-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Antithesis intrumentation #5042
Conversation
b4e3cfb
to
2b422d6
Compare
Builds/CMake/RippledCompiler.cmake
Outdated
@@ -120,7 +120,7 @@ else () | |||
target_link_libraries (common | |||
INTERFACE | |||
-rdynamic | |||
$<$<BOOL:${is_linux}>:-Wl,-z,relro,-z,now> | |||
$<$<BOOL:${is_linux}>:-Wl,-z,relro,-z,now,--build-id> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The unconditional addition of --build-id
is intentional, but could be made conditional (on voidstar
), like other options are. I just think it is a useful option to have even in a regular build.
The choice of cmake option name |
602bbc7
to
4a6d7bd
Compare
a676c1a
to
d315dde
Compare
6 validators is a good start and should yield useful results. But just curious, how difficult would it be to later scale up the test to 35 (or more) validators? (This would make the testing even more realistic and predict what could happen in the future if more validators are added) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Am I correct in guessing that all of the edits under include/
and src/
are just changing assertions to use the new macros?
It's just a question of CPU utilisation on the Antithesis platform, that is balancing price/speed |
Yes. |
6f634cd
to
88050fb
Compare
1fbc1cb
to
1db9890
Compare
ff250ce
to
83808fa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note: this will be merged after rippled 2.3.0
@Bronek Before I merge this, can you write a commit message with a consise summary? |
Add Antithesis instrumentation
|
* Copy Antithesis SDK version 0.4.0 to directory external/ * Add build option `voidstar` to enable instrumentation with Antithesis SDK * Define instrumentation macros ASSERT and UNREACHABLE in terms of regular C assert * Replace asserts with named ASSERT or UNREACHABLE * Add UNREACHABLE to LogicError * Document instrumentation macros in CONTRIBUTING.md
Merged manually as d7e9491.
|
* upstream/develop: test: Check for some unlikely null dereferences in tests (XRPLF#5004) Add Antithesis intrumentation (XRPLF#5042)
High Level Overview of Change
Add Antithesis instrumentation.
Context of Change
This change adds the support for continuous testing (fuzzing) of
rippled
on Antithesis platform. A copy of Antithesis C++ SDK is added toexternal/antithesis-sdk
(withclang-format
disabled, to make it easier to keep up).The instrumentation macros
ASSERT
andUNREACHABLE
are defined insideinclude/xrpl/beast/utility/instrumentation.h
. In a normal build, these macros are just wrappers (with added name) for regularassert
macro. In such build, there is no dependency onexternal/antithesis-sdk
. The documentation of macros is also ininclude/xrpl/beast/utility/instrumentation.h
, and the naming convention for instrumentation macros has been added toCONTRIBUTING.md
If
voidstar
CMake option is enabled (which is only supported with clang compiler, version 16 or later, running on Linux, and requires a Debug build), these macros will register and forward instrumentation calls toexternal/antithesis-sdk
; this in turn informs the Antithesis platform of all the contracts. In case if a contract is violated during fuzzing, a report will be created forrippled
developers for troubleshooting. The purpose of name in instrumentation macros is to provide instrumentation calls with stable identity, which does not rely on line numbers.The
voidstar
CMake option is not exposed inconanfile.py
because it is not useful for programs with a dependency on this project; it is only useful when buildingrippled
binary with the intent of running it on the Antithesis platform. This means that, for ordinary users, macrosASSERT
orUNREACHABLE
are just like namedassert
.Both
ASSERT
orUNREACHABLE
are so-called "always assertions" - that is, they are test properties, which must be at all times true. Antithesis also supports a "sometimes assertions" which this PR does not define; we will add them later, on a case-by-case basis.Also, this PR does not use "rich assertions" which are added in Antithesis SDK 0.4; this will be also used in a separate PR, in order to keep this PR as close as possible to regular
assert
model (even though this makes fuzzing slower to discover bugs, than it would have been otherwise).Summary of changes
include/xrpl/beast/utility/instrumentation.h
antithesis-sdk-cpp
inexternal/antithesis-sdk
antithesis-sdk-cpp
inCMakeLists.txt
andcmake/RippledInstall.cmake
voidstar
tocmake/RippledCompiler.cmake
,cmake/RippledCore.cmake
andcmake/RippledSettings.cmake
--build-id
unconditionally incmake/RippledCompiler.cmake
CONTRIBUTING.md
to document contracts and instrumentationUNREACHABLE
inLogicError
insrc/libxrpl/basics/contract.cpp
assert
with eitherASSERT
orUNREACHABLE
(where suitable), with added nameCONTRIBUTING.md
I strived to make the naming of contracts consistent everywhere, however that was difficult given the size of change.
Macro
ASSERT
isALWAYS_OR_UNREACHABLE
rather thanALWAYS
Instrumentation macros are registered in the Antithesis platform and they can be also used for the purpose of coverage reporting (that is, whether or not a given contract has been reached is also a test property on the Antithesis platform). The semantics of
ALWAYS
macro (as defined in Antithesis C++ SDK) is not only to check that a condition is always true, it is also that the given line of code is always executed during fuzzing. Since we do not expect allassert
s to be always executed by a program during testing, we need a different macro, with the semantics that the condition is true if the given line is executed, otherwise the test platform should ignore the fact that a given line was not executed. This is the semantics ofALWAYS_OR_UNREACHABLE
macro.Macro
ASSERT
is not the same asassert
There are also locations where we do not use
ASSERT
orUNREACHABLE
because the old styleassert
orassert(false)
make more sense:constexpr
functions (ASSERT
would fail compilation)src/test
(no need for instrumentation)beast/test
andbeast/unit_test
; no need for instrumentation)Also, as explained in
include/xrpl/beast/utility/instrumentation.h
, there are minor differences betweenASSERT
andassert
:ASSERT
must have an unique name (naming convention in CONTRIBUTING.md)ASSERT
(like Release build) however the parameters will be fully evaluated (which is why CMake optionvoidstar
requires Debug build)No change to the github workflow, yet
We need to upgrade clang compiler from version 14 to version no older than 16 in order to enable
voidstar
option, which would be needed to validate that the instrumentation macros do work with the the headers inantithesis-sdk-cpp
(in particular that theASSERT
conditions are implicitly convertible tobool
). I raised an issue #5153 for this upgrade. Once it is done, I intend to submit a separate PR which will define a new job to build with thevoidstar
option.Type of Change
.gitignore
, formatting, dropping support for older tooling)