curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: post-mortem: the 8.0.0 mishap

From: James Read via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 21 Mar 2023 14:53:25 +0000

On Tue, Mar 21, 2023 at 2:32 PM Daniel Stenberg via curl-library <
curl-library_at_lists.haxx.se> wrote:

> Hi,
>
> We worked out exactly WHY we shipped curl 8.0.0 with a problem that caused
> immediate test failures.
>
> A while back we merged several CI job files into a single "linux.yml" file
> to
> make them easier to manage.
>
> In that (multi state) merge, some of the old CI jobs had valgrind enabled
> when
> the tests ran, but the valgrind package were not installed by linux.yml at
> that point and we did not spot that we with this merge basically stopped
> running CI jobs with valgrind enabled.
>
> Obviously, we had also previously disabled the -fsanitize jobs we have had
> in
> the past to there was also none of those running that could detect this.
>
> We *THOUGHT* we were allright and that all tests were good, but in fact
> this
> was a lie because we did not know how they actually ran with valgrind
> enabled.
>
> Obviously none of us developers ran all the tests locally often enough to
> detect this case either.
>
> When 8.0.0 subsequently shipped and users ran the full test suite with
> valgrind the problem was immediately detected and it was reported to us
> within
> hours of the release.
>
> It took me some additional 90 minutes of deliberating and research
> (involving
> peeps in the IRC channel) to land on the conclusion that we really needed
> a
> 8.0.1 and I then emailed this list about it.
>
> The easy fix was to revert the offending commit and release 8.0.1 without
> it.
> I still want that particular fix done so I'm doing a second attempt
> (#10801)
> that I will not merge until it has been properly verified with valgrind.
>
> The PR #10798 is me putting valgrind into the linux.yml job so that we
> again
> do better tests. It reveals a few additional problems that I also need to
> work
> on, for example memory leaks when using hyper: #10803
>
> Left to do: add a build (or three) that uses clang's and/or gcc's
> -fsanitize=address,undefined,signed-integer-overflow instead of valgrind,
> to
> help us detect mistakes such as the one shipped in 8.0.0.
>
> Thanks for flying curl. Never a dull moment.
>

A most memorable birthday celebration. ;-)


>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
>


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-03-21