RFR[10] 8186057: TLS interoperability testing between different Java versions
sha.jiang at oracle.com
sha.jiang at oracle.com
Tue Nov 28 02:35:27 UTC 2017
Hi Artem,
Please review the new webrev at:
http://cr.openjdk.java.net/~jjiang/8186057/webrev.07/
Please see my comments below.
>>>>>
>>>>> One question about Compatibility.caseStatus(). What's the case
>>>>> when you expect a timeout and no client output? Should it always
>>>>> result to a test case failure?
>>>> I'm not sure understanding your question. Did you mean server or
>>>> client timeout?
>>>> I think client should output something.
>>> My questing is - should timeout be always considered as a failure?
>>> Why don't you just check if server or client result is FAIL?
>>>
>>> if (clientStatus == FAIL || serverStatus == FAIL) {
>>> return FAIL;
>>> }
>>>
>>> return PASS;
>> Some cases are negative cases, their status should be EXPECTED_FAIL.
> That's fine, I got that.
>> A server or client timeout would lead to the case to fail, if the
>> failure is not expected.
>> If a server starts normally, but client doesn't start due to a
>> negative case, the server should get timeout. But this failure is
>> expected.
>> If a server starts normally, and client get a unexpected timeout,
>> this failure would make the case to fail.
> This logic looks unnecessary complex to me. The more complex it is,
> the more likely we get a bug there. I think TIMEOUT status is not
> necessary here. If a failure is expected on one side, the other side
> should fail as well (no matter if it's a timeout or an exception).
>
> If I were you, I would simplify this method like this
>
> if (client == EXPECTED_FAIL && server == EXPECTED_FAIL) {
> return EXPECTED_FAIL;
> }
>
> if (client == PASS && server == PASS) {
> return PASS;
> }
>
> return FAIL;
>
> If I am not missing something, the pseudo-code above looks better and
> simpler.
1. This test designs 5 status:
SUCCESS, UNEXPECTED_SUCCESS, FAIL, EXPECTED_FAIL and TIMEOUT
The main purpose is making the test report more clear.
A case fails that may be due to:
Unexpected failure;
No failure, but it is expected to get some failure;
Timeout, although it is also not expected, this failure may have nothing
to do with SSL/TLS exceptions, like SSLHandshakeException.
The test just wants to distinguish these different situations. I assume
users generally just look through the report table, but not the detail logs.
2. This test really treats TIMEOUT as failure. Server and/or client
timout, it should result in the case gets FAIL or EXPECTED_FAIL.
3. Your above code snippet doesn't cover all possible result status.
For example, client == PASS && server == PASS, but this case may be
expected to get some failure. The status should be UNEXPECTED_SUCCESS in
my design.
Again, some more status are used to make the report table could give
more information before investigating details.
4. The updated webrev havs merged two if-clauses to simplify the method
Compatibility.caseStatus() a bit.
Best regards,
John Jiang
More information about the security-dev
mailing list