ci: add workflow for reporting possible state-changing diffs #13774
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
cmd/statediff/main.go
Outdated
| for _, pkg := range pkg.Imports { | ||
| addPkg(pkg) | ||
| } |
Check failure
Code scanning / gosec
the value in the range statement should be _ unless copying a map: want: for key := range m
cmd/statediff/main.go
Outdated
|
|
||
| func main() { | ||
| flag.Parse() | ||
| *dir, _ = filepath.Abs(*dir) |
Check warning
Code scanning / gosec
Returned error is not propagated up the stack.
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #13774 +/- ##
==========================================
+ Coverage 56.25% 56.66% +0.40%
==========================================
Files 667 636 -31
Lines 56576 54552 -2024
==========================================
- Hits 31829 30910 -919
+ Misses 22165 21136 -1029
+ Partials 2582 2506 -76
|
cmd/statediff/main.go
Outdated
| for _, pkg := range pkg.Imports { | ||
| addPkg(pkg) | ||
| } |
Check warning
Code scanning / CodeQL
Iteration over map
cmd/statediff/main.go
Outdated
| for n := range rootFuncs { | ||
| missing = append(missing, n.typ+"."+n.fun) | ||
| } |
Check warning
Code scanning / CodeQL
Iteration over map
elias-orijtech
changed the title
elias-orijtech
force-pushed
the
main
branch
4 times, most recently
from
86b83ab to
7d7a1f6
Compare
|
This is now ready for review. |
There was a problem hiding this comment.
LGTM, thank you @elias-orijtech! Just one comment though.
Kindly cc-ing @ebuchman too
elias-orijtech
force-pushed
the
main
branch
2 times, most recently
from
52a167f to
d02a4f9
Compare
|
@elias-orijtech please update the commit messages to link to the issue to be fixed: Fixes #13518 So that it gets auto closed and a related PR is linked. |
|
does this post a comment in the pr or only fail in ci? |
It didn't, but now it does :) See elias-orijtech#106 (comment) for an example comment it posts (once pr PR). |
| - uses: actions/checkout@v3 | ||
| - uses: orijtech/statediff@main | ||
| with: | ||
| roots: 'github.com/cosmos/cosmos-sdk/baseapp.BaseApp.DeliverTx,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.BeginBlock,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.EndBlock,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.Commit' |
There was a problem hiding this comment.
could you explain what this does?
There was a problem hiding this comment.
oh I read what this does. I don't think this solves the issue described above.
There was a problem hiding this comment.
The linked issue says
"State machine relevant code should basically be anything reachable from BeginBlock/DeliverTx/EndBlock/Commit."
This tool implements the basic reachability analysis: function or method calls. With the GitHub and testing machinery in place, the tool can easily be expanded. For example, what makes code such as x/staking/keeper/msg_server.go state code? Called by a root function/method, implementing a certain interface, something else? If you come up with the rule, I can add it to the tool.
There was a problem hiding this comment.
@ebuchman could you please chime in too? @elias-orijtech implemented checking code reachable from the desired roots. Please chime in with suggestions for the use cases if it doesn't fit what he implemented. Thanks @tac0turtle @alexanderbez for the co-reviews!
For now, maybe, but tool can be expanded to detect more cases. I can change "Fixes #13518" to "Update #13518" to reflect that, if you like. This PR is mostly about getting the ball rolling with a MVP tool and all the machinery for integrating with GitHub.
There is a bit of explanation in https://github.com/orijtech/statediff. Basically, the tool detect whether a PR touches any line that belongs to the graph of function or methods called from the roots. |
|
So this job mainly just checks if code was modified/added/removed in an execution flow that is regarded as part of the state machine? If so, how exactly does it determine that? Can there be false negatives? What about false positives? |
False negatives can happen if a state function or method is unreachable through direct function or method calls from a root. For example, through an interface method call. False positives can happen if a PR touches a state function or method, but the change is not actually state changing. For example a comment or a performance optimization. |
|
I see. Ok, then I don't have any strong objections to this. I'm happy to give an ACK. I'm not convinced how much it will really buy us, but at least we can experiment with it. Let's keep this as a non-required job. |
The workflow uses the new github.com/orijtech/statediff tool that builds a callgraph from a set of root methods and functions, and checks whether a patch touches it. Fixes cosmos#13518 Signed-off-by: Elias Naur <elias@orijtech.com>
Can you clarify what you mean by too simple? Just adding roots (say, github.com/cosmos/cosmos-sdk/x/staking/keeper.msgServer.Delegate) will trigger on any changes to Delegate or one of its callees. I've tried a few implementations to catch changes to msg_server.go automatically, but to make productive progress can you say what makes code such as that in msg_server.go state-sensitive? For example "any code called by the gRPC endpoints", or "implementations of interface X/Y/Z...". |
I actually need to see it work, I could be wrong with my assumption.
This is a good question and not something we have well defined I believe. There is the unspoken things we shouldn't touch, but its better to write them down |
|
Thank you for the reviews @alexanderbez @tac0turtle plus merge and for the good work @elias-orijtech |
This PR implements a tool for detecting PRs that may touch state code. Example PR and run: https://github.com/elias-orijtech/cosmos-sdk/actions/runs/3439195320/jobs/5736196835
Fixes #13518
CC @odeke-em