1 /* Licensed under LGPL - see LICENSE file for details */
2 #include <ccan/failtest/failtest.h>
12 #include <sys/types.h>
19 #include <ccan/time/time.h>
20 #include <ccan/read_write_all/read_write_all.h>
21 #include <ccan/failtest/failtest_proto.h>
22 #include <ccan/build_assert/build_assert.h>
23 #include <ccan/hash/hash.h>
24 #include <ccan/htable/htable_type.h>
25 #include <ccan/str/str.h>
26 #include <ccan/compiler/compiler.h>
28 enum failtest_result (*failtest_hook)(struct tlist_calls *);
30 static FILE *tracef = NULL, *warnf;
31 static int traceindent = 0;
33 unsigned int failtest_timeout_ms = 20000;
36 const char *debugpath;
48 /* end is inclusive: you can't have a 0-byte lock. */
53 /* We hash the call location together with its backtrace. */
54 static size_t hash_call(const struct failtest_call *call)
56 return hash(call->file, strlen(call->file),
58 hash(call->backtrace, call->backtrace_num,
62 static bool call_eq(const struct failtest_call *call1,
63 const struct failtest_call *call2)
67 if (strcmp(call1->file, call2->file) != 0
68 || call1->line != call2->line
69 || call1->type != call2->type
70 || call1->backtrace_num != call2->backtrace_num)
73 for (i = 0; i < call1->backtrace_num; i++)
74 if (call1->backtrace[i] != call2->backtrace[i])
80 /* Defines struct failtable. */
81 HTABLE_DEFINE_TYPE(struct failtest_call, (struct failtest_call *), hash_call,
84 bool (*failtest_exit_check)(struct tlist_calls *history);
86 /* The entire history of all calls. */
87 static struct tlist_calls history = TLIST_INIT(history);
88 /* If we're a child, the fd two write control info to the parent. */
89 static int control_fd = -1;
90 /* If we're a child, this is the first call we did ourselves. */
91 static struct failtest_call *our_history_start = NULL;
92 /* For printing runtime with --trace. */
93 static struct timeval start;
94 /* Set when failtest_hook returns FAIL_PROBE */
95 static bool probing = false;
96 /* Table to track duplicates. */
97 static struct failtable failtable;
99 /* Array of writes which our child did. We report them on failure. */
100 static struct write_call *child_writes = NULL;
101 static unsigned int child_writes_num = 0;
103 /* fcntl locking info. */
104 static pid_t lock_owner;
105 static struct lock_info *locks = NULL;
106 static unsigned int lock_num = 0;
108 /* Our original pid, which we return to anyone who asks. */
109 static pid_t orig_pid;
111 /* Mapping from failtest_type to char. */
112 static const char info_to_arg[] = "mceoxprwfal";
114 /* Dummy call used for failtest_undo wrappers. */
115 static struct failtest_call unrecorded_call;
117 struct contents_saved {
124 /* File contents, saved in this child only. */
125 struct saved_mmapped_file {
126 struct saved_mmapped_file *next;
127 struct failtest_call *opener;
128 struct contents_saved *s;
131 static struct saved_mmapped_file *saved_mmapped_files;
134 #include <execinfo.h>
136 static void **get_backtrace(unsigned int *num)
138 static unsigned int max_back = 100;
142 ret = malloc(max_back * sizeof(void *));
143 *num = backtrace(ret, max_back);
144 if (*num == max_back) {
152 /* This will test slightly less, since will consider all of the same
153 * calls as identical. But, it's slightly faster! */
154 static void **get_backtrace(unsigned int *num)
159 #endif /* HAVE_BACKTRACE */
161 static struct failtest_call *add_history_(enum failtest_call_type type,
168 struct failtest_call *call;
170 /* NULL file is how we suppress failure. */
172 return &unrecorded_call;
174 call = malloc(sizeof *call);
176 call->can_leak = can_leak;
179 call->cleanup = NULL;
180 call->backtrace = get_backtrace(&call->backtrace_num);
181 memcpy(&call->u, elem, elem_size);
182 tlist_add_tail(&history, call, list);
186 #define add_history(type, can_leak, file, line, elem) \
187 add_history_((type), (can_leak), (file), (line), (elem), sizeof(*(elem)))
189 /* We do a fake call inside a sizeof(), to check types. */
190 #define set_cleanup(call, clean, type) \
191 (call)->cleanup = (void *)((void)sizeof(clean((type *)NULL, false),1), (clean))
193 /* Dup the fd to a high value (out of the way I hope!), and close the old fd. */
194 static int move_fd_to_high(int fd)
198 for (i = FD_SETSIZE - 1; i >= 0; i--) {
199 if (fcntl(i, F_GETFL) == -1 && errno == EBADF) {
200 if (dup2(fd, i) == -1)
201 err(1, "Failed to dup fd %i to %i", fd, i);
206 /* Nothing? Really? Er... ok? */
210 static bool read_write_info(int fd)
212 struct write_call *w;
215 /* We don't need all of this, but it's simple. */
216 child_writes = realloc(child_writes,
217 (child_writes_num+1) * sizeof(child_writes[0]));
218 w = &child_writes[child_writes_num];
219 if (!read_all(fd, w, sizeof(*w)))
222 w->buf = buf = malloc(w->count);
223 if (!read_all(fd, buf, w->count))
230 static char *failpath_string(void)
232 struct failtest_call *i;
233 char *ret = strdup("");
236 /* Inefficient, but who cares? */
237 tlist_for_each(&history, i, list) {
238 ret = realloc(ret, len + 2);
239 ret[len] = info_to_arg[i->type];
241 ret[len] = toupper(ret[len]);
247 static void do_warn(int e, const char *fmt, va_list ap)
249 char *p = failpath_string();
251 vfprintf(warnf, fmt, ap);
253 fprintf(warnf, ": %s", strerror(e));
254 fprintf(warnf, " [%s]\n", p);
258 static void fwarn(const char *fmt, ...)
269 static void fwarnx(const char *fmt, ...)
274 do_warn(-1, fmt, ap);
278 static void tell_parent(enum info_type type)
280 if (control_fd != -1)
281 write_all(control_fd, &type, sizeof(type));
284 static void child_fail(const char *out, size_t outlen, const char *fmt, ...)
287 char *path = failpath_string();
290 vfprintf(stderr, fmt, ap);
293 fprintf(stderr, "%.*s", (int)outlen, out);
294 printf("To reproduce: --failpath=%s\n", path);
296 tell_parent(FAILURE);
300 static void PRINTF_FMT(1, 2) trace(const char *fmt, ...)
310 for (i = 0; i < traceindent; i++)
311 fprintf(tracef, " ");
313 p = failpath_string();
314 fprintf(tracef, "%i: %u: %s ", idx++, getpid(), p);
316 vfprintf(tracef, fmt, ap);
323 static void hand_down(int signum)
328 static void release_locks(void)
330 /* Locks were never acquired/reacquired? */
334 /* We own them? Release them all. */
335 if (lock_owner == getpid()) {
339 fl.l_whence = SEEK_SET;
343 trace("Releasing %u locks\n", lock_num);
344 for (i = 0; i < lock_num; i++)
345 fcntl(locks[i].fd, F_SETLK, &fl);
347 /* Our parent must have them; pass request up. */
348 enum info_type type = RELEASE_LOCKS;
349 assert(control_fd != -1);
350 write_all(control_fd, &type, sizeof(type));
355 /* off_t is a signed type. Getting its max is non-trivial. */
356 static off_t off_max(void)
358 BUILD_ASSERT(sizeof(off_t) == 4 || sizeof(off_t) == 8);
359 if (sizeof(off_t) == 4)
360 return (off_t)0x7FFFFFF;
362 return (off_t)0x7FFFFFFFFFFFFFFULL;
365 static void get_locks(void)
370 if (lock_owner == getpid())
373 if (lock_owner != 0) {
374 enum info_type type = RELEASE_LOCKS;
375 assert(control_fd != -1);
376 trace("Asking parent to release locks\n");
377 write_all(control_fd, &type, sizeof(type));
380 fl.l_whence = SEEK_SET;
382 for (i = 0; i < lock_num; i++) {
383 fl.l_type = locks[i].type;
384 fl.l_start = locks[i].start;
385 if (locks[i].end == off_max())
388 fl.l_len = locks[i].end - locks[i].start + 1;
390 if (fcntl(locks[i].fd, F_SETLKW, &fl) != 0)
393 trace("Acquired %u locks\n", lock_num);
394 lock_owner = getpid();
398 static struct contents_saved *save_contents(const char *filename,
399 int fd, size_t count, off_t off,
402 struct contents_saved *s = malloc(sizeof(*s) + count);
407 ret = pread(fd, s->contents, count, off);
409 fwarn("failtest_write: failed to save old contents!");
414 /* Use lseek to get the size of file, but we have to restore
416 off = lseek(fd, 0, SEEK_CUR);
417 s->old_len = lseek(fd, 0, SEEK_END);
418 lseek(fd, off, SEEK_SET);
420 trace("Saving %p %s %zu@%llu after %s (filelength %llu) via fd %i\n",
421 s, filename, s->count, (long long)s->off, why,
422 (long long)s->old_len, fd);
426 static void restore_contents(struct failtest_call *opener,
427 struct contents_saved *s,
433 /* The top parent doesn't need to restore. */
434 if (control_fd == -1)
437 /* Has the fd been closed? */
438 if (opener->u.open.closed) {
439 /* Reopen, replace fd, close silently as we clean up. */
440 fd = open(opener->u.open.pathname, O_RDWR);
442 fwarn("failtest: could not reopen %s to clean up %s!",
443 opener->u.open.pathname, caller);
446 /* Make it clearly distinguisable from a "normal" fd. */
447 fd = move_fd_to_high(fd);
448 trace("Reopening %s to restore it (was fd %i, now %i)\n",
449 opener->u.open.pathname, opener->u.open.ret, fd);
450 opener->u.open.ret = fd;
451 opener->u.open.closed = false;
453 fd = opener->u.open.ret;
455 trace("Restoring %p %s %zu@%llu after %s (filelength %llu) via fd %i\n",
456 s, opener->u.open.pathname, s->count, (long long)s->off, caller,
457 (long long)s->old_len, fd);
458 if (pwrite(fd, s->contents, s->count, s->off) != s->count) {
459 fwarn("failtest: write failed cleaning up %s for %s!",
460 opener->u.open.pathname, caller);
463 if (ftruncate(fd, s->old_len) != 0) {
464 fwarn("failtest_write: truncate failed cleaning up %s for %s!",
465 opener->u.open.pathname, caller);
468 if (restore_offset) {
469 trace("Restoring offset of fd %i to %llu\n",
470 fd, (long long)s->off);
471 lseek(fd, s->off, SEEK_SET);
475 /* We save/restore most things on demand, but always do mmaped files. */
476 static void save_mmapped_files(void)
478 struct failtest_call *i;
479 trace("Saving mmapped files in child\n");
481 tlist_for_each_rev(&history, i, list) {
482 struct mmap_call *m = &i->u.mmap;
483 struct saved_mmapped_file *s;
485 if (i->type != FAILTEST_MMAP)
488 /* FIXME: We only handle mmapped files where fd is still open. */
489 if (m->opener->u.open.closed)
492 s = malloc(sizeof *s);
493 s->s = save_contents(m->opener->u.open.pathname,
494 m->fd, m->length, m->offset,
495 "mmapped file before fork");
496 s->opener = m->opener;
497 s->next = saved_mmapped_files;
498 saved_mmapped_files = s;
502 static void free_mmapped_files(bool restore)
504 trace("%s mmapped files in child\n",
505 restore ? "Restoring" : "Discarding");
506 while (saved_mmapped_files) {
507 struct saved_mmapped_file *next = saved_mmapped_files->next;
509 restore_contents(saved_mmapped_files->opener,
510 saved_mmapped_files->s, false,
512 free(saved_mmapped_files->s);
513 free(saved_mmapped_files);
514 saved_mmapped_files = next;
518 /* Returns a FAILTEST_OPEN, FAILTEST_PIPE or NULL. */
519 static struct failtest_call *opener_of(int fd)
521 struct failtest_call *i;
523 /* Don't get confused and match genuinely failed opens. */
527 /* Figure out the set of live fds. */
528 tlist_for_each_rev(&history, i, list) {
533 if (i->u.close.fd == fd) {
538 if (i->u.open.ret == fd) {
539 if (i->u.open.closed)
545 if (i->u.pipe.fds[0] == fd || i->u.pipe.fds[1] == fd) {
554 /* FIXME: socket, dup, etc are untracked! */
558 static void free_call(struct failtest_call *call)
560 /* We don't do this in cleanup: needed even for failed opens. */
561 if (call->type == FAILTEST_OPEN)
562 free((char *)call->u.open.pathname);
563 free(call->backtrace);
564 tlist_del_from(&history, call, list);
568 /* Free up memory, so valgrind doesn't report leaks. */
569 static void free_everything(void)
571 struct failtest_call *i;
573 while ((i = tlist_top(&history, struct failtest_call, list)) != NULL)
576 failtable_clear(&failtable);
579 static NORETURN void failtest_cleanup(bool forced_cleanup, int status)
581 struct failtest_call *i;
584 /* For children, we don't care if they "failed" the testing. */
585 if (control_fd != -1)
588 /* We don't restore contents for original parent. */
591 /* Cleanup everything, in reverse order. */
592 tlist_for_each_rev(&history, i, list) {
593 /* Don't restore things our parent did. */
594 if (i == our_history_start)
601 i->cleanup(&i->u, restore);
603 /* But their program shouldn't leak, even on failure. */
604 if (!forced_cleanup && i->can_leak) {
605 printf("Leak at %s:%u: --failpath=%s\n",
606 i->file, i->line, failpath_string());
611 /* Put back mmaped files the way our parent (if any) expects. */
612 free_mmapped_files(true);
616 tell_parent(SUCCESS);
618 tell_parent(FAILURE);
622 static bool following_path(void)
626 /* + means continue after end, like normal. */
627 if (*failpath == '+') {
634 static bool follow_path(struct failtest_call *call)
636 if (*failpath == '\0') {
637 /* Continue, but don't inject errors. */
638 return call->fail = false;
641 if (tolower((unsigned char)*failpath) != info_to_arg[call->type])
642 errx(1, "Failpath expected '%s' got '%c'\n",
643 failpath, info_to_arg[call->type]);
644 call->fail = cisupper(*(failpath++));
646 call->can_leak = false;
650 static bool should_fail(struct failtest_call *call)
653 int control[2], output[2];
654 enum info_type type = UNEXPECTED;
657 struct failtest_call *dup;
659 if (call == &unrecorded_call)
662 if (following_path())
663 return follow_path(call);
665 /* Attach debugger if they asked for it. */
669 /* Pretend this last call matches whatever path wanted:
670 * keeps valgrind happy. */
671 call->fail = cisupper(debugpath[strlen(debugpath)-1]);
672 path = failpath_string();
674 if (streq(path, debugpath)) {
678 signal(SIGUSR1, SIG_IGN);
679 sprintf(str, "xterm -e gdb /proc/%d/exe %d &",
681 if (system(str) == 0)
684 /* Ignore last character: could be upper or lower. */
685 path[strlen(path)-1] = '\0';
686 if (!strstarts(debugpath, path)) {
688 "--debugpath not followed: %s\n", path);
695 /* Are we probing? If so, we never fail twice. */
697 trace("Not failing %c due to FAIL_PROBE return\n",
698 info_to_arg[call->type]);
699 return call->fail = false;
702 /* Don't fail more than once in the same place. */
703 dup = failtable_get(&failtable, call);
705 trace("Not failing %c due to duplicate\n",
706 info_to_arg[call->type]);
707 return call->fail = false;
711 switch (failtest_hook(&history)) {
718 trace("Not failing %c due to failhook return\n",
719 info_to_arg[call->type]);
727 /* Add it to our table of calls. */
728 failtable_add(&failtable, call);
730 /* We're going to fail in the child. */
732 if (pipe(control) != 0 || pipe(output) != 0)
733 err(1, "opening pipe");
735 /* Move out the way, to high fds. */
736 control[0] = move_fd_to_high(control[0]);
737 control[1] = move_fd_to_high(control[1]);
738 output[0] = move_fd_to_high(output[0]);
739 output[1] = move_fd_to_high(output[1]);
741 /* Prevent double-printing (in child and parent) */
748 err(1, "forking failed");
756 struct failtest_call *c;
758 c = tlist_tail(&history, struct failtest_call, list);
759 diff = time_sub(time_now(), start);
760 failpath = failpath_string();
761 p = strrchr(c->file, '/');
766 trace("%u->%u (%u.%02u): %s (%s:%u)\n",
768 (int)diff.tv_sec, (int)diff.tv_usec / 10000,
769 failpath, p, c->line);
772 /* From here on, we have to clean up! */
773 our_history_start = tlist_tail(&history, struct failtest_call,
777 /* Don't swallow stderr if we're tracing. */
779 dup2(output[1], STDOUT_FILENO);
780 dup2(output[1], STDERR_FILENO);
781 if (output[1] != STDOUT_FILENO
782 && output[1] != STDERR_FILENO)
785 control_fd = move_fd_to_high(control[1]);
787 /* Forget any of our parent's saved files. */
788 free_mmapped_files(false);
790 /* Now, save any files we need to. */
791 save_mmapped_files();
793 /* Failed calls can't leak. */
794 call->can_leak = false;
799 signal(SIGUSR1, hand_down);
804 /* We grab output so we can display it; we grab writes so we
807 struct pollfd pfd[2];
810 pfd[0].fd = output[0];
811 pfd[0].events = POLLIN|POLLHUP;
812 pfd[1].fd = control[0];
813 pfd[1].events = POLLIN|POLLHUP;
816 ret = poll(pfd, 1, failtest_timeout_ms);
818 ret = poll(pfd, 2, failtest_timeout_ms);
825 err(1, "Poll returned %i", ret);
828 if (pfd[0].revents & POLLIN) {
831 out = realloc(out, outlen + 8192);
832 len = read(output[0], out + outlen, 8192);
834 } else if (type != SUCCESS && (pfd[1].revents & POLLIN)) {
835 if (read_all(control[0], &type, sizeof(type))) {
837 if (!read_write_info(control[0]))
839 } else if (type == RELEASE_LOCKS) {
841 /* FIXME: Tell them we're done... */
844 } else if (pfd[0].revents & POLLHUP) {
847 } while (type != FAILURE);
851 waitpid(child, &status, 0);
852 if (!WIFEXITED(status)) {
853 if (WTERMSIG(status) == SIGUSR1)
854 child_fail(out, outlen, "Timed out");
856 child_fail(out, outlen, "Killed by signal %u: ",
859 /* Child printed failure already, just pass up exit code. */
860 if (type == FAILURE) {
861 fprintf(stderr, "%.*s", (int)outlen, out);
863 exit(WEXITSTATUS(status) ? WEXITSTATUS(status) : 1);
865 if (WEXITSTATUS(status) != 0)
866 child_fail(out, outlen, "Exited with status %i: ",
867 WEXITSTATUS(status));
870 signal(SIGUSR1, SIG_DFL);
872 /* Only child does probe. */
875 /* We continue onwards without failing. */
880 static void cleanup_calloc(struct calloc_call *call, bool restore)
882 trace("undoing calloc %p\n", call->ret);
886 void *failtest_calloc(size_t nmemb, size_t size,
887 const char *file, unsigned line)
889 struct failtest_call *p;
890 struct calloc_call call;
893 p = add_history(FAILTEST_CALLOC, true, file, line, &call);
895 if (should_fail(p)) {
896 p->u.calloc.ret = NULL;
899 p->u.calloc.ret = calloc(nmemb, size);
900 set_cleanup(p, cleanup_calloc, struct calloc_call);
902 trace("calloc %zu x %zu %s:%u -> %p\n",
903 nmemb, size, file, line, p->u.calloc.ret);
905 return p->u.calloc.ret;
908 static void cleanup_malloc(struct malloc_call *call, bool restore)
910 trace("undoing malloc %p\n", call->ret);
914 void *failtest_malloc(size_t size, const char *file, unsigned line)
916 struct failtest_call *p;
917 struct malloc_call call;
920 p = add_history(FAILTEST_MALLOC, true, file, line, &call);
921 if (should_fail(p)) {
922 p->u.malloc.ret = NULL;
925 p->u.malloc.ret = malloc(size);
926 set_cleanup(p, cleanup_malloc, struct malloc_call);
928 trace("malloc %zu %s:%u -> %p\n",
929 size, file, line, p->u.malloc.ret);
931 return p->u.malloc.ret;
934 static void cleanup_realloc(struct realloc_call *call, bool restore)
936 trace("undoing realloc %p\n", call->ret);
940 /* Walk back and find out if we got this ptr from a previous routine. */
941 static void fixup_ptr_history(void *ptr, const char *why)
943 struct failtest_call *i;
945 /* Start at end of history, work back. */
946 tlist_for_each_rev(&history, i, list) {
948 case FAILTEST_REALLOC:
949 if (i->u.realloc.ret == ptr) {
950 trace("found realloc %p %s:%u matching %s\n",
951 ptr, i->file, i->line, why);
957 case FAILTEST_MALLOC:
958 if (i->u.malloc.ret == ptr) {
959 trace("found malloc %p %s:%u matching %s\n",
960 ptr, i->file, i->line, why);
966 case FAILTEST_CALLOC:
967 if (i->u.calloc.ret == ptr) {
968 trace("found calloc %p %s:%u matching %s\n",
969 ptr, i->file, i->line, why);
979 trace("Did not find %p matching %s\n", ptr, why);
982 void *failtest_realloc(void *ptr, size_t size, const char *file, unsigned line)
984 struct failtest_call *p;
985 struct realloc_call call;
987 p = add_history(FAILTEST_REALLOC, true, file, line, &call);
989 /* FIXME: Try one child moving allocation, one not. */
990 if (should_fail(p)) {
991 p->u.realloc.ret = NULL;
994 /* Don't catch this one in the history fixup... */
995 p->u.realloc.ret = NULL;
996 fixup_ptr_history(ptr, "realloc");
997 p->u.realloc.ret = realloc(ptr, size);
998 set_cleanup(p, cleanup_realloc, struct realloc_call);
1000 trace("realloc %p %s:%u -> %p\n",
1001 ptr, file, line, p->u.realloc.ret);
1003 return p->u.realloc.ret;
1006 /* FIXME: Record free, so we can terminate fixup_ptr_history correctly.
1007 * If there's an alloc we don't see, it could get confusing if it matches
1008 * a previous allocation we did see. */
1009 void failtest_free(void *ptr)
1011 fixup_ptr_history(ptr, "free");
1012 trace("free %p\n", ptr);
1017 static struct contents_saved *save_file(const char *pathname)
1020 struct contents_saved *s;
1022 fd = open(pathname, O_RDONLY);
1026 s = save_contents(pathname, fd, lseek(fd, 0, SEEK_END), 0,
1027 "open with O_TRUNC");
1032 /* Optimization: don't create a child for an open which *we know*
1033 * would fail anyway. */
1034 static bool open_would_fail(const char *pathname, int flags)
1036 if ((flags & O_ACCMODE) == O_RDONLY)
1037 return access(pathname, R_OK) != 0;
1038 if (!(flags & O_CREAT)) {
1039 if ((flags & O_ACCMODE) == O_WRONLY)
1040 return access(pathname, W_OK) != 0;
1041 if ((flags & O_ACCMODE) == O_RDWR)
1042 return access(pathname, W_OK) != 0
1043 || access(pathname, R_OK) != 0;
1045 /* FIXME: We could check if it exists, for O_CREAT|O_EXCL */
1049 static void cleanup_open(struct open_call *call, bool restore)
1051 if (restore && call->saved)
1052 restore_contents(container_of(call, struct failtest_call,
1054 call->saved, false, "open with O_TRUNC");
1055 if (!call->closed) {
1056 trace("Cleaning up open %s by closing fd %i\n",
1057 call->pathname, call->ret);
1059 call->closed = true;
1064 int failtest_open(const char *pathname,
1065 const char *file, unsigned line, ...)
1067 struct failtest_call *p;
1068 struct open_call call;
1071 call.pathname = strdup(pathname);
1073 call.flags = va_arg(ap, int);
1074 call.always_save = false;
1075 call.closed = false;
1076 if (call.flags & O_CREAT) {
1077 call.mode = va_arg(ap, int);
1080 p = add_history(FAILTEST_OPEN, true, file, line, &call);
1081 /* Avoid memory leak! */
1082 if (p == &unrecorded_call)
1083 free((char *)call.pathname);
1085 if (should_fail(p)) {
1086 /* Don't bother inserting failures that would happen anyway. */
1087 if (open_would_fail(pathname, call.flags)) {
1088 trace("Open would have failed anyway: stopping\n");
1089 failtest_cleanup(true, 0);
1092 /* FIXME: Play with error codes? */
1095 /* Save the old version if they're truncating it. */
1096 if (call.flags & O_TRUNC)
1097 p->u.open.saved = save_file(pathname);
1099 p->u.open.saved = NULL;
1100 p->u.open.ret = open(pathname, call.flags, call.mode);
1101 if (p->u.open.ret == -1) {
1102 p->u.open.closed = true;
1103 p->can_leak = false;
1105 set_cleanup(p, cleanup_open, struct open_call);
1108 trace("open %s %s:%u -> %i (opener %p)\n",
1109 pathname, file, line, p->u.open.ret, &p->u.open);
1111 return p->u.open.ret;
1114 static void cleanup_mmap(struct mmap_call *mmap, bool restore)
1116 trace("cleaning up mmap @%p (opener %p)\n",
1117 mmap->ret, mmap->opener);
1119 restore_contents(mmap->opener, mmap->saved, false, "mmap");
1123 void *failtest_mmap(void *addr, size_t length, int prot, int flags,
1124 int fd, off_t offset, const char *file, unsigned line)
1126 struct failtest_call *p;
1127 struct mmap_call call;
1130 call.length = length;
1133 call.offset = offset;
1135 call.opener = opener_of(fd);
1137 /* If we don't know what file it was, don't fail. */
1140 fwarnx("failtest_mmap: couldn't figure out source for"
1141 " fd %i at %s:%u", fd, file, line);
1143 addr = mmap(addr, length, prot, flags, fd, offset);
1144 trace("mmap of fd %i -> %p (opener = NULL)\n", fd, addr);
1148 p = add_history(FAILTEST_MMAP, false, file, line, &call);
1149 if (should_fail(p)) {
1150 p->u.mmap.ret = MAP_FAILED;
1153 p->u.mmap.ret = mmap(addr, length, prot, flags, fd, offset);
1154 /* Save contents if we're writing to a normal file */
1155 if (p->u.mmap.ret != MAP_FAILED
1156 && (prot & PROT_WRITE)
1157 && call.opener->type == FAILTEST_OPEN) {
1158 const char *fname = call.opener->u.open.pathname;
1159 p->u.mmap.saved = save_contents(fname, fd, length,
1160 offset, "being mmapped");
1161 set_cleanup(p, cleanup_mmap, struct mmap_call);
1164 trace("mmap of fd %i %s:%u -> %p (opener = %p)\n",
1165 fd, file, line, addr, call.opener);
1167 return p->u.mmap.ret;
1170 static void cleanup_pipe(struct pipe_call *call, bool restore)
1172 trace("cleaning up pipe fd=%i%s,%i%s\n",
1173 call->fds[0], call->closed[0] ? "(already closed)" : "",
1174 call->fds[1], call->closed[1] ? "(already closed)" : "");
1175 if (!call->closed[0])
1176 close(call->fds[0]);
1177 if (!call->closed[1])
1178 close(call->fds[1]);
1181 int failtest_pipe(int pipefd[2], const char *file, unsigned line)
1183 struct failtest_call *p;
1184 struct pipe_call call;
1186 p = add_history(FAILTEST_PIPE, true, file, line, &call);
1187 if (should_fail(p)) {
1189 /* FIXME: Play with error codes? */
1192 p->u.pipe.ret = pipe(p->u.pipe.fds);
1193 p->u.pipe.closed[0] = p->u.pipe.closed[1] = false;
1194 set_cleanup(p, cleanup_pipe, struct pipe_call);
1197 trace("pipe %s:%u -> %i,%i\n", file, line,
1198 p->u.pipe.ret ? -1 : p->u.pipe.fds[0],
1199 p->u.pipe.ret ? -1 : p->u.pipe.fds[1]);
1201 /* This causes valgrind to notice if they use pipefd[] after failure */
1202 memcpy(pipefd, p->u.pipe.fds, sizeof(p->u.pipe.fds));
1204 return p->u.pipe.ret;
1207 static void cleanup_read(struct read_call *call, bool restore)
1210 trace("cleaning up read on fd %i: seeking to %llu\n",
1211 call->fd, (long long)call->off);
1213 /* Read (not readv!) moves file offset! */
1214 if (lseek(call->fd, call->off, SEEK_SET) != call->off) {
1215 fwarn("Restoring lseek pointer failed (read)");
1220 static ssize_t failtest_add_read(int fd, void *buf, size_t count, off_t off,
1221 bool is_pread, const char *file, unsigned line)
1223 struct failtest_call *p;
1224 struct read_call call;
1229 p = add_history(FAILTEST_READ, false, file, line, &call);
1231 /* FIXME: Try partial read returns. */
1232 if (should_fail(p)) {
1237 p->u.read.ret = pread(fd, buf, count, off);
1239 p->u.read.ret = read(fd, buf, count);
1240 if (p->u.read.ret != -1)
1241 set_cleanup(p, cleanup_read, struct read_call);
1244 trace("%sread %s:%u fd %i %zu@%llu -> %i\n",
1245 is_pread ? "p" : "", file, line, fd, count, (long long)off,
1248 return p->u.read.ret;
1251 static void cleanup_write(struct write_call *write, bool restore)
1253 trace("cleaning up write on %s\n", write->opener->u.open.pathname);
1255 restore_contents(write->opener, write->saved, !write->is_pwrite,
1260 static ssize_t failtest_add_write(int fd, const void *buf,
1261 size_t count, off_t off,
1263 const char *file, unsigned line)
1265 struct failtest_call *p;
1266 struct write_call call;
1272 call.is_pwrite = is_pwrite;
1273 call.opener = opener_of(fd);
1274 p = add_history(FAILTEST_WRITE, false, file, line, &call);
1276 /* If we're a child, we need to make sure we write the same thing
1277 * to non-files as the parent does, so tell it. */
1278 if (control_fd != -1 && off == (off_t)-1) {
1279 enum info_type type = WRITE;
1281 write_all(control_fd, &type, sizeof(type));
1282 write_all(control_fd, &p->u.write, sizeof(p->u.write));
1283 write_all(control_fd, buf, count);
1286 /* FIXME: Try partial write returns. */
1287 if (should_fail(p)) {
1288 p->u.write.ret = -1;
1292 assert(call.opener == p->u.write.opener);
1294 if (p->u.write.opener) {
1295 is_file = (p->u.write.opener->type == FAILTEST_OPEN);
1297 /* We can't unwind it, so at least check same
1298 * in parent and child. */
1302 /* FIXME: We assume same write order in parent and child */
1303 if (!is_file && child_writes_num != 0) {
1304 if (child_writes[0].fd != fd)
1305 errx(1, "Child wrote to fd %u, not %u?",
1306 child_writes[0].fd, fd);
1307 if (child_writes[0].off != p->u.write.off)
1308 errx(1, "Child wrote to offset %zu, not %zu?",
1309 (size_t)child_writes[0].off,
1310 (size_t)p->u.write.off);
1311 if (child_writes[0].count != count)
1312 errx(1, "Child wrote length %zu, not %zu?",
1313 child_writes[0].count, count);
1314 if (memcmp(child_writes[0].buf, buf, count)) {
1316 "Child wrote differently to"
1317 " fd %u than we did!\n", fd);
1319 free((char *)child_writes[0].buf);
1321 memmove(&child_writes[0], &child_writes[1],
1322 sizeof(child_writes[0]) * child_writes_num);
1324 /* Child wrote it already. */
1325 trace("write %s:%i on fd %i already done by child\n",
1327 p->u.write.ret = count;
1329 return p->u.write.ret;
1333 p->u.write.saved = save_contents(call.opener->u.open.pathname,
1335 "being overwritten");
1336 set_cleanup(p, cleanup_write, struct write_call);
1339 /* Though off is current seek ptr for write case, we need to
1340 * move it. write() does that for us. */
1341 if (p->u.write.is_pwrite)
1342 p->u.write.ret = pwrite(fd, buf, count, off);
1344 p->u.write.ret = write(fd, buf, count);
1346 trace("%swrite %s:%i %zu@%llu on fd %i -> %i\n",
1347 p->u.write.is_pwrite ? "p" : "",
1348 file, line, count, (long long)off, fd, p->u.write.ret);
1350 return p->u.write.ret;
1353 ssize_t failtest_pwrite(int fd, const void *buf, size_t count, off_t offset,
1354 const char *file, unsigned line)
1356 return failtest_add_write(fd, buf, count, offset, true, file, line);
1359 ssize_t failtest_write(int fd, const void *buf, size_t count,
1360 const char *file, unsigned line)
1362 return failtest_add_write(fd, buf, count, lseek(fd, 0, SEEK_CUR), false,
1366 ssize_t failtest_pread(int fd, void *buf, size_t count, off_t off,
1367 const char *file, unsigned line)
1369 return failtest_add_read(fd, buf, count, off, true, file, line);
1372 ssize_t failtest_read(int fd, void *buf, size_t count,
1373 const char *file, unsigned line)
1375 return failtest_add_read(fd, buf, count, lseek(fd, 0, SEEK_CUR), false,
1379 static struct lock_info *WARN_UNUSED_RESULT
1380 add_lock(struct lock_info *locks, int fd, off_t start, off_t end, int type)
1383 struct lock_info *l;
1385 for (i = 0; i < lock_num; i++) {
1390 /* Four cases we care about:
1404 if (start > l->start && end < l->end) {
1405 /* Mid overlap: trim entry, add new one. */
1406 off_t new_start, new_end;
1407 new_start = end + 1;
1409 trace("splitting lock on fd %i from %llu-%llu"
1411 fd, (long long)l->start, (long long)l->end,
1412 (long long)l->start, (long long)start - 1);
1414 locks = add_lock(locks,
1415 fd, new_start, new_end, l->type);
1417 } else if (start <= l->start && end >= l->end) {
1418 /* Total overlap: eliminate entry. */
1419 trace("erasing lock on fd %i %llu-%llu\n",
1420 fd, (long long)l->start, (long long)l->end);
1423 } else if (end >= l->start && end < l->end) {
1424 trace("trimming lock on fd %i from %llu-%llu"
1426 fd, (long long)l->start, (long long)l->end,
1427 (long long)end + 1, (long long)l->end);
1428 /* Start overlap: trim entry. */
1430 } else if (start > l->start && start <= l->end) {
1431 trace("trimming lock on fd %i from %llu-%llu"
1433 fd, (long long)l->start, (long long)l->end,
1434 (long long)l->start, (long long)start - 1);
1435 /* End overlap: trim entry. */
1438 /* Nothing left? Remove it. */
1439 if (l->end < l->start) {
1440 trace("forgetting lock on fd %i\n", fd);
1441 memmove(l, l + 1, (--lock_num - i) * sizeof(l[0]));
1446 if (type != F_UNLCK) {
1447 locks = realloc(locks, (lock_num + 1) * sizeof(*locks));
1448 l = &locks[lock_num++];
1453 trace("new lock on fd %i %llu-%llu\n",
1454 fd, (long long)l->start, (long long)l->end);
1459 /* We trap this so we can record it: we don't fail it. */
1460 int failtest_close(int fd, const char *file, unsigned line)
1462 struct close_call call;
1463 struct failtest_call *p, *opener;
1465 /* Do this before we add ourselves to history! */
1466 opener = opener_of(fd);
1469 p = add_history(FAILTEST_CLOSE, false, file, line, &call);
1472 /* Consume close from failpath (shouldn't tell us to fail). */
1473 if (following_path()) {
1478 trace("close on fd %i\n", fd);
1482 /* Mark opener as not leaking, remove its cleanup function. */
1484 trace("close on fd %i found opener %p\n", fd, opener);
1485 if (opener->type == FAILTEST_PIPE) {
1487 if (opener->u.pipe.fds[0] == fd) {
1488 assert(!opener->u.pipe.closed[0]);
1489 opener->u.pipe.closed[0] = true;
1490 } else if (opener->u.pipe.fds[1] == fd) {
1491 assert(!opener->u.pipe.closed[1]);
1492 opener->u.pipe.closed[1] = true;
1495 opener->can_leak = (!opener->u.pipe.closed[0]
1496 || !opener->u.pipe.closed[1]);
1497 } else if (opener->type == FAILTEST_OPEN) {
1498 opener->u.open.closed = true;
1499 opener->can_leak = false;
1504 /* Restore offset now, in case parent shared (can't do after close!). */
1505 if (control_fd != -1) {
1506 struct failtest_call *i;
1508 tlist_for_each_rev(&history, i, list) {
1509 if (i == our_history_start)
1513 if (i->type == FAILTEST_LSEEK && i->u.lseek.fd == fd) {
1514 trace("close on fd %i undoes lseek\n", fd);
1515 /* This seeks back. */
1516 i->cleanup(&i->u, true);
1518 } else if (i->type == FAILTEST_WRITE
1519 && i->u.write.fd == fd
1520 && !i->u.write.is_pwrite) {
1521 trace("close on fd %i undoes write"
1522 " offset change\n", fd);
1523 /* Write (not pwrite!) moves file offset! */
1524 if (lseek(fd, i->u.write.off, SEEK_SET)
1525 != i->u.write.off) {
1526 fwarn("Restoring lseek pointer failed (write)");
1528 } else if (i->type == FAILTEST_READ
1529 && i->u.read.fd == fd) {
1530 /* preads don't *have* cleanups */
1532 trace("close on fd %i undoes read"
1533 " offset change\n", fd);
1534 /* This seeks back. */
1535 i->cleanup(&i->u, true);
1542 /* Close unlocks everything. */
1543 locks = add_lock(locks, fd, 0, off_max(), F_UNLCK);
1547 /* Zero length means "to end of file" */
1548 static off_t end_of(off_t start, off_t len)
1552 return start + len - 1;
1555 /* FIXME: This only handles locks, really. */
1556 int failtest_fcntl(int fd, const char *file, unsigned line, int cmd, ...)
1558 struct failtest_call *p;
1559 struct fcntl_call call;
1565 /* Argument extraction. */
1570 call.arg.l = va_arg(ap, long);
1572 trace("fcntl on fd %i F_SETFL/F_SETFD\n", fd);
1573 return fcntl(fd, cmd, call.arg.l);
1576 trace("fcntl on fd %i F_GETFL/F_GETFD\n", fd);
1577 return fcntl(fd, cmd);
1579 trace("fcntl on fd %i F_GETLK\n", fd);
1582 call.arg.fl = *va_arg(ap, struct flock *);
1584 return fcntl(fd, cmd, &call.arg.fl);
1587 trace("fcntl on fd %i F_SETLK%s\n",
1588 fd, cmd == F_SETLKW ? "W" : "");
1590 call.arg.fl = *va_arg(ap, struct flock *);
1594 /* This means you need to implement it here. */
1595 err(1, "failtest: unknown fcntl %u", cmd);
1598 p = add_history(FAILTEST_FCNTL, false, file, line, &call);
1600 if (should_fail(p)) {
1601 p->u.fcntl.ret = -1;
1602 if (p->u.fcntl.cmd == F_SETLK)
1608 p->u.fcntl.ret = fcntl(p->u.fcntl.fd, p->u.fcntl.cmd,
1609 &p->u.fcntl.arg.fl);
1610 if (p->u.fcntl.ret == -1)
1613 /* We don't handle anything else yet. */
1614 assert(p->u.fcntl.arg.fl.l_whence == SEEK_SET);
1615 locks = add_lock(locks,
1617 p->u.fcntl.arg.fl.l_start,
1618 end_of(p->u.fcntl.arg.fl.l_start,
1619 p->u.fcntl.arg.fl.l_len),
1620 p->u.fcntl.arg.fl.l_type);
1623 trace("fcntl on fd %i -> %i\n", fd, p->u.fcntl.ret);
1625 return p->u.fcntl.ret;
1628 static void cleanup_lseek(struct lseek_call *call, bool restore)
1631 trace("cleaning up lseek on fd %i -> %llu\n",
1632 call->fd, (long long)call->old_off);
1633 if (lseek(call->fd, call->old_off, SEEK_SET) != call->old_off)
1634 fwarn("Restoring lseek pointer failed");
1638 /* We trap this so we can undo it: we don't fail it. */
1639 off_t failtest_lseek(int fd, off_t offset, int whence, const char *file,
1642 struct failtest_call *p;
1643 struct lseek_call call;
1645 call.offset = offset;
1646 call.whence = whence;
1647 call.old_off = lseek(fd, 0, SEEK_CUR);
1649 p = add_history(FAILTEST_LSEEK, false, file, line, &call);
1652 /* Consume lseek from failpath. */
1657 p->u.lseek.ret = lseek(fd, offset, whence);
1659 if (p->u.lseek.ret != (off_t)-1)
1660 set_cleanup(p, cleanup_lseek, struct lseek_call);
1662 trace("lseek %s:%u on fd %i from %llu to %llu%s\n",
1663 file, line, fd, (long long)call.old_off, (long long)offset,
1664 whence == SEEK_CUR ? " (from current off)" :
1665 whence == SEEK_END ? " (from end)" :
1666 whence == SEEK_SET ? "" : " (invalid whence)");
1667 return p->u.lseek.ret;
1671 pid_t failtest_getpid(const char *file, unsigned line)
1673 /* You must call failtest_init first! */
1678 void failtest_init(int argc, char *argv[])
1682 orig_pid = getpid();
1684 warnf = fdopen(move_fd_to_high(dup(STDERR_FILENO)), "w");
1685 for (i = 1; i < argc; i++) {
1686 if (!strncmp(argv[i], "--failpath=", strlen("--failpath="))) {
1687 failpath = argv[i] + strlen("--failpath=");
1688 } else if (strcmp(argv[i], "--trace") == 0) {
1690 failtest_timeout_ms = -1;
1691 } else if (!strncmp(argv[i], "--debugpath=",
1692 strlen("--debugpath="))) {
1693 debugpath = argv[i] + strlen("--debugpath=");
1696 failtable_init(&failtable);
1700 bool failtest_has_failed(void)
1702 return control_fd != -1;
1705 void failtest_exit(int status)
1707 trace("failtest_exit with status %i\n", status);
1708 if (failtest_exit_check) {
1709 if (!failtest_exit_check(&history))
1710 child_fail(NULL, 0, "failtest_exit_check failed\n");
1713 failtest_cleanup(false, status);
projects / ccan / blob