Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: post-mortem: the 8.0.0 mishap
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: James Read via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 21 Mar 2023 14:53:25 +0000
On Tue, Mar 21, 2023 at 2:32 PM Daniel Stenberg via curl-library <
curl-library_at_lists.haxx.se> wrote:
> Hi,
>
> We worked out exactly WHY we shipped curl 8.0.0 with a problem that caused
> immediate test failures.
>
> A while back we merged several CI job files into a single "linux.yml" file
> to
> make them easier to manage.
>
> In that (multi state) merge, some of the old CI jobs had valgrind enabled
> when
> the tests ran, but the valgrind package were not installed by linux.yml at
> that point and we did not spot that we with this merge basically stopped
> running CI jobs with valgrind enabled.
>
> Obviously, we had also previously disabled the -fsanitize jobs we have had
> in
> the past to there was also none of those running that could detect this.
>
> We *THOUGHT* we were allright and that all tests were good, but in fact
> this
> was a lie because we did not know how they actually ran with valgrind
> enabled.
>
> Obviously none of us developers ran all the tests locally often enough to
> detect this case either.
>
> When 8.0.0 subsequently shipped and users ran the full test suite with
> valgrind the problem was immediately detected and it was reported to us
> within
> hours of the release.
>
> It took me some additional 90 minutes of deliberating and research
> (involving
> peeps in the IRC channel) to land on the conclusion that we really needed
> a
> 8.0.1 and I then emailed this list about it.
>
> The easy fix was to revert the offending commit and release 8.0.1 without
> it.
> I still want that particular fix done so I'm doing a second attempt
> (#10801)
> that I will not merge until it has been properly verified with valgrind.
>
> The PR #10798 is me putting valgrind into the linux.yml job so that we
> again
> do better tests. It reveals a few additional problems that I also need to
> work
> on, for example memory leaks when using hyper: #10803
>
> Left to do: add a build (or three) that uses clang's and/or gcc's
> -fsanitize=address,undefined,signed-integer-overflow instead of valgrind,
> to
> help us detect mistakes such as the one shipped in 8.0.0.
>
> Thanks for flying curl. Never a dull moment.
>
A most memorable birthday celebration. ;-)
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
>
Date: Tue, 21 Mar 2023 14:53:25 +0000
On Tue, Mar 21, 2023 at 2:32 PM Daniel Stenberg via curl-library <
curl-library_at_lists.haxx.se> wrote:
> Hi,
>
> We worked out exactly WHY we shipped curl 8.0.0 with a problem that caused
> immediate test failures.
>
> A while back we merged several CI job files into a single "linux.yml" file
> to
> make them easier to manage.
>
> In that (multi state) merge, some of the old CI jobs had valgrind enabled
> when
> the tests ran, but the valgrind package were not installed by linux.yml at
> that point and we did not spot that we with this merge basically stopped
> running CI jobs with valgrind enabled.
>
> Obviously, we had also previously disabled the -fsanitize jobs we have had
> in
> the past to there was also none of those running that could detect this.
>
> We *THOUGHT* we were allright and that all tests were good, but in fact
> this
> was a lie because we did not know how they actually ran with valgrind
> enabled.
>
> Obviously none of us developers ran all the tests locally often enough to
> detect this case either.
>
> When 8.0.0 subsequently shipped and users ran the full test suite with
> valgrind the problem was immediately detected and it was reported to us
> within
> hours of the release.
>
> It took me some additional 90 minutes of deliberating and research
> (involving
> peeps in the IRC channel) to land on the conclusion that we really needed
> a
> 8.0.1 and I then emailed this list about it.
>
> The easy fix was to revert the offending commit and release 8.0.1 without
> it.
> I still want that particular fix done so I'm doing a second attempt
> (#10801)
> that I will not merge until it has been properly verified with valgrind.
>
> The PR #10798 is me putting valgrind into the linux.yml job so that we
> again
> do better tests. It reveals a few additional problems that I also need to
> work
> on, for example memory leaks when using hyper: #10803
>
> Left to do: add a build (or three) that uses clang's and/or gcc's
> -fsanitize=address,undefined,signed-integer-overflow instead of valgrind,
> to
> help us detect mistakes such as the one shipped in 8.0.0.
>
> Thanks for flying curl. Never a dull moment.
>
A most memorable birthday celebration. ;-)
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
>
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-03-21