xref: /openbmc/qemu/docs/devel/testing/main.rst (revision 9e4cc917)
1.. _testing:
2
3Testing in QEMU
4===============
5
6QEMU's testing infrastructure is fairly complex as it covers
7everything from unit testing and exercising specific sub-systems all
8the way to full blown acceptance tests. To get an overview of the
9tests you can run ``make check-help`` from either the source or build
10tree.
11
12Most (but not all) tests are also integrated into the meson build
13system so can be run directly from the build tree, for example:
14
15.. code::
16
17  [./pyvenv/bin/]meson test --suite qemu:softfloat
18
19will run just the softfloat tests.
20
21The rest of this document will cover the details for specific test
22groups.
23
24Testing with "make check"
25-------------------------
26
27The "make check" testing family includes most of the C based tests in QEMU.
28
29The usual way to run these tests is:
30
31.. code::
32
33  make check
34
35which includes QAPI schema tests, unit tests, QTests and some iotests.
36Different sub-types of "make check" tests will be explained below.
37
38Before running tests, it is best to build QEMU programs first. Some tests
39expect the executables to exist and will fail with obscure messages if they
40cannot find them.
41
42Unit tests
43~~~~~~~~~~
44
45Unit tests, which can be invoked with ``make check-unit``, are simple C tests
46that typically link to individual QEMU object files and exercise them by
47calling exported functions.
48
49If you are writing new code in QEMU, consider adding a unit test, especially
50for utility modules that are relatively stateless or have few dependencies. To
51add a new unit test:
52
531. Create a new source file. For example, ``tests/unit/foo-test.c``.
54
552. Write the test. Normally you would include the header file which exports
56   the module API, then verify the interface behaves as expected from your
57   test. The test code should be organized with the glib testing framework.
58   Copying and modifying an existing test is usually a good idea.
59
603. Add the test to ``tests/unit/meson.build``. The unit tests are listed in a
61   dictionary called ``tests``.  The values are any additional sources and
62   dependencies to be linked with the test.  For a simple test whose source
63   is in ``tests/unit/foo-test.c``, it is enough to add an entry like::
64
65     {
66       ...
67       'foo-test': [],
68       ...
69     }
70
71Since unit tests don't require environment variables, the simplest way to debug
72a unit test failure is often directly invoking it or even running it under
73``gdb``. However there can still be differences in behavior between ``make``
74invocations and your manual run, due to ``$MALLOC_PERTURB_`` environment
75variable (which affects memory reclamation and catches invalid pointers better)
76and gtester options. If necessary, you can run
77
78.. code::
79
80  make check-unit V=1
81
82and copy the actual command line which executes the unit test, then run
83it from the command line.
84
85QTest
86~~~~~
87
88QTest is a device emulation testing framework.  It can be very useful to test
89device models; it could also control certain aspects of QEMU (such as virtual
90clock stepping), with a special purpose "qtest" protocol.  Refer to
91:doc:`qtest` for more details.
92
93QTest cases can be executed with
94
95.. code::
96
97   make check-qtest
98
99Writing portable test cases
100~~~~~~~~~~~~~~~~~~~~~~~~~~~
101Both unit tests and qtests can run on POSIX hosts as well as Windows hosts.
102Care must be taken when writing portable test cases that can be built and run
103successfully on various hosts. The following list shows some best practices:
104
105* Use portable APIs from glib whenever necessary, e.g.: g_setenv(),
106  g_mkdtemp(), g_mkdir().
107* Avoid using hardcoded /tmp for temporary file directory.
108  Use g_get_tmp_dir() instead.
109* Bear in mind that Windows has different special string representation for
110  stdin/stdout/stderr and null devices. For example if your test case uses
111  "/dev/fd/2" and "/dev/null" on Linux, remember to use "2" and "nul" on
112  Windows instead. Also IO redirection does not work on Windows, so avoid
113  using "2>nul" whenever necessary.
114* If your test cases uses the blkdebug feature, use relative path to pass
115  the config and image file paths in the command line as Windows absolute
116  path contains the delimiter ":" which will confuse the blkdebug parser.
117* Use double quotes in your extra QEMU command line in your test cases
118  instead of single quotes, as Windows does not drop single quotes when
119  passing the command line to QEMU.
120* Windows opens a file in text mode by default, while a POSIX compliant
121  implementation treats text files and binary files the same. So if your
122  test cases opens a file to write some data and later wants to compare the
123  written data with the original one, be sure to pass the letter 'b' as
124  part of the mode string to fopen(), or O_BINARY flag for the open() call.
125* If a certain test case can only run on POSIX or Linux hosts, use a proper
126  #ifdef in the codes. If the whole test suite cannot run on Windows, disable
127  the build in the meson.build file.
128
129QAPI schema tests
130~~~~~~~~~~~~~~~~~
131
132The QAPI schema tests validate the QAPI parser used by QMP, by feeding
133predefined input to the parser and comparing the result with the reference
134output.
135
136The input/output data is managed under the ``tests/qapi-schema`` directory.
137Each test case includes four files that have a common base name:
138
139  * ``${casename}.json`` - the file contains the JSON input for feeding the
140    parser
141  * ``${casename}.out`` - the file contains the expected stdout from the parser
142  * ``${casename}.err`` - the file contains the expected stderr from the parser
143  * ``${casename}.exit`` - the expected error code
144
145Consider adding a new QAPI schema test when you are making a change on the QAPI
146parser (either fixing a bug or extending/modifying the syntax). To do this:
147
1481. Add four files for the new case as explained above. For example:
149
150  ``$EDITOR tests/qapi-schema/foo.{json,out,err,exit}``.
151
1522. Add the new test in ``tests/Makefile.include``. For example:
153
154  ``qapi-schema += foo.json``
155
156check-block
157~~~~~~~~~~~
158
159``make check-block`` runs a subset of the block layer iotests (the tests that
160are in the "auto" group).
161See the "QEMU iotests" section below for more information.
162
163QEMU iotests
164------------
165
166QEMU iotests, under the directory ``tests/qemu-iotests``, is the testing
167framework widely used to test block layer related features. It is higher level
168than "make check" tests and 99% of the code is written in bash or Python
169scripts.  The testing success criteria is golden output comparison, and the
170test files are named with numbers.
171
172To run iotests, make sure QEMU is built successfully, then switch to the
173``tests/qemu-iotests`` directory under the build directory, and run ``./check``
174with desired arguments from there.
175
176By default, "raw" format and "file" protocol is used; all tests will be
177executed, except the unsupported ones. You can override the format and protocol
178with arguments:
179
180.. code::
181
182  # test with qcow2 format
183  ./check -qcow2
184  # or test a different protocol
185  ./check -nbd
186
187It's also possible to list test numbers explicitly:
188
189.. code::
190
191  # run selected cases with qcow2 format
192  ./check -qcow2 001 030 153
193
194Cache mode can be selected with the "-c" option, which may help reveal bugs
195that are specific to certain cache mode.
196
197More options are supported by the ``./check`` script, run ``./check -h`` for
198help.
199
200Writing a new test case
201~~~~~~~~~~~~~~~~~~~~~~~
202
203Consider writing a tests case when you are making any changes to the block
204layer. An iotest case is usually the choice for that. There are already many
205test cases, so it is possible that extending one of them may achieve the goal
206and save the boilerplate to create one.  (Unfortunately, there isn't a 100%
207reliable way to find a related one out of hundreds of tests.  One approach is
208using ``git grep``.)
209
210Usually an iotest case consists of two files. One is an executable that
211produces output to stdout and stderr, the other is the expected reference
212output. They are given the same number in file names. E.g. Test script ``055``
213and reference output ``055.out``.
214
215In rare cases, when outputs differ between cache mode ``none`` and others, a
216``.out.nocache`` file is added. In other cases, when outputs differ between
217image formats, more than one ``.out`` files are created ending with the
218respective format names, e.g. ``178.out.qcow2`` and ``178.out.raw``.
219
220There isn't a hard rule about how to write a test script, but a new test is
221usually a (copy and) modification of an existing case.  There are a few
222commonly used ways to create a test:
223
224* A Bash script. It will make use of several environmental variables related
225  to the testing procedure, and could source a group of ``common.*`` libraries
226  for some common helper routines.
227
228* A Python unittest script. Import ``iotests`` and create a subclass of
229  ``iotests.QMPTestCase``, then call ``iotests.main`` method. The downside of
230  this approach is that the output is too scarce, and the script is considered
231  harder to debug.
232
233* A simple Python script without using unittest module. This could also import
234  ``iotests`` for launching QEMU and utilities etc, but it doesn't inherit
235  from ``iotests.QMPTestCase`` therefore doesn't use the Python unittest
236  execution. This is a combination of 1 and 2.
237
238Pick the language per your preference since both Bash and Python have
239comparable library support for invoking and interacting with QEMU programs. If
240you opt for Python, it is strongly recommended to write Python 3 compatible
241code.
242
243Both Python and Bash frameworks in iotests provide helpers to manage test
244images. They can be used to create and clean up images under the test
245directory. If no I/O or any protocol specific feature is needed, it is often
246more convenient to use the pseudo block driver, ``null-co://``, as the test
247image, which doesn't require image creation or cleaning up. Avoid system-wide
248devices or files whenever possible, such as ``/dev/null`` or ``/dev/zero``.
249Otherwise, image locking implications have to be considered.  For example,
250another application on the host may have locked the file, possibly leading to a
251test failure.  If using such devices are explicitly desired, consider adding
252``locking=off`` option to disable image locking.
253
254Debugging a test case
255~~~~~~~~~~~~~~~~~~~~~
256
257The following options to the ``check`` script can be useful when debugging
258a failing test:
259
260* ``-gdb`` wraps every QEMU invocation in a ``gdbserver``, which waits for a
261  connection from a gdb client.  The options given to ``gdbserver`` (e.g. the
262  address on which to listen for connections) are taken from the ``$GDB_OPTIONS``
263  environment variable.  By default (if ``$GDB_OPTIONS`` is empty), it listens on
264  ``localhost:12345``.
265  It is possible to connect to it for example with
266  ``gdb -iex "target remote $addr"``, where ``$addr`` is the address
267  ``gdbserver`` listens on.
268  If the ``-gdb`` option is not used, ``$GDB_OPTIONS`` is ignored,
269  regardless of whether it is set or not.
270
271* ``-valgrind`` attaches a valgrind instance to QEMU. If it detects
272  warnings, it will print and save the log in
273  ``$TEST_DIR/<valgrind_pid>.valgrind``.
274  The final command line will be ``valgrind --log-file=$TEST_DIR/
275  <valgrind_pid>.valgrind --error-exitcode=99 $QEMU ...``
276
277* ``-d`` (debug) just increases the logging verbosity, showing
278  for example the QMP commands and answers.
279
280* ``-p`` (print) redirects QEMU’s stdout and stderr to the test output,
281  instead of saving it into a log file in
282  ``$TEST_DIR/qemu-machine-<random_string>``.
283
284Test case groups
285~~~~~~~~~~~~~~~~
286
287"Tests may belong to one or more test groups, which are defined in the form
288of a comment in the test source file. By convention, test groups are listed
289in the second line of the test file, after the "#!/..." line, like this:
290
291.. code::
292
293  #!/usr/bin/env python3
294  # group: auto quick
295  #
296  ...
297
298Another way of defining groups is creating the tests/qemu-iotests/group.local
299file. This should be used only for downstream (this file should never appear
300in upstream). This file may be used for defining some downstream test groups
301or for temporarily disabling tests, like this:
302
303.. code::
304
305  # groups for some company downstream process
306  #
307  # ci - tests to run on build
308  # down - our downstream tests, not for upstream
309  #
310  # Format of each line is:
311  # TEST_NAME TEST_GROUP [TEST_GROUP ]...
312
313  013 ci
314  210 disabled
315  215 disabled
316  our-ugly-workaround-test down ci
317
318Note that the following group names have a special meaning:
319
320- quick: Tests in this group should finish within a few seconds.
321
322- auto: Tests in this group are used during "make check" and should be
323  runnable in any case. That means they should run with every QEMU binary
324  (also non-x86), with every QEMU configuration (i.e. must not fail if
325  an optional feature is not compiled in - but reporting a "skip" is ok),
326  work at least with the qcow2 file format, work with all kind of host
327  filesystems and users (e.g. "nobody" or "root") and must not take too
328  much memory and disk space (since CI pipelines tend to fail otherwise).
329
330- disabled: Tests in this group are disabled and ignored by check.
331
332.. _container-ref:
333
334Container based tests
335---------------------
336
337Introduction
338~~~~~~~~~~~~
339
340The container testing framework in QEMU utilizes public images to
341build and test QEMU in predefined and widely accessible Linux
342environments. This makes it possible to expand the test coverage
343across distros, toolchain flavors and library versions. The support
344was originally written for Docker although we also support Podman as
345an alternative container runtime. Although many of the target
346names and scripts are prefixed with "docker" the system will
347automatically run on whichever is configured.
348
349The container images are also used to augment the generation of tests
350for testing TCG. See :ref:`checktcg-ref` for more details.
351
352Docker Prerequisites
353~~~~~~~~~~~~~~~~~~~~
354
355Install "docker" with the system package manager and start the Docker service
356on your development machine, then make sure you have the privilege to run
357Docker commands. Typically it means setting up passwordless ``sudo docker``
358command or login as root. For example:
359
360.. code::
361
362  $ sudo yum install docker
363  $ # or `apt-get install docker` for Ubuntu, etc.
364  $ sudo systemctl start docker
365  $ sudo docker ps
366
367The last command should print an empty table, to verify the system is ready.
368
369An alternative method to set up permissions is by adding the current user to
370"docker" group and making the docker daemon socket file (by default
371``/var/run/docker.sock``) accessible to the group:
372
373.. code::
374
375  $ sudo groupadd docker
376  $ sudo usermod $USER -a -G docker
377  $ sudo chown :docker /var/run/docker.sock
378
379Note that any one of above configurations makes it possible for the user to
380exploit the whole host with Docker bind mounting or other privileged
381operations.  So only do it on development machines.
382
383Podman Prerequisites
384~~~~~~~~~~~~~~~~~~~~
385
386Install "podman" with the system package manager.
387
388.. code::
389
390  $ sudo dnf install podman
391  $ podman ps
392
393The last command should print an empty table, to verify the system is ready.
394
395Quickstart
396~~~~~~~~~~
397
398From source tree, type ``make docker-help`` to see the help. Testing
399can be started without configuring or building QEMU (``configure`` and
400``make`` are done in the container, with parameters defined by the
401make target):
402
403.. code::
404
405  make docker-test-build@debian
406
407This will create a container instance using the ``debian`` image (the image
408is downloaded and initialized automatically), in which the ``test-build`` job
409is executed.
410
411Registry
412~~~~~~~~
413
414The QEMU project has a container registry hosted by GitLab at
415``registry.gitlab.com/qemu-project/qemu`` which will automatically be
416used to pull in pre-built layers. This avoids unnecessary strain on
417the distro archives created by multiple developers running the same
418container build steps over and over again. This can be overridden
419locally by using the ``NOCACHE`` build option:
420
421.. code::
422
423   make docker-image-debian-arm64-cross NOCACHE=1
424
425Images
426~~~~~~
427
428Along with many other images, the ``debian`` image is defined in a Dockerfile
429in ``tests/docker/dockerfiles/``, called ``debian.docker``. ``make docker-help``
430command will list all the available images.
431
432A ``.pre`` script can be added beside the ``.docker`` file, which will be
433executed before building the image under the build context directory. This is
434mainly used to do necessary host side setup. One such setup is ``binfmt_misc``,
435for example, to make qemu-user powered cross build containers work.
436
437Most of the existing Dockerfiles were written by hand, simply by creating a
438a new ``.docker`` file under the ``tests/docker/dockerfiles/`` directory.
439This has led to an inconsistent set of packages being present across the
440different containers.
441
442Thus going forward, QEMU is aiming to automatically generate the Dockerfiles
443using the ``lcitool`` program provided by the ``libvirt-ci`` project:
444
445  https://gitlab.com/libvirt/libvirt-ci
446
447``libvirt-ci`` contains an ``lcitool`` program as well as a list of
448mappings to distribution package names for a wide variety of third
449party projects.  ``lcitool`` applies the mappings to a list of build
450pre-requisites in ``tests/lcitool/projects/qemu.yml``, determines the
451list of native packages to install on each distribution, and uses them
452to generate build environments (dockerfiles and Cirrus CI variable files)
453that are consistent across OS distribution.
454
455
456Adding new build pre-requisites
457^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
458
459When preparing a patch series that adds a new build
460pre-requisite to QEMU, the prerequisites should to be added to
461``tests/lcitool/projects/qemu.yml`` in order to make the dependency
462available in the CI build environments.
463
464In the simple case where the pre-requisite is already known to ``libvirt-ci``
465the following steps are needed:
466
467 * Edit ``tests/lcitool/projects/qemu.yml`` and add the pre-requisite
468
469 * Run ``make lcitool-refresh`` to re-generate all relevant build environment
470   manifests
471
472It may be that ``libvirt-ci`` does not know about the new pre-requisite.
473If that is the case, some extra preparation steps will be required
474first to contribute the mapping to the ``libvirt-ci`` project:
475
476 * Fork the ``libvirt-ci`` project on gitlab
477
478 * Add an entry for the new build prerequisite to
479   ``lcitool/facts/mappings.yml``, listing its native package name on as
480   many OS distros as practical.  Run ``python -m pytest --regenerate-output``
481   and check that the changes are correct.
482
483 * Commit the ``mappings.yml`` change together with the regenerated test
484   files, and submit a merge request to the ``libvirt-ci`` project.
485   Please note in the description that this is a new build pre-requisite
486   desired for use with QEMU.
487
488 * CI pipeline will run to validate that the changes to ``mappings.yml``
489   are correct, by attempting to install the newly listed package on
490   all OS distributions supported by ``libvirt-ci``.
491
492 * Once the merge request is accepted, go back to QEMU and update
493   the ``tests/lcitool/libvirt-ci`` submodule to point to a commit that
494   contains the ``mappings.yml`` update.  Then add the prerequisite and
495   run ``make lcitool-refresh``.
496
497 * Please also trigger gitlab container generation pipelines on your change
498   for as many OS distros as practical to make sure that there are no
499   obvious breakages when adding the new pre-requisite. Please see
500   `CI <https://www.qemu.org/docs/master/devel/ci.html>`__ documentation
501   page on how to trigger gitlab CI pipelines on your change.
502
503For enterprise distros that default to old, end-of-life versions of the
504Python runtime, QEMU uses a separate set of mappings that work with more
505recent versions.  These can be found in ``tests/lcitool/mappings.yml``.
506Modifying this file should not be necessary unless the new pre-requisite
507is a Python library or tool.
508
509
510Adding new OS distros
511^^^^^^^^^^^^^^^^^^^^^
512
513In some cases ``libvirt-ci`` will not know about the OS distro that is
514desired to be tested. Before adding a new OS distro, discuss the proposed
515addition:
516
517 * Send a mail to qemu-devel, copying people listed in the
518   MAINTAINERS file for ``Build and test automation``.
519
520   There are limited CI compute resources available to QEMU, so the
521   cost/benefit tradeoff of adding new OS distros needs to be considered.
522
523 * File an issue at https://gitlab.com/libvirt/libvirt-ci/-/issues
524   pointing to the qemu-devel mail thread in the archives.
525
526   This alerts other people who might be interested in the work
527   to avoid duplication, as well as to get feedback from libvirt-ci
528   maintainers on any tips to ease the addition
529
530Assuming there is agreement to add a new OS distro then
531
532 * Fork the ``libvirt-ci`` project on gitlab
533
534 * Add metadata under ``lcitool/facts/targets/`` for the new OS
535   distro. There might be code changes required if the OS distro
536   uses a package format not currently known. The ``libvirt-ci``
537   maintainers can advise on this when the issue is filed.
538
539 * Edit the ``lcitool/facts/mappings.yml`` change to add entries for
540   the new OS, listing the native package names for as many packages
541   as practical.  Run ``python -m pytest --regenerate-output`` and
542   check that the changes are correct.
543
544 * Commit the changes to ``lcitool/facts`` and the regenerated test
545   files, and submit a merge request to the ``libvirt-ci`` project.
546   Please note in the description that this is a new build pre-requisite
547   desired for use with QEMU
548
549 * CI pipeline will run to validate that the changes to ``mappings.yml``
550   are correct, by attempting to install the newly listed package on
551   all OS distributions supported by ``libvirt-ci``.
552
553 * Once the merge request is accepted, go back to QEMU and update
554   the ``libvirt-ci`` submodule to point to a commit that contains
555   the ``mappings.yml`` update.
556
557
558Tests
559~~~~~
560
561Different tests are added to cover various configurations to build and test
562QEMU.  Docker tests are the executables under ``tests/docker`` named
563``test-*``. They are typically shell scripts and are built on top of a shell
564library, ``tests/docker/common.rc``, which provides helpers to find the QEMU
565source and build it.
566
567The full list of tests is printed in the ``make docker-help`` help.
568
569Debugging a Docker test failure
570~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
571
572When CI tasks, maintainers or yourself report a Docker test failure, follow the
573below steps to debug it:
574
5751. Locally reproduce the failure with the reported command line. E.g. run
576   ``make docker-test-mingw@fedora-win64-cross J=8``.
5772. Add "V=1" to the command line, try again, to see the verbose output.
5783. Further add "DEBUG=1" to the command line. This will pause in a shell prompt
579   in the container right before testing starts. You could either manually
580   build QEMU and run tests from there, or press Ctrl-D to let the Docker
581   testing continue.
5824. If you press Ctrl-D, the same building and testing procedure will begin, and
583   will hopefully run into the error again. After that, you will be dropped to
584   the prompt for debug.
585
586Options
587~~~~~~~
588
589Various options can be used to affect how Docker tests are done. The full
590list is in the ``make docker`` help text. The frequently used ones are:
591
592* ``V=1``: the same as in top level ``make``. It will be propagated to the
593  container and enable verbose output.
594* ``J=$N``: the number of parallel tasks in make commands in the container,
595  similar to the ``-j $N`` option in top level ``make``. (The ``-j`` option in
596  top level ``make`` will not be propagated into the container.)
597* ``DEBUG=1``: enables debug. See the previous "Debugging a Docker test
598  failure" section.
599
600Thread Sanitizer
601----------------
602
603Thread Sanitizer (TSan) is a tool which can detect data races.  QEMU supports
604building and testing with this tool.
605
606For more information on TSan:
607
608https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual
609
610Thread Sanitizer in Docker
611~~~~~~~~~~~~~~~~~~~~~~~~~~
612TSan is currently supported in the ubuntu2204 docker.
613
614The test-tsan test will build using TSan and then run make check.
615
616.. code::
617
618  make docker-test-tsan@ubuntu2204
619
620TSan warnings under docker are placed in files located at build/tsan/.
621
622We recommend using DEBUG=1 to allow launching the test from inside the docker,
623and to allow review of the warnings generated by TSan.
624
625Building and Testing with TSan
626~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
627
628It is possible to build and test with TSan, with a few additional steps.
629These steps are normally done automatically in the docker.
630
631TSan is supported for clang and gcc.
632One particularity of sanitizers is that all the code, including shared objects
633dependencies, should be built with it.
634In the case of TSan, any synchronization primitive from glib (GMutex for
635instance) will not be recognized, and will lead to false positives.
636
637To build a tsan version of glib:
638
639.. code::
640
641   $ git clone --depth=1 --branch=2.81.0 https://github.com/GNOME/glib.git
642   $ cd glib
643   $ CFLAGS="-O2 -g -fsanitize=thread" meson build
644   $ ninja -C build
645
646To configure the build for TSan:
647
648.. code::
649
650  ../configure --enable-tsan \
651               --disable-werror --extra-cflags="-O0"
652
653When executing qemu, don't forget to point to tsan glib:
654
655.. code::
656
657   $ glib_dir=/path/to/glib
658   $ export LD_LIBRARY_PATH=$glib_dir/build/gio:$glib_dir/build/glib:$glib_dir/build/gmodule:$glib_dir/build/gobject:$glib_dir/build/gthread
659   # check correct version is used
660   $ ldd build/qemu-x86_64 | grep glib
661   $ qemu-system-x86_64 ...
662
663The runtime behavior of TSAN is controlled by the TSAN_OPTIONS environment
664variable.
665
666More information on the TSAN_OPTIONS can be found here:
667
668https://github.com/google/sanitizers/wiki/ThreadSanitizerFlags
669
670For example:
671
672.. code::
673
674  export TSAN_OPTIONS=suppressions=<path to qemu>/tests/tsan/suppressions.tsan \
675                      detect_deadlocks=false history_size=7 exitcode=0 \
676                      log_path=<build path>/tsan/tsan_warning
677
678The above exitcode=0 has TSan continue without error if any warnings are found.
679This allows for running the test and then checking the warnings afterwards.
680If you want TSan to stop and exit with error on warnings, use exitcode=66.
681
682TSan Suppressions
683~~~~~~~~~~~~~~~~~
684Keep in mind that for any data race warning, although there might be a data race
685detected by TSan, there might be no actual bug here.  TSan provides several
686different mechanisms for suppressing warnings.  In general it is recommended
687to fix the code if possible to eliminate the data race rather than suppress
688the warning.
689
690A few important files for suppressing warnings are:
691
692tests/tsan/suppressions.tsan - Has TSan warnings we wish to suppress at runtime.
693The comment on each suppression will typically indicate why we are
694suppressing it.  More information on the file format can be found here:
695
696https://github.com/google/sanitizers/wiki/ThreadSanitizerSuppressions
697
698tests/tsan/ignore.tsan - Has TSan warnings we wish to disable
699at compile time for test or debug.
700Add flags to configure to enable:
701
702"--extra-cflags=-fsanitize-blacklist=<src path>/tests/tsan/ignore.tsan"
703
704More information on the file format can be found here under "Blacklist Format":
705
706https://github.com/google/sanitizers/wiki/ThreadSanitizerFlags
707
708TSan Annotations
709~~~~~~~~~~~~~~~~
710include/qemu/tsan.h defines annotations.  See this file for more descriptions
711of the annotations themselves.  Annotations can be used to suppress
712TSan warnings or give TSan more information so that it can detect proper
713relationships between accesses of data.
714
715Annotation examples can be found here:
716
717https://github.com/llvm/llvm-project/tree/master/compiler-rt/test/tsan/
718
719Good files to start with are: annotate_happens_before.cpp and ignore_race.cpp
720
721The full set of annotations can be found here:
722
723https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/tsan/rtl/tsan_interface_ann.cpp
724
725docker-binfmt-image-debian-% targets
726------------------------------------
727
728It is possible to combine Debian's bootstrap scripts with a configured
729``binfmt_misc`` to bootstrap a number of Debian's distros including
730experimental ports not yet supported by a released OS. This can
731simplify setting up a rootfs by using docker to contain the foreign
732rootfs rather than manually invoking chroot.
733
734Setting up ``binfmt_misc``
735~~~~~~~~~~~~~~~~~~~~~~~~~~
736
737You can use the script ``qemu-binfmt-conf.sh`` to configure a QEMU
738user binary to automatically run binaries for the foreign
739architecture. While the scripts will try their best to work with
740dynamically linked QEMU's a statically linked one will present less
741potential complications when copying into the docker image. Modern
742kernels support the ``F`` (fix binary) flag which will open the QEMU
743executable on setup and avoids the need to find and re-open in the
744chroot environment. This is triggered with the ``--persistent`` flag.
745
746Example invocation
747~~~~~~~~~~~~~~~~~~
748
749For example to setup the HPPA ports builds of Debian::
750
751  make docker-binfmt-image-debian-sid-hppa \
752    DEB_TYPE=sid DEB_ARCH=hppa \
753    DEB_URL=http://ftp.ports.debian.org/debian-ports/ \
754    DEB_KEYRING=/usr/share/keyrings/debian-ports-archive-keyring.gpg \
755    EXECUTABLE=(pwd)/qemu-hppa V=1
756
757The ``DEB_`` variables are substitutions used by
758``debian-bootstrap.pre`` which is called to do the initial debootstrap
759of the rootfs before it is copied into the container. The second stage
760is run as part of the build. The final image will be tagged as
761``qemu/debian-sid-hppa``.
762
763VM testing
764----------
765
766This test suite contains scripts that bootstrap various guest images that have
767necessary packages to build QEMU. The basic usage is documented in ``Makefile``
768help which is displayed with ``make vm-help``.
769
770Quickstart
771~~~~~~~~~~
772
773Run ``make vm-help`` to list available make targets. Invoke a specific make
774command to run build test in an image. For example, ``make vm-build-freebsd``
775will build the source tree in the FreeBSD image. The command can be executed
776from either the source tree or the build dir; if the former, ``./configure`` is
777not needed. The command will then generate the test image in ``./tests/vm/``
778under the working directory.
779
780Note: images created by the scripts accept a well-known RSA key pair for SSH
781access, so they SHOULD NOT be exposed to external interfaces if you are
782concerned about attackers taking control of the guest and potentially
783exploiting a QEMU security bug to compromise the host.
784
785QEMU binaries
786~~~~~~~~~~~~~
787
788By default, ``qemu-system-x86_64`` is searched in $PATH to run the guest. If
789there isn't one, or if it is older than 2.10, the test won't work. In this case,
790provide the QEMU binary in env var: ``QEMU=/path/to/qemu-2.10+``.
791
792Likewise the path to ``qemu-img`` can be set in QEMU_IMG environment variable.
793
794Make jobs
795~~~~~~~~~
796
797The ``-j$X`` option in the make command line is not propagated into the VM,
798specify ``J=$X`` to control the make jobs in the guest.
799
800Debugging
801~~~~~~~~~
802
803Add ``DEBUG=1`` and/or ``V=1`` to the make command to allow interactive
804debugging and verbose output. If this is not enough, see the next section.
805``V=1`` will be propagated down into the make jobs in the guest.
806
807Manual invocation
808~~~~~~~~~~~~~~~~~
809
810Each guest script is an executable script with the same command line options.
811For example to work with the netbsd guest, use ``$QEMU_SRC/tests/vm/netbsd``:
812
813.. code::
814
815    $ cd $QEMU_SRC/tests/vm
816
817    # To bootstrap the image
818    $ ./netbsd --build-image --image /var/tmp/netbsd.img
819    <...>
820
821    # To run an arbitrary command in guest (the output will not be echoed unless
822    # --debug is added)
823    $ ./netbsd --debug --image /var/tmp/netbsd.img uname -a
824
825    # To build QEMU in guest
826    $ ./netbsd --debug --image /var/tmp/netbsd.img --build-qemu $QEMU_SRC
827
828    # To get to an interactive shell
829    $ ./netbsd --interactive --image /var/tmp/netbsd.img sh
830
831Adding new guests
832~~~~~~~~~~~~~~~~~
833
834Please look at existing guest scripts for how to add new guests.
835
836Most importantly, create a subclass of BaseVM and implement ``build_image()``
837method and define ``BUILD_SCRIPT``, then finally call ``basevm.main()`` from
838the script's ``main()``.
839
840* Usually in ``build_image()``, a template image is downloaded from a
841  predefined URL. ``BaseVM._download_with_cache()`` takes care of the cache and
842  the checksum, so consider using it.
843
844* Once the image is downloaded, users, SSH server and QEMU build deps should
845  be set up:
846
847  - Root password set to ``BaseVM.ROOT_PASS``
848  - User ``BaseVM.GUEST_USER`` is created, and password set to
849    ``BaseVM.GUEST_PASS``
850  - SSH service is enabled and started on boot,
851    ``$QEMU_SRC/tests/keys/id_rsa.pub`` is added to ssh's ``authorized_keys``
852    file of both root and the normal user
853  - DHCP client service is enabled and started on boot, so that it can
854    automatically configure the virtio-net-pci NIC and communicate with QEMU
855    user net (10.0.2.2)
856  - Necessary packages are installed to untar the source tarball and build
857    QEMU
858
859* Write a proper ``BUILD_SCRIPT`` template, which should be a shell script that
860  untars a raw virtio-blk block device, which is the tarball data blob of the
861  QEMU source tree, then configure/build it. Running "make check" is also
862  recommended.
863
864Image fuzzer testing
865--------------------
866
867An image fuzzer was added to exercise format drivers. Currently only qcow2 is
868supported. To start the fuzzer, run
869
870.. code::
871
872  tests/image-fuzzer/runner.py -c '[["qemu-img", "info", "$test_img"]]' /tmp/test qcow2
873
874Alternatively, some command different from ``qemu-img info`` can be tested, by
875changing the ``-c`` option.
876
877Functional tests using Python
878-----------------------------
879
880The ``tests/functional`` directory hosts functional tests written in
881Python. You can run the functional tests simply by executing:
882
883.. code::
884
885  make check-functional
886
887See :ref:`checkfunctional-ref` for more details.
888
889Integration tests using the Avocado Framework
890---------------------------------------------
891
892The ``tests/avocado`` directory hosts integration tests. They're usually
893higher level tests, and may interact with external resources and with
894various guest operating systems.
895
896You can run the avocado tests simply by executing:
897
898.. code::
899
900  make check-avocado
901
902See :ref:`checkavocado-ref` for more details.
903
904
905.. _checktcg-ref:
906
907Testing with "make check-tcg"
908-----------------------------
909
910The check-tcg tests are intended for simple smoke tests of both
911linux-user and softmmu TCG functionality. However to build test
912programs for guest targets you need to have cross compilers available.
913If your distribution supports cross compilers you can do something as
914simple as::
915
916  apt install gcc-aarch64-linux-gnu
917
918The configure script will automatically pick up their presence.
919Sometimes compilers have slightly odd names so the availability of
920them can be prompted by passing in the appropriate configure option
921for the architecture in question, for example::
922
923  $(configure) --cross-cc-aarch64=aarch64-cc
924
925There is also a ``--cross-cc-cflags-ARCH`` flag in case additional
926compiler flags are needed to build for a given target.
927
928If you have the ability to run containers as the user the build system
929will automatically use them where no system compiler is available. For
930architectures where we also support building QEMU we will generally
931use the same container to build tests. However there are a number of
932additional containers defined that have a minimal cross-build
933environment that is only suitable for building test cases. Sometimes
934we may use a bleeding edge distribution for compiler features needed
935for test cases that aren't yet in the LTS distros we support for QEMU
936itself.
937
938See :ref:`container-ref` for more details.
939
940Running subset of tests
941~~~~~~~~~~~~~~~~~~~~~~~
942
943You can build the tests for one architecture::
944
945  make build-tcg-tests-$TARGET
946
947And run with::
948
949  make run-tcg-tests-$TARGET
950
951Adding ``V=1`` to the invocation will show the details of how to
952invoke QEMU for the test which is useful for debugging tests.
953
954Running individual tests
955~~~~~~~~~~~~~~~~~~~~~~~~
956
957Tests can also be run directly from the test build directory. If you
958run ``make help`` from the test build directory you will get a list of
959all the tests that can be run. Please note that same binaries are used
960in multiple tests, for example::
961
962  make run-plugin-test-mmap-with-libinline.so
963
964will run the mmap test with the ``libinline.so`` TCG plugin. The
965gdbstub tests also re-use the test binaries but while exercising gdb.
966
967TCG test dependencies
968~~~~~~~~~~~~~~~~~~~~~
969
970The TCG tests are deliberately very light on dependencies and are
971either totally bare with minimal gcc lib support (for system-mode tests)
972or just glibc (for linux-user tests). This is because getting a cross
973compiler to work with additional libraries can be challenging.
974
975Other TCG Tests
976---------------
977
978There are a number of out-of-tree test suites that are used for more
979extensive testing of processor features.
980
981KVM Unit Tests
982~~~~~~~~~~~~~~
983
984The KVM unit tests are designed to run as a Guest OS under KVM but
985there is no reason why they can't exercise the TCG as well. It
986provides a minimal OS kernel with hooks for enabling the MMU as well
987as reporting test results via a special device::
988
989  https://git.kernel.org/pub/scm/virt/kvm/kvm-unit-tests.git
990
991Linux Test Project
992~~~~~~~~~~~~~~~~~~
993
994The LTP is focused on exercising the syscall interface of a Linux
995kernel. It checks that syscalls behave as documented and strives to
996exercise as many corner cases as possible. It is a useful test suite
997to run to exercise QEMU's linux-user code::
998
999  https://linux-test-project.github.io/
1000
1001GCC gcov support
1002----------------
1003
1004``gcov`` is a GCC tool to analyze the testing coverage by
1005instrumenting the tested code. To use it, configure QEMU with
1006``--enable-gcov`` option and build. Then run the tests as usual.
1007
1008If you want to gather coverage information on a single test the ``make
1009clean-gcda`` target can be used to delete any existing coverage
1010information before running a single test.
1011
1012You can generate a HTML coverage report by executing ``make
1013coverage-html`` which will create
1014``meson-logs/coveragereport/index.html``.
1015
1016Further analysis can be conducted by running the ``gcov`` command
1017directly on the various .gcda output files. Please read the ``gcov``
1018documentation for more information.
1019