsalz]

merged. thanks for this, and the reviews folks!

[ekasper]

+1 on a Code Health Tuesday, it'd give everyone a chance to learn the framework. Also, we have a bunch of really old tests (for example, ectest.c) that could really use some clean-up.

Thanks again for this contribution, really neat!

[paulidale]

The other code health thought I've had is "fix an example day". I.e. go through the examples and get them working and bring them up to date or write new examples.