0e8189e270
Abstract -------- With index v2 we have a per object CRC to allow quick and safe reuse of pack data when repacking. This, however, doesn't currently prevent a stealth corruption from being propagated into a new pack when _not_ reusing pack data as demonstrated by the modification to t5302 included here. The Context ----------- The Git database is all checksummed with SHA1 hashes. Any kind of corruption can be confirmed by verifying this per object hash against corresponding data. However this can be costly to perform systematically and therefore this check is often not performed at run time when accessing the object database. First, the loose object format is entirely compressed with zlib which already provide a CRC verification of its own when inflating data. Any disk corruption would be caught already in this case. Then, packed objects are also compressed with zlib but only for their actual payload. The object headers and delta base references are not deflated for obvious performance reasons, however this leave them vulnerable to potentially undetected disk corruptions. Object types are often validated against the expected type when they're requested, and deflated size must always match the size recorded in the object header, so those cases are pretty much covered as well. Where corruptions could go unnoticed is in the delta base reference. Of course, in the OBJ_REF_DELTA case, the odds for a SHA1 reference to get corrupted so it actually matches the SHA1 of another object with the same size (the delta header stores the expected size of the base object to apply against) are virtually zero. In the OBJ_OFS_DELTA case, the reference is a pack offset which would have to match the start boundary of a different base object but still with the same size, and although this is relatively much more "probable" than in the OBJ_REF_DELTA case, the probability is also about zero in absolute terms. Still, the possibility exists as demonstrated in t5302 and is certainly greater than a SHA1 collision, especially in the OBJ_OFS_DELTA case which is now the default when repacking. Again, repacking by reusing existing pack data is OK since the per object CRC provided by index v2 guards against any such corruptions. What t5302 failed to test is a full repack in such case. The Solution ------------ As unlikely as this kind of stealth corruption can be in practice, it certainly isn't acceptable to propagate it into a freshly created pack. But, because this is so unlikely, we don't want to pay the run time cost associated with extra validation checks all the time either. Furthermore, consequences of such corruption in anything but repacking should be rather visible, and even if it could be quite unpleasant, it still has far less severe consequences than actively creating bad packs. So the best compromize is to check packed object CRC when unpacking objects, and only during the compression/writing phase of a repack, and only when not streaming the result. The cost of this is minimal (less than 1% CPU time), and visible only with a full repack. Someone with a stats background could provide an objective evaluation of this, but I suspect that it's bad RAM that has more potential for data corruptions at this point, even in those cases where this extra check is not performed. Still, it is best to prevent a known hole for corruption when recreating object data into a new pack. What about the streamed pack case? Well, any client receiving a pack must always consider that pack as untrusty and perform full validation anyway, hence no such stealth corruption could be propagated to remote repositoryes already. It is therefore worthless doing local validation in that case. Signed-off-by: Nicolas Pitre <nico@cam.org> Signed-off-by: Junio C Hamano <gitster@pobox.com> |
||
---|---|---|
.. | ||
lib-httpd | ||
t3900 | ||
t4013 | ||
t4020 | ||
t4100 | ||
t4101 | ||
t4109 | ||
t4110 | ||
t5100 | ||
t5515 | ||
t7004 | ||
t7500 | ||
t9110 | ||
t9111 | ||
t9115 | ||
t9121 | ||
t9126 | ||
t9700 | ||
.gitattributes | ||
.gitignore | ||
aggregate-results.sh | ||
annotate-tests.sh | ||
diff-lib.sh | ||
lib-git-svn.sh | ||
lib-httpd.sh | ||
lib-read-tree-m-3way.sh | ||
Makefile | ||
README | ||
t0000-basic.sh | ||
t0001-init.sh | ||
t0002-gitfile.sh | ||
t0003-attributes.sh | ||
t0004-unwritable.sh | ||
t0010-racy-git.sh | ||
t0020-crlf.sh | ||
t0021-conversion.sh | ||
t0022-crlf-rename.sh | ||
t0023-crlf-am.sh | ||
t0024-crlf-archive.sh | ||
t0030-stripspace.sh | ||
t0040-parse-options.sh | ||
t0050-filesystem.sh | ||
t0055-beyond-symlinks.sh | ||
t0060-path-utils.sh | ||
t1000-read-tree-m-3way.sh | ||
t1001-read-tree-m-2way.sh | ||
t1002-read-tree-m-u-2way.sh | ||
t1003-read-tree-prefix.sh | ||
t1004-read-tree-m-u-wf.sh | ||
t1005-read-tree-reset.sh | ||
t1006-cat-file.sh | ||
t1007-hash-object.sh | ||
t1020-subdirectory.sh | ||
t1100-commit-tree-options.sh | ||
t1200-tutorial.sh | ||
t1300-repo-config.sh | ||
t1301-shared-repo.sh | ||
t1302-repo-version.sh | ||
t1303-wacky-config.sh | ||
t1400-update-ref.sh | ||
t1410-reflog.sh | ||
t1420-lost-found.sh | ||
t1500-rev-parse.sh | ||
t1501-worktree.sh | ||
t1502-rev-parse-parseopt.sh | ||
t1503-rev-parse-verify.sh | ||
t1504-ceiling-dirs.sh | ||
t2000-checkout-cache-clash.sh | ||
t2001-checkout-cache-clash.sh | ||
t2002-checkout-cache-u.sh | ||
t2003-checkout-cache-mkdir.sh | ||
t2004-checkout-cache-temp.sh | ||
t2005-checkout-index-symlinks.sh | ||
t2007-checkout-symlink.sh | ||
t2008-checkout-subdir.sh | ||
t2009-checkout-statinfo.sh | ||
t2010-checkout-ambiguous.sh | ||
t2050-git-dir-relative.sh | ||
t2100-update-cache-badpath.sh | ||
t2101-update-index-reupdate.sh | ||
t2102-update-index-symlinks.sh | ||
t2103-update-index-ignore-missing.sh | ||
t2200-add-update.sh | ||
t2201-add-update-typechange.sh | ||
t2202-add-addremove.sh | ||
t2203-add-intent.sh | ||
t3000-ls-files-others.sh | ||
t3001-ls-files-others-exclude.sh | ||
t3002-ls-files-dashpath.sh | ||
t3010-ls-files-killed-modified.sh | ||
t3020-ls-files-error-unmatch.sh | ||
t3030-merge-recursive.sh | ||
t3040-subprojects-basic.sh | ||
t3050-subprojects-fetch.sh | ||
t3060-ls-files-with-tree.sh | ||
t3100-ls-tree-restrict.sh | ||
t3101-ls-tree-dirname.sh | ||
t3200-branch.sh | ||
t3201-branch-contains.sh | ||
t3202-show-branch-octopus.sh | ||
t3210-pack-refs.sh | ||
t3300-funny-names.sh | ||
t3400-rebase.sh | ||
t3401-rebase-partial.sh | ||
t3402-rebase-merge.sh | ||
t3403-rebase-skip.sh | ||
t3404-rebase-interactive.sh | ||
t3405-rebase-malformed.sh | ||
t3406-rebase-message.sh | ||
t3407-rebase-abort.sh | ||
t3408-rebase-multi-line.sh | ||
t3409-rebase-hook.sh | ||
t3409-rebase-preserve-merges.sh | ||
t3410-rebase-preserve-dropped-merges.sh | ||
t3500-cherry.sh | ||
t3501-revert-cherry-pick.sh | ||
t3502-cherry-pick-merge.sh | ||
t3503-cherry-pick-root.sh | ||
t3504-cherry-pick-rerere.sh | ||
t3600-rm.sh | ||
t3700-add.sh | ||
t3701-add-interactive.sh | ||
t3800-mktag.sh | ||
t3900-i18n-commit.sh | ||
t3901-8859-1.txt | ||
t3901-i18n-patch.sh | ||
t3901-utf8.txt | ||
t3902-quoted.sh | ||
t3903-stash.sh | ||
t4000-diff-format.sh | ||
t4001-diff-rename.sh | ||
t4002-diff-basic.sh | ||
t4003-diff-rename-1.sh | ||
t4004-diff-rename-symlink.sh | ||
t4005-diff-rename-2.sh | ||
t4006-diff-mode.sh | ||
t4007-rename-3.sh | ||
t4008-diff-break-rewrite.sh | ||
t4009-diff-rename-4.sh | ||
t4010-diff-pathspec.sh | ||
t4011-diff-symlink.sh | ||
t4012-diff-binary.sh | ||
t4013-diff-various.sh | ||
t4014-format-patch.sh | ||
t4015-diff-whitespace.sh | ||
t4016-diff-quote.sh | ||
t4017-diff-retval.sh | ||
t4017-quiet.sh | ||
t4018-diff-funcname.sh | ||
t4019-diff-wserror.sh | ||
t4020-diff-external.sh | ||
t4021-format-patch-numbered.sh | ||
t4021-format-patch-signer-mime.sh | ||
t4022-diff-rewrite.sh | ||
t4023-diff-rename-typechange.sh | ||
t4024-diff-optimize-common.sh | ||
t4025-hunk-header.sh | ||
t4026-color.sh | ||
t4027-diff-submodule.sh | ||
t4028-format-patch-mime-headers.sh | ||
t4029-diff-trailing-space.sh | ||
t4100-apply-stat.sh | ||
t4101-apply-nonl.sh | ||
t4102-apply-rename.sh | ||
t4103-apply-binary.sh | ||
t4104-apply-boundary.sh | ||
t4105-apply-fuzz.sh | ||
t4109-apply-multifrag.sh | ||
t4110-apply-scan.sh | ||
t4112-apply-renames.sh | ||
t4113-apply-ending.sh | ||
t4114-apply-typechange.sh | ||
t4115-apply-symlink.sh | ||
t4116-apply-reverse.sh | ||
t4117-apply-reject.sh | ||
t4118-apply-empty-context.sh | ||
t4119-apply-config.sh | ||
t4120-apply-popt.sh | ||
t4121-apply-diffs.sh | ||
t4122-apply-symlink-inside.sh | ||
t4123-apply-shrink.sh | ||
t4124-apply-ws-rule.sh | ||
t4125-apply-ws-fuzz.sh | ||
t4126-apply-empty.sh | ||
t4127-apply-same-fn.sh | ||
t4128-apply-root.sh | ||
t4150-am.sh | ||
t4151-am-abort.sh | ||
t4200-rerere.sh | ||
t4201-shortlog.sh | ||
t4202-log.sh | ||
t5000-tar-tree.sh | ||
t5100-mailinfo.sh | ||
t5300-pack-object.sh | ||
t5301-sliding-window.sh | ||
t5302-pack-index.sh | ||
t5303-pack-corruption-resilience.sh | ||
t5304-prune.sh | ||
t5305-include-tag.sh | ||
t5306-pack-nobase.sh | ||
t5400-send-pack.sh | ||
t5401-update-hooks.sh | ||
t5402-post-merge-hook.sh | ||
t5403-post-checkout-hook.sh | ||
t5404-tracking-branches.sh | ||
t5405-send-pack-rewind.sh | ||
t5406-remote-rejects.sh | ||
t5500-fetch-pack.sh | ||
t5502-quickfetch.sh | ||
t5503-tagfollow.sh | ||
t5505-remote.sh | ||
t5510-fetch.sh | ||
t5511-refspec.sh | ||
t5512-ls-remote.sh | ||
t5513-fetch-track.sh | ||
t5515-fetch-merge-logic.sh | ||
t5516-fetch-push.sh | ||
t5517-push-mirror.sh | ||
t5518-fetch-exit-status.sh | ||
t5520-pull.sh | ||
t5530-upload-pack-error.sh | ||
t5540-http-push.sh | ||
t5600-clone-fail-cleanup.sh | ||
t5601-clone.sh | ||
t5602-clone-remote-exec.sh | ||
t5700-clone-reference.sh | ||
t5701-clone-local.sh | ||
t5702-clone-options.sh | ||
t5710-info-alternate.sh | ||
t6000lib.sh | ||
t6001-rev-list-graft.sh | ||
t6002-rev-list-bisect.sh | ||
t6003-rev-list-topo-order.sh | ||
t6004-rev-list-path-optim.sh | ||
t6005-rev-list-count.sh | ||
t6006-rev-list-format.sh | ||
t6007-rev-list-cherry-pick-file.sh | ||
t6008-rev-list-submodule.sh | ||
t6009-rev-list-parent.sh | ||
t6010-merge-base.sh | ||
t6011-rev-list-with-bad-commit.sh | ||
t6012-rev-list-simplify.sh | ||
t6013-rev-list-reverse-parents.sh | ||
t6020-merge-df.sh | ||
t6021-merge-criss-cross.sh | ||
t6022-merge-rename.sh | ||
t6023-merge-file.sh | ||
t6023-merge-rename-nocruft.sh | ||
t6024-recursive-merge.sh | ||
t6025-merge-symlinks.sh | ||
t6026-merge-attr.sh | ||
t6027-merge-binary.sh | ||
t6028-merge-up-to-date.sh | ||
t6029-merge-subtree.sh | ||
t6030-bisect-porcelain.sh | ||
t6031-merge-recursive.sh | ||
t6032-merge-large-rename.sh | ||
t6033-merge-crlf.sh | ||
t6040-tracking-info.sh | ||
t6101-rev-parse-parents.sh | ||
t6120-describe.sh | ||
t6200-fmt-merge-msg.sh | ||
t6300-for-each-ref.sh | ||
t7001-mv.sh | ||
t7002-grep.sh | ||
t7003-filter-branch.sh | ||
t7004-tag.sh | ||
t7005-editor.sh | ||
t7010-setup.sh | ||
t7101-reset.sh | ||
t7102-reset.sh | ||
t7103-reset-bare.sh | ||
t7104-reset.sh | ||
t7201-co.sh | ||
t7300-clean.sh | ||
t7400-submodule-basic.sh | ||
t7401-submodule-summary.sh | ||
t7402-submodule-rebase.sh | ||
t7403-submodule-sync.sh | ||
t7500-commit.sh | ||
t7501-commit.sh | ||
t7502-commit.sh | ||
t7502-status.sh | ||
t7503-pre-commit-hook.sh | ||
t7504-commit-msg-hook.sh | ||
t7505-prepare-commit-msg-hook.sh | ||
t7506-status-submodule.sh | ||
t7600-merge.sh | ||
t7601-merge-pull-config.sh | ||
t7602-merge-octopus-many.sh | ||
t7603-merge-reduce-heads.sh | ||
t7604-merge-custom-message.sh | ||
t7605-merge-resolve.sh | ||
t7606-merge-custom.sh | ||
t7610-mergetool.sh | ||
t7701-repack-unpack-unreachable.sh | ||
t8001-annotate.sh | ||
t8002-blame.sh | ||
t8003-blame.sh | ||
t8004-blame.sh | ||
t9001-send-email.sh | ||
t9100-git-svn-basic.sh | ||
t9101-git-svn-props.sh | ||
t9102-git-svn-deep-rmdir.sh | ||
t9103-git-svn-tracked-directory-removed.sh | ||
t9104-git-svn-follow-parent.sh | ||
t9105-git-svn-commit-diff.sh | ||
t9106-git-svn-commit-diff-clobber.sh | ||
t9106-git-svn-dcommit-clobber-series.sh | ||
t9107-git-svn-migrate.sh | ||
t9108-git-svn-glob.sh | ||
t9108-git-svn-multi-glob.sh | ||
t9110-git-svn-use-svm-props.sh | ||
t9111-git-svn-use-svnsync-props.sh | ||
t9112-git-svn-md5less-file.sh | ||
t9113-git-svn-dcommit-new-file.sh | ||
t9114-git-svn-dcommit-merge.sh | ||
t9115-git-svn-dcommit-funky-renames.sh | ||
t9116-git-svn-log.sh | ||
t9117-git-svn-init-clone.sh | ||
t9118-git-svn-funky-branch-names.sh | ||
t9119-git-svn-info.sh | ||
t9120-git-svn-clone-with-percent-escapes.sh | ||
t9121-git-svn-fetch-renamed-dir.sh | ||
t9122-git-svn-author.sh | ||
t9123-git-svn-rebuild-with-rewriteroot.sh | ||
t9124-git-svn-dcommit-auto-props.sh | ||
t9125-git-svn-multi-glob-branch-names.sh | ||
t9126-git-svn-follow-deleted-readded-directory.sh | ||
t9127-git-svn-partial-rebuild.sh | ||
t9128-git-svn-cmd-branch.sh | ||
t9200-git-cvsexportcommit.sh | ||
t9300-fast-import.sh | ||
t9301-fast-export.sh | ||
t9400-git-cvsserver-server.sh | ||
t9401-git-cvsserver-crlf.sh | ||
t9500-gitweb-standalone-no-errors.sh | ||
t9600-cvsimport.sh | ||
t9700-perl-git.sh | ||
test4012.png | ||
test9200a.png | ||
test9200b.png | ||
test-lib.sh |
Core GIT Tests ============== This directory holds many test scripts for core GIT tools. The first part of this short document describes how to run the tests and read their output. When fixing the tools or adding enhancements, you are strongly encouraged to add tests in this directory to cover what you are trying to fix or enhance. The later part of this short document describes how your test scripts should be organized. Running Tests ------------- The easiest way to run tests is to say "make". This runs all the tests. *** t0000-basic.sh *** * ok 1: .git/objects should be empty after git-init in an empty repo. * ok 2: .git/objects should have 256 subdirectories. * ok 3: git-update-index without --add should fail adding. ... * ok 23: no diff after checkout and git-update-index --refresh. * passed all 23 test(s) *** t0100-environment-names.sh *** * ok 1: using old names should issue warnings. * ok 2: using old names but having new names should not issue warnings. ... Or you can run each test individually from command line, like this: $ sh ./t3001-ls-files-killed.sh * ok 1: git-update-index --add to add various paths. * ok 2: git-ls-files -k to show killed files. * ok 3: validate git-ls-files -k output. * passed all 3 test(s) You can pass --verbose (or -v), --debug (or -d), and --immediate (or -i) command line argument to the test. --verbose:: This makes the test more verbose. Specifically, the command being run and their output if any are also output. --debug:: This may help the person who is developing a new test. It causes the command defined with test_debug to run. --immediate:: This causes the test to immediately exit upon the first failed test. --long-tests:: This causes additional long-running tests to be run (where available), for more exhaustive testing. Skipping Tests -------------- In some environments, certain tests have no way of succeeding due to platform limitation, such as lack of 'unzip' program, or filesystem that do not allow arbitrary sequence of non-NUL bytes as pathnames. You should be able to say something like $ GIT_SKIP_TESTS=t9200.8 sh ./t9200-git-cvsexport-commit.sh and even: $ GIT_SKIP_TESTS='t[0-4]??? t91?? t9200.8' make to omit such tests. The value of the environment variable is a SP separated list of patterns that tells which tests to skip, and either can match the "t[0-9]{4}" part to skip the whole test, or t[0-9]{4} followed by ".$number" to say which particular test to skip. Note that some tests in the existing test suite rely on previous test item, so you cannot arbitrarily disable one and expect the remainder of test to check what the test originally was intended to check. Naming Tests ------------ The test files are named as: tNNNN-commandname-details.sh where N is a decimal digit. First digit tells the family: 0 - the absolute basics and global stuff 1 - the basic commands concerning database 2 - the basic commands concerning the working tree 3 - the other basic commands (e.g. ls-files) 4 - the diff commands 5 - the pull and exporting commands 6 - the revision tree commands (even e.g. merge-base) 7 - the porcelainish commands concerning the working tree 8 - the porcelainish commands concerning forensics 9 - the git tools Second digit tells the particular command we are testing. Third digit (optionally) tells the particular switch or group of switches we are testing. If you create files under t/ directory (i.e. here) that is not the top-level test script, never name the file to match the above pattern. The Makefile here considers all such files as the top-level test script and tries to run all of them. A care is especially needed if you are creating a common test library file, similar to test-lib.sh, because such a library file may not be suitable for standalone execution. Writing Tests ------------- The test script is written as a shell script. It should start with the standard "#!/bin/sh" with copyright notices, and an assignment to variable 'test_description', like this: #!/bin/sh # # Copyright (c) 2005 Junio C Hamano # test_description='xxx test (option --frotz) This test registers the following structure in the cache and tries to run git-ls-files with option --frotz.' Source 'test-lib.sh' -------------------- After assigning test_description, the test script should source test-lib.sh like this: . ./test-lib.sh This test harness library does the following things: - If the script is invoked with command line argument --help (or -h), it shows the test_description and exits. - Creates an empty test directory with an empty .git/objects database and chdir(2) into it. This directory is 't/trash directory' if you must know, but I do not think you care. - Defines standard test helper functions for your scripts to use. These functions are designed to make all scripts behave consistently when command line arguments --verbose (or -v), --debug (or -d), and --immediate (or -i) is given. End with test_done ------------------ Your script will be a sequence of tests, using helper functions from the test harness library. At the end of the script, call 'test_done'. Test harness library -------------------- There are a handful helper functions defined in the test harness library for your script to use. - test_expect_success <message> <script> This takes two strings as parameter, and evaluates the <script>. If it yields success, test is considered successful. <message> should state what it is testing. Example: test_expect_success \ 'git-write-tree should be able to write an empty tree.' \ 'tree=$(git-write-tree)' - test_expect_failure <message> <script> This is NOT the opposite of test_expect_success, but is used to mark a test that demonstrates a known breakage. Unlike the usual test_expect_success tests, which say "ok" on success and "FAIL" on failure, this will say "FIXED" on success and "still broken" on failure. Failures from these tests won't cause -i (immediate) to stop. - test_debug <script> This takes a single argument, <script>, and evaluates it only when the test script is started with --debug command line argument. This is primarily meant for use during the development of a new test script. - test_done Your test script must have test_done at the end. Its purpose is to summarize successes and failures in the test script and exit with an appropriate error code. Tips for Writing Tests ---------------------- As with any programming projects, existing programs are the best source of the information. However, do _not_ emulate t0000-basic.sh when writing your tests. The test is special in that it tries to validate the very core of GIT. For example, it knows that there will be 256 subdirectories under .git/objects/, and it knows that the object ID of an empty tree is a certain 40-byte string. This is deliberately done so in t0000-basic.sh because the things the very basic core test tries to achieve is to serve as a basis for people who are changing the GIT internal drastically. For these people, after making certain changes, not seeing failures from the basic test _is_ a failure. And such drastic changes to the core GIT that even changes these otherwise supposedly stable object IDs should be accompanied by an update to t0000-basic.sh. However, other tests that simply rely on basic parts of the core GIT working properly should not have that level of intimate knowledge of the core GIT internals. If all the test scripts hardcoded the object IDs like t0000-basic.sh does, that defeats the purpose of t0000-basic.sh, which is to isolate that level of validation in one place. Your test also ends up needing updating when such a change to the internal happens, so do _not_ do it and leave the low level of validation to t0000-basic.sh.