An Exhaustive Specification of the Test Execution Environment
The Bazel BUILD language includes rules which can be used to define automated test programs in many languages.
Tests are run using bazel test
.
Users may also execute test binaries directly. This is allowed but not endorsed, as such
an invocation will not adhere to the mandates described below.
Tests should be hermetic: that is, they ought to access only those resources on which they have a declared dependency. If tests are not properly hermetic then they do not give historically reproducible results. This could be a significant problem for culprit finding (determining which change broke a test), release engineering auditability, and resource isolation of tests (automated testing frameworks ought not DDOS a server because some tests happen to talk to it).
The goal of this document is to formally establish the runtime environment for and expected behavior of Bazel tests. It will also impose requirements on the test runner and the build system. Our intent is to help test authors avoid relying on unspecified behavior, and thus give the testing infrastructure more freedom to make implementation changes. We will also take the opportunity to tighten up some holes which currently allow many tests to pass despite not being properly hermetic, deterministic, and reentrant.
This document is intended to be both normative and authoritative. If this specification and the implemented behavior of test runner disagree, the specification takes precedence.
The purpose of Bazel tests is to confirm some property of the source files checked into the repository. (In this document, "source files" includes test data, golden outputs, and anything else kept under version control.) One user writes a test to assert an invariant which they expect to be maintained. Other users execute the test later to check whether the invariant has been broken. If the test depends on any variables other than source files (non-hermetic), its value is diminished, because the later users cannot be sure their changes are at fault when the test stops passing.
Therefore the outcome of a test must depend only on:
Currently, such behavior is not enforced. However, test runners reserve the right to add such enforcement in the future.
Test rules are analogous to binary rules in that each must yield an executable program. For some languages, this is a stub program which combines a language-specific harness with the test code. Test rules must produce other outputs as well. In addition to the primary test executable, the test runner will need a manifest of runfiles, input files which should be made available to the test at runtime, and it may need information about the type, size, and tags of a test.
The build system may use the runfiles to deliver code as well as data. (This might be used as an optimization to make each test binary smaller by sharing files across tests, e.g. through the use of dynamic linking.) The build system should ensure that the generated executable loads these files via the runfiles image provided by the test runner, rather than hardcoded references to absolute locations in the source or output tree.
From the point of view of the test runner, each test is a program which can
be invoked with execve()
. There may be other ways to execute
tests; for example, an IDE might allow the execution of Java tests in-process.
However, the result of running the test as a standalone process must be
considered authoritative. If a test process runs to completion and terminates
normally with an exit code of zero, the test has passed. Any other result is
considered a test failure. In particular, writing any of the strings
PASS
or FAIL
to stdout has no significance to the test
runner.
If a test takes too long to execute, exceeds some resource limit, or the test runner otherwise detects prohibited behavior, it may choose to kill the test and treat the run as a failure. The runner must not report the test as passing after sending a signal to the test process or any children thereof.
The whole test target (not individual methods or tests) is given a limited amount of time to run to completion. The time limit for a test is based on its timeout attribute according to the following table:
timeout | Time Limit (sec.) |
---|---|
short | 60 |
moderate | 300 |
long | 900 |
eternal | 3600 |
Tests which do not explicitly specify a timeout have one implied based on the
test's size
as follows:
size | Implied timeout label |
---|---|
small | short |
medium | moderate |
large | long |
enormous | eternal |
For example a "large" test with no explicit timeout setting will be allotted 900 seconds to run. A "medium" test with a timeout of "short" will be allotted 60 seconds.
All combinations of size
and timeout
labels are
legal, so an "enormous" test may be declared to have a timeout of "short".
Presumably it would do some really horrible things very quickly.
Tests may return arbitrarily fast regardless of timeout. A test is not penalized for an overgenerous timeout, although a warning may be issued: you should generally set your timeout as tight as you can without incurring any flakiness.
There is also a recommended lower bound for test timeouts as follows:
size | Time minimum (sec.) |
---|---|
short | 0 |
moderate | 30 |
long | 300 |
eternal | 900 |
For example, if a "moderate" test completes in 5.5s, consider setting
timeout
="short" or size
="small". Using the bazel
--test_verbose_timeout_warnings
command line option will show the
tests whose specified size is too big.
Test sizes and timeouts are specified in the BUILD file according to the specification here. Any test that does not specify a recognized size will default to being a medium test.
If the main process of a test exits, but some of its children are still running, the test runner should consider the run complete and count it as a success or failure based on the exit code observed from the main process. The test runner may kill any stray processes. Tests should not leak processes in this fashion.
When executing a test, the test runner must establish certain initial conditions.
The test runner must invoke each test with the path to the test
executable in argv[0]
. This path must be relative and
beneath the test's current directory (which is in the runfiles tree,
see below).
The test runner should not pass any other arguments to a
test unless the user explicitly requests it.
The initial environment block shall be composed as follows:
Variable | Value | Status |
---|---|---|
HOME | value of $TEST_TMPDIR | recommended |
JAVA_RUNFILES | value of $TEST_SRCDIR | required |
LANG | unset | required |
LANGUAGE | unset | required |
LC_ALL | unset | required |
LC_COLLATE | unset | required |
LC_CTYPE | unset | required |
LC_MESSAGES | unset | required |
LC_MONETARY | unset | required |
LC_NUMERIC | unset | required |
LC_TIME | unset | required |
LD_LIBRARY_PATH | colon-separated list of directories containing shared libraries | optional |
LOGNAME | value of $USER | required |
PATH | /usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:. | recommended |
PWD | $TEST_SRCDIR | recommended |
SHLVL | 2 | recommended |
TEST_PREMATURE_EXIT_FILE | absolute path to a private file in a writable directory (used for catching calls to exit()) | optional |
TEST_RANDOM_SEED | See this table. | optional |
TEST_SIZE | The test size | optional |
TEST_TIMEOUT | The test timeout | optional |
TEST_SRCDIR | absolute path to the base of the runfiles tree | required |
TEST_TMPDIR | absolute path to a private writable directory | required |
TEST_TIMEOUT | 300 | optional |
TEST_UNDECLARED_OUTPUTS_DIR | absolute path to a private writable directory (used to write undeclared test outputs) | optional |
TEST_UNDECLARED_OUTPUTS_ANNOTATIONS_DIR | absolute path to a private writable directory (used to write undeclared test output annotation .part files). | optional |
TEST_WARNINGS_OUTPUT_FILE | absolute path to a private file in a writable directory (used to write test target warnings) | optional |
TZ | UTC | required |
USER | value of getpwuid(getuid())->pw_name | required |
The environment may contain additional entries. Tests should not depend on the presence, absence, or value of any environment variable not listed above.
The initial working directory shall be $TEST_SRCDIR
.
The current process id, process group id, session id, and parent process id are unspecified. The process may or may not be a process group leader or a session leader. The process may or may not have a controlling terminal. The process may have zero or more running or unreaped child processes. The process should not have multiple threads when the test code gains control.
File descriptor 0 (stdin) shall be open for reading, but what it is attached to is unspecified. Tests must not read from it. File descriptors 1 (stdout) and 2 (stderr) shall be open for writing, but what they are attached to is unspecified. It could be a terminal, a pipe, a regular file, or anything else to which characters can be written. They may share an entry in the open file table (meaning that they cannot seek independently). Tests should not inherit any other open file descriptors.
The initial umask shall be 022 or 027.
No alarm or interval timer shall be pending.
The initial mask of blocked signals shall be empty. All signals shall be set to their default action.
The initial resource limits, both soft and hard, should be set as follows:
Resource | Limit |
---|---|
RLIMIT_AS | unlimited |
RLIMIT_CORE | unspecified |
RLIMIT_CPU | unlimited |
RLIMIT_DATA | unlimited |
RLIMIT_FSIZE | unlimited |
RLIMIT_LOCKS | unlimited |
RLIMIT_MEMLOCK | unlimited |
RLIMIT_MSGQUEUE | unspecified |
RLIMIT_NICE | unspecified |
RLIMIT_NOFILE | at least 1024 |
RLIMIT_NPROC | unspecified |
RLIMIT_RSS | unlimited |
RLIMIT_RTPRIO | unspecified |
RLIMIT_SIGPENDING | unspecified |
RLIMIT_STACK | unlimited, or 2044KB <= rlim <= 8192KB |
The initial process times (as returned by times()
) and resource
utilization (as returned by getrusage()
) are unspecified.
The initial scheduling policy and priority are unspecified.
In addition to the aspects of user context under direct control of the test runner, the operating system on which tests execute must satisfy certain properties for a test run to be valid.
The root directory observed by a test may or may not be the real root directory.
/proc
shall be mounted.
All build tools shall be present at the absolute paths under /usr
used by a local installation.
Paths starting with /home
may not be available. Tests should not access any such paths.
/tmp
and /export/hda3/tmp
shall be writable, but tests should avoid using these paths.
Tests must not assume that any constant path is available for their exclusive use.
Tests must not assume that atimes are enabled for any mounted filesystem.
The users root, nobody, and unittest must exist. The groups root, nobody, and eng must exist.
Tests must be executed as a non-root user. The real and effective user ids must be equal; likewise for group ids. Beyond this, the current user id, group id, user name, and group name are unspecified. The set of supplementary group ids is unspecified.
The current user id and group id must have corresponding names which can be
retrieved with getpwuid()
and getgrgid()
. The same
may not be true for supplementary group ids.
The current user must have a home directory. It may not be writable. Tests must not attempt to write to it.
The hostname is unspecified. It may or may not contain a dot. Resolving the hostname must give an IP address of the current host. Resolving the hostname cut after the first dot must also work. The hostname localhost must resolve.
Tests are granted at least one CPU core. Others may be available but this is not guaranteed. Other performance aspects of this core are not specified.
Tests may create subprocesses, but not process groups or sessions.
There is a limit on both the number of input files a test may consume, and their aggregate size. Such limits are subject to change, but are currently in the range of tens of thousands of inputs and several GB of aggregate size.
The current time and date are unspecified. The system timezone is unspecified.
X Windows may or may not be available. Tests that need an X server should start Xvfb.
All file paths specified in test environment variables point to somewhere on the local filesystem, unless otherwise specified.
Tests should create files only within the directories specified by
$TEST_TMPDIR
and $TEST_UNDECLARED_OUTPUTS_DIR
(if set).
These directories will be initially empty.
Tests must not attempt to remove, chmod, or otherwise alter these directories.
These directories may be a symbolic links.
The filesystem type of $TEST_TMPDIR/.
remains unspecified.
Tests may also write .part files to the $TEST_UNDECLARED_OUTPUTS_ANNOTATIONS_DIR
to annotate undeclared output files.
Tests must access inputs through the runfiles mechanism, or other parts of the execution environment which are specifically intended to make input files available. Tests must not access other outputs of the build system at paths inferred from the location of their own executable.
It is unspecified whether the runfiles tree contains regular files, symbolic
links, or a mixture. The runfiles tree may contain symlinks to directories.
Tests should avoid using paths containing ..
components within the
runfiles tree.
No directory, file, or symlink within the runfiles tree (including paths which traverse symlinks) should be writable. (It follow that the initial working directory should not be writable.) Tests must not assume that any part of the runfiles is writable, or owned by the current user (i.e. chmod and chgrp may fail).
The runfiles tree (including paths which traverse symlinks) must not change during test execution. Parent directories and filesystem mounts must not change in any way which affects the result of resolving a path within the runfiles tree.
In order to catch early exit, a test may create a file at the path specified by
TEST_PREMATURE_EXIT_FILE
upon start and remove it upon exit. If
Bazel sees the file when the test finishes, it will assume that the test exited
prematurely and mark it as having failed.
Some tags in the test rules have a special meaning.
Tag | Meaning |
---|---|
exclusive |
run no other test at the same time |
external |
test has an external dependency; disable test caching |
large |
test_suite convention; suite of large tests |
manual |
don't include test target in wildcard target patterns like :... , :* , or :all ) |
medium |
test_suite convention; suite of medium tests
|
small |
test_suite convention; suite of small tests |
smoke |
test_suite convention; means it should be run before committing code changes
into the version control system
|