Harden scrape rendering and add AddressSanitizer test suite

Move all heap allocation out of the slab-mutex critical section in render_prom/render_json: snapshot cardinality under a brief lock, allocate aggs/snaps/string tables outside the lock, then re-acquire only to deep-copy strings and walk the LRU into the pre-allocated buffers. A worker crash during output buffer allocation can no longer leave the shared-memory zone locked, and a corrupt cardinality count is caught by a 10k sanity cap rather than causing a runaway ngx_pcalloc. Add build-asan and tests/02-asan/: a full sanitizer-instrumented nginx + module built via apt-source, and a 2-node containerlab Robot suite that drives reload storms, concurrent scrape-during-reload, and intern-table growth, failing if AddressSanitizer or UBSan reports anything on stderr. The two Robot suites now check for their required build artifacts up front so `make robot-test` no longer rebuilds them on every invocation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 10:58:51 +02:00
parent cdcbb07c9a
commit fdef2a552b
8 changed files with 746 additions and 232 deletions
--- a/tests/02-asan/lab/ipng-stats-asan.clab.yml
+++ b/tests/02-asan/lab/ipng-stats-asan.clab.yml
@@ -0,0 +1,46 @@
+# SPDX-License-Identifier: Apache-2.0
+# Containerlab topology for the AddressSanitizer/UBSan test suite.
+#
+# The server container bind-mounts build/nginx-asan/ — the
+# sanitizer-instrumented nginx built by `make build-asan`. The binary
+# was compiled against host glibc, so the container image must match
+# the host's Debian release (trixie/13) for the .so and libasan to be
+# ABI-compatible. The binary is run directly (no .deb install): the
+# `make pkg-deb` path is exercised by tests/01-module/.
+#
+# Topology: one server + one client with a single data-plane link.
+# Unlike 01-module we don't need multi-interface attribution here —
+# this suite is focused on memory correctness, not traffic tagging.
+
+name: ipng-stats-asan
+
+mgmt:
+  network: ipng-stats-asan-net
+  ipv4-subnet: 172.20.41.0/24
+
+topology:
+  nodes:
+    server:
+      kind: linux
+      image: debian:trixie-slim
+      mgmt-ipv4: 172.20.41.2
+      binds:
+        # RW because nginx chowns client_body_temp/ and writes to logs/
+        # on master startup; it's a build artifact so we don't mind.
+        - ../../../build/nginx-asan:/opt/nginx-asan
+        - ./server/nginx.conf:/opt/nginx-asan/conf/nginx.conf:ro
+        - ./server/start.sh:/start.sh:ro
+      cmd: bash /start.sh
+
+    client:
+      kind: linux
+      image: debian:trixie-slim
+      mgmt-ipv4: 172.20.41.11
+      binds:
+        - ./client/start.sh:/start.sh:ro
+      cmd: bash /start.sh
+      env:
+        MY_IP: 10.0.1.2/24
+
+  links:
+    - endpoints: ["server:eth1", "client:eth1"]