Test verifier stats

Signed-off-by: Dave Thaler <[email protected]>
dthaler · May 30, 2021 · 1f1c104 · 1f1c104
1 parent d1411fa
commit 1f1c104
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 8 deletions.
diff --git a/src/crab_verifier.cpp b/src/crab_verifier.cpp
@@ -168,10 +168,16 @@ static checks_db get_ebpf_report(std::ostream& s, cfg_t& cfg, program_info info,
 }
 
 /// Returned value is true if the program passes verification.
-bool run_ebpf_analysis(std::ostream& s, cfg_t& cfg, program_info info, const ebpf_verifier_options_t* options) {
+bool run_ebpf_analysis(std::ostream& s, cfg_t& cfg, program_info info, const ebpf_verifier_options_t* options,
+                       ebpf_verifier_stats_t* stats) {
     if (options == nullptr)
         options = &ebpf_verifier_default_options;
     checks_db report = get_ebpf_report(s, cfg, info, options);
+    if (stats) {
+        stats->total_unreachable = report.total_unreachable;
+        stats->total_warnings = report.total_warnings;
+        stats->max_instruction_count = report.max_instruction_count;
+    }
     return (report.total_warnings == 0);
 }
 

diff --git a/src/crab_verifier.hpp b/src/crab_verifier.hpp
@@ -6,7 +6,8 @@
 #include "crab/cfg.hpp"
 #include "spec_type_descriptors.hpp"
 
-bool run_ebpf_analysis(std::ostream& s, cfg_t& cfg, program_info info, const ebpf_verifier_options_t* options);
+bool run_ebpf_analysis(std::ostream& s, cfg_t& cfg, program_info info, const ebpf_verifier_options_t* options,
+    ebpf_verifier_stats_t* stats);
 
 bool ebpf_verify_program(std::ostream& s, const InstructionSeq& prog, program_info info, const ebpf_verifier_options_t* options,
     ebpf_verifier_stats_t* stats);

diff --git a/src/test/test_loop.cpp b/src/test/test_loop.cpp
@@ -28,6 +28,6 @@ TEST_CASE("Trivial loop: middle", "[sanity][loop]") {
         .platform = &g_ebpf_platform_linux,
         .type = g_ebpf_platform_linux.get_program_type("unspec", "unspec")
     };
-    bool pass = run_ebpf_analysis(std::cout, cfg, info, &options);
+    bool pass = run_ebpf_analysis(std::cout, cfg, info, &options, nullptr);
     REQUIRE(pass);
 }
diff --git a/src/test/test_termination.cpp b/src/test/test_termination.cpp
@@ -27,8 +27,12 @@ TEST_CASE("Trivial infinite loop", "[loop][termination]") {
         .platform = &g_ebpf_platform_linux,
         .type = g_ebpf_platform_linux.get_program_type("unspec", "unspec")
     };
-    bool pass = run_ebpf_analysis(std::cout, cfg, info, &options);
+    ebpf_verifier_stats_t stats;
+    bool pass = run_ebpf_analysis(std::cout, cfg, info, &options, &stats);
     REQUIRE_FALSE(pass);
+    REQUIRE(stats.max_instruction_count == INT_MAX);
+    REQUIRE(stats.total_unreachable == 0);
+    REQUIRE(stats.total_warnings == 1);
 }
 
 TEST_CASE("Trivial finite loop", "[loop][termination]") {
@@ -56,6 +60,10 @@ TEST_CASE("Trivial finite loop", "[loop][termination]") {
         .platform = &g_ebpf_platform_linux,
         .type = g_ebpf_platform_linux.get_program_type("unspec", "unspec")
     };
-    bool pass = run_ebpf_analysis(std::cout, cfg, info, &options);
+    ebpf_verifier_stats_t stats;
+    bool pass = run_ebpf_analysis(std::cout, cfg, info, &options, &stats);
     REQUIRE(pass);
+    REQUIRE(stats.max_instruction_count == 3);
+    REQUIRE(stats.total_unreachable == 1);
+    REQUIRE(stats.total_warnings == 0);
 }
diff --git a/src/test/test_verify.cpp b/src/test/test_verify.cpp
@@ -38,8 +38,7 @@ FAIL_UNMARSHAL("build", "wronghelper.o", "xdp")
         std::variant<InstructionSeq, std::string> prog_or_error = unmarshal(raw_prog); \
         REQUIRE(std::holds_alternative<InstructionSeq>(prog_or_error)); \
         auto& prog = std::get<InstructionSeq>(prog_or_error); \
-        cfg_t cfg = prepare_cfg(prog, raw_prog.info, true); \
-        bool res = run_ebpf_analysis(std::cout, cfg, raw_prog.info, options); \
+        bool res = ebpf_verify_program(std::cout, prog, raw_prog.info, options, nullptr); \
         if (pass)                                            \
             REQUIRE(res);                                    \
         else                                                 \
@@ -470,7 +469,7 @@ TEST_SECTION_FAIL("prototype-kernel", "xdp_ddos01_blacklist_kern.o", ".text")
 TEST_SECTION_FAIL("prototype-kernel", "xdp_ddos01_blacklist_kern.o", "xdp_prog")
 
 void test_analyze_thread(cfg_t* cfg, program_info* info, bool* res) {
-    *res = run_ebpf_analysis(std::cout, *cfg, *info, nullptr);
+    *res = run_ebpf_analysis(std::cout, *cfg, *info, nullptr, nullptr);
 }
 
 // Test multithreading