[jira] [Comment Edited] (LUCENE-4332) Integrate PiTest mutation coverage tool into build

2012-09-05 Thread Uwe Schindler (JIRA) 

[ 
https://issues.apache.org/jira/browse/LUCENE-4332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13448527#comment-13448527
 ] 

Uwe Schindler edited comment on LUCENE-4332 at 9/5/12 5:58 PM:
---

{code}
  permission java.security.SecurityPermission *, read,write;
{code}

This makes no sense, as SecurityPermission has no action, so read,write 
should be ignored. I was restricting SecurityPermission with something in mind 
(see the last 2 lines that allowed only the BouncyCastle installed by TIKA - 
now everything is allowed). What fails if I remove that line? I have no time to 
run the whole pitest suite

bq. rather than as a full force prevention of malicious code

The idea was to find places (especially in TIKA) that do things they should not 
do (like enabling security providers), which makes the configuration of J2EE 
container hosting Solr hard. So we should limit all this, to see when somebody 
adds a new feature to Solr that needs additional permissions.

I am already working on restricting RuntimePermission more, so only things 
like reflection and property access is allowed.

  was (Author: thetaphi):
{code}
  permission java.security.SecurityPermission *, read,write;
{code}

This makes no sense, as SecurityPermission has no action, so read,write 
should be ignored. I was restricting SecurityPermission with something in mind 
(see the last 2 lines that allowed only the BouncyCastle installed by TIKA - 
now everything is allowed). What fails if I remove that line? I have no time to 
run the whole pitest suite

bq. rather than as a full force prevention of malicious code

The idea was to find places (especially in TIKA) that do things they should not 
do (like enabling security providers), which makes the configuration of J2EE 
container hosting Solr hard. So we should limit all this, to see when somebody 
adds a new feature to Solr that needs additional permissions.

I already working on restricting RuntimePermission at all, so only things 
like reflection and property access is allowed.
  
 Integrate PiTest mutation coverage tool into build
 --

 Key: LUCENE-4332
 URL: https://issues.apache.org/jira/browse/LUCENE-4332
 Project: Lucene - Core
  Issue Type: Improvement
Affects Versions: 4.1, 5.0
Reporter: Greg Bowyer
Assignee: Greg Bowyer
  Labels: build
 Attachments: 
 LUCENE-4332-Integrate-PiTest-mutation-coverage-tool-into-build.patch, 
 LUCENE-4332-Integrate-PiTest-mutation-coverage-tool-into-build.patch, 
 LUCENE-4332-Integrate-PiTest-mutation-coverage-tool-into-build.patch, 
 LUCENE-4332-Integrate-PiTest-mutation-coverage-tool-into-build.patch


 As discussed briefly on the mailing list, this patch is an attempt to 
 integrate the PiTest mutation coverage tool into the lucene build

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Comment Edited] (LUCENE-4332) Integrate PiTest mutation coverage tool into build

2012-08-30 Thread Uwe Schindler (JIRA) 

[ 
https://issues.apache.org/jira/browse/LUCENE-4332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13444739#comment-13444739
 ] 

Uwe Schindler edited comment on LUCENE-4332 at 8/30/12 5:58 PM:


bq. Will this require people to put rhino in ant's lib/ folder? If so, I'd just 
use an ugly property value=-D..=${} -D..=${}... Yours is very nice but an 
additional step is required which seems an overkill?

We already have a lot of script tasks in our build files (e.g. generating 
website using ). Javascript is shipped with every known JVM. - And pitest is 
only run by few people, much more call tasks like root/lucene$ ant 
documentation or root$ ant svn-check-working-copy, so this is no issue here.

  was (Author: thetaphi):
bq. Will this require people to put rhino in ant's lib/ folder? If so, I'd 
just use an ugly property value=-D..=${} -D..=${}... Yours is very nice but 
an additional step is required which seems an overkill?

We already have a lot of script tasks in our build files (e.g. generating 
website using ). Javascript is shipped with every known JVM.
  
 Integrate PiTest mutation coverage tool into build
 --

 Key: LUCENE-4332
 URL: https://issues.apache.org/jira/browse/LUCENE-4332
 Project: Lucene - Core
  Issue Type: Improvement
Affects Versions: 4.1, 5.0
Reporter: Greg Bowyer
Assignee: Greg Bowyer
  Labels: build
 Attachments: 
 LUCENE-4332-Integrate-PiTest-mutation-coverage-tool-into-build.patch, 
 LUCENE-4332-Integrate-PiTest-mutation-coverage-tool-into-build.patch, 
 LUCENE-4332-Integrate-PiTest-mutation-coverage-tool-into-build.patch


 As discussed briefly on the mailing list, this patch is an attempt to 
 integrate the PiTest mutation coverage tool into the lucene build

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Comment Edited] (LUCENE-4332) Integrate PiTest mutation coverage tool into build

2012-08-28 Thread Greg Bowyer (JIRA) 

[ 
https://issues.apache.org/jira/browse/LUCENE-4332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13443304#comment-13443304
 ] 

Greg Bowyer edited comment on LUCENE-4332 at 8/29/12 4:51 AM:
--

Wow lot of interest .

I will try to answer some of the salient points

Core was missing until today as one test (TestLuceneConstantVersion) didn't run 
correctly as it was lacking the Lucene version system property. Currently pit 
refuses to run unless the underlying suite is all green (a good thing IMHO) so 
I didn't have core from my first run (its there now).

This takes a long time to run, all of the ancillary Lucene packages take 
roughly 4 hours to run on the largest CPU ec2 instance, core takes 8 hours 
(this was the other reason core was missing, I was waiting for it to finish 
crunching)

As to the random seed, I completely agree and it was one of the things I 
mentioned on the mailing list that makes the output of this tool not perfect. I 
do feel that the tests that are randomised typically do a better job at gaining 
coverage, but its a good idea to stabilise the seed.

Jars and build.xml, I have no problems changing this to whatever people think 
fits best into the build. My impression was that clover is handled the way it 
is because it is not technically opensource and as a result has screwball 
licensing concerns, essentially I didn't know any better :S I will try to get a 
chance to make it use the ivy:cachepath approach.

Regarding the risks posed by mutations, I cannot prove or say there are no 
risks; however mutation testing is not random in the mutations applied, they 
are formulaic and quite simple. It will not permute arguments nor will it 
mutate complex objects (it can and does mess with object references turning 
references in arguments to nulls). I can conceive of ways in which it could 
screwup mutated code making it possible to delete random files but I don't 
think they are going to be extremely likely situations. FWIW I would be less 
worried about this deleting something on the filesystem and far more worried 
about it accidentally leaving corpses of undeleted files. 

Sandboxing it could solve that issue, if that is too much effort another 
approach might be to work with the pitest team and build a security manager 
that is militant about file access, disallowing anything that canonicalises 
outside of a given path.

Oh and as Robert suggested we can always point it away from key things.

At the end of the day its a tool like any other, I have exactly the same 
feelings as Robert on this
{quote}

This is cool. I'd say lets get it up and going on jenkins (even weekly
or something). why worry about the imperfections in any of these
coverage tools, whats way more important is when the results find
situations where you thought you were testing something, but really
arent, etc (here was a recent one found by clover
http://svn.apache.org/viewvc?rev=1376722view=rev).

so imo just another tool to be able to identify serious gaps/test-bugs
after things are up and running. and especially looking at deltas from
line coverage to identify stuff thats 'executing' but not actually
being tested.
{quote}

  was (Author: gbow...@fastmail.co.uk):
Wow lot of interest .

I will try to answer some of the salient points

Core was missing until today as one test (TestLuceneConstantVersion) didn't run 
correctly as it was lacking the Lucene version system property. Currently pit 
refuses to run unless the underlying suite is all green (a good thing IMHO) so 
I didn't have core from my first run (its there now).

This takes a long time to run, all of the ancillary Lucene packages take 
roughly 4 hours to run on the largest CPU ec2 instance, core takes 8 hours 
(this was the other reason core was missing, I was waiting for it to finish 
crunching)

As to the random seed, I completely agree and it was one of the things I 
mentioned on the mailing list that makes the output of this tool not perfect. I 
do feel that the tests that are randomised typically do a better job at gaining 
coverage, but its a good idea to stabilise the seed.

Jars and build.xml, I have no problems changing this to whatever people think 
fits best into the build. My impression was that clover is handled the way it 
is because it is not technically opensource and as a result has screwball 
licensing concerns, essentially I didn't know any better :S I will try to get a 
chance to make it use the ivy:cachepath approach.

Regarding the risks posed by mutations, I cannot prove or say there are no 
risks; however mutation testing is not random in the mutations applied, they 
are formulaic and quite simple. It will not permute arguments nor will it 
mutate complex objects (it can and does mess with object references turning 
references in arguments to nulls). I can conceive of ways in which it could

[jira] [Comment Edited] (LUCENE-4332) Integrate PiTest mutation coverage tool into build

2012-08-28 Thread Greg Bowyer (JIRA) 

[ 
https://issues.apache.org/jira/browse/LUCENE-4332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13443449#comment-13443449
 ] 

Greg Bowyer edited comment on LUCENE-4332 at 8/29/12 6:48 AM:
--

Following up it turns out to be *very* simple to do the security manager trick

{code:java}
import java.io.File;

public class Test {

public static void main(String... args) {
System.setSecurityManager(new SecurityManager() {
public void checkDelete(String file) throws SecurityException {
File fp = new File(file);
String path = fp.getAbsolutePath();

if (!path.startsWith(/tmp)) {
throw new SecurityException(Bang!);
}
}
});

new File(/home/greg/test).delete();
}
}
{code}

{code}
Exception in thread main java.lang.SecurityException: Bang!
at Test$1.checkDelete(Test.java:12)
at java.io.File.delete(File.java:971)
at Test.main(Test.java:17)
{code}

There is a lot of scope here if you want to abuse checking for all sorts of 
things (files, sockets, threads etc)

  was (Author: gbow...@fastmail.co.uk):
Following up it turns out to be *very* simple to do the security manager 
trick

{code:java}
import java.io.File;

public class Test {

public static void main(String... args) {
System.setSecurityManager(new SecurityManager() {
public void checkDelete(String file) throws SecurityException {
File fp = new File(file);
String path = fp.getAbsolutePath();

if (!path.startsWith(/tmp)) {
throw new SecurityException(Bang!);
}
}
});

new File(/home/greg/test).delete();
}
}
{code}

{code}
Exception in thread main java.lang.SecurityException: Bang!
at Test$1.checkDelete(Test.java:12)
at java.io.File.delete(File.java:971)
at Test.main(Test.java:17)
{code}
  
 Integrate PiTest mutation coverage tool into build
 --

 Key: LUCENE-4332
 URL: https://issues.apache.org/jira/browse/LUCENE-4332
 Project: Lucene - Core
  Issue Type: Improvement
Affects Versions: 4.1, 5.0
Reporter: Greg Bowyer
Assignee: Greg Bowyer
  Labels: build
 Attachments: 
 LUCENE-4332-Integrate-PiTest-mutation-coverage-tool-into-build.patch, 
 LUCENE-4332-Integrate-PiTest-mutation-coverage-tool-into-build.patch


 As discussed briefly on the mailing list, this patch is an attempt to 
 integrate the PiTest mutation coverage tool into the lucene build

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org