ipng/nginx-ipng-stats-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fdef2a552b207fca57fa77b2962f05a21219de0b
nginx-ipng-stats-plugin/tests/02-asan/lab/ipng-stats-asan.clab.yml
Pim van Pelt fdef2a552b Harden scrape rendering and add AddressSanitizer test suite 
Move all heap allocation out of the slab-mutex critical section in
render_prom/render_json: snapshot cardinality under a brief lock,
allocate aggs/snaps/string tables outside the lock, then re-acquire
only to deep-copy strings and walk the LRU into the pre-allocated
buffers. A worker crash during output buffer allocation can no
longer leave the shared-memory zone locked, and a corrupt cardinality
count is caught by a 10k sanity cap rather than causing a runaway
ngx_pcalloc.

Add build-asan and tests/02-asan/: a full sanitizer-instrumented
nginx + module built via apt-source, and a 2-node containerlab
Robot suite that drives reload storms, concurrent scrape-during-reload,
and intern-table growth, failing if AddressSanitizer or UBSan
reports anything on stderr. The two Robot suites now check for
their required build artifacts up front so `make robot-test` no
longer rebuilds them on every invocation.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 10:58:51 +02:00

47 lines
1.5 KiB
YAML
Raw Blame History

# SPDX-License-Identifier: Apache-2.0
# Containerlab topology for the AddressSanitizer/UBSan test suite.
#
# The server container bind-mounts build/nginx-asan/ — the
# sanitizer-instrumented nginx built by `make build-asan`. The binary
# was compiled against host glibc, so the container image must match
# the host's Debian release (trixie/13) for the .so and libasan to be
# ABI-compatible. The binary is run directly (no .deb install): the
# `make pkg-deb` path is exercised by tests/01-module/.
#
# Topology: one server + one client with a single data-plane link.
# Unlike 01-module we don't need multi-interface attribution here —
# this suite is focused on memory correctness, not traffic tagging.
name: ipng-stats-asan
mgmt:
network: ipng-stats-asan-net
ipv4-subnet: 172.20.41.0/24
topology:
nodes:
server:
kind: linux
image: debian:trixie-slim
mgmt-ipv4: 172.20.41.2
binds:
# RW because nginx chowns client_body_temp/ and writes to logs/
# on master startup; it's a build artifact so we don't mind.
- ../../../build/nginx-asan:/opt/nginx-asan
- ./server/nginx.conf:/opt/nginx-asan/conf/nginx.conf:ro
- ./server/start.sh:/start.sh:ro
cmd: bash /start.sh
client:
kind: linux
image: debian:trixie-slim
mgmt-ipv4: 172.20.41.11
binds:
- ./client/start.sh:/start.sh:ro
cmd: bash /start.sh
env:
MY_IP: 10.0.1.2/24
links:
- endpoints: ["server:eth1", "client:eth1"]
Reference in New Issue View Git Blame Copy Permalink