istio · istio-testing · May 1, 2019 · Jan 30, 2019 · Jan 31, 2019 · Jan 31, 2019
diff --git a/.bazelrc b/.bazelrc
@@ -2,6 +2,11 @@
 # Envoy specific Bazel build/test options.
 
 build --workspace_status_command=tools/bazel_get_workspace_status
+# Bazel doesn't need more than 200MB of memory based on memory profiling:
+# https://docs.bazel.build/versions/master/skylark/performance.html#memory-profiling
+# Limiting JVM heapsize here to let it do GC more when approaching the limit to
+# leave room for compiler/linker.
+startup --host_jvm_args=-Xmx512m
 
 # Basic ASAN/UBSAN that works for gcc
 build:asan --define ENVOY_CONFIG_ASAN=1
@@ -18,6 +23,7 @@ build:asan --define signal_trace=disabled
 # Clang 5.0 ASAN
 build:clang-asan --define ENVOY_CONFIG_ASAN=1
 build:clang-asan --copt -D__SANITIZE_ADDRESS__
+build:clang-asan --copt -DADDRESS_SANITIZER=1
 build:clang-asan --copt -fsanitize=address,undefined
 build:clang-asan --linkopt -fsanitize=address,undefined
 build:clang-asan --copt -fno-sanitize=vptr
@@ -29,12 +35,14 @@ build:clang-asan --build_tag_filters=-no_asan
 build:clang-asan --test_tag_filters=-no_asan
 build:clang-asan --define signal_trace=disabled
 build:clang-asan --test_env=ASAN_SYMBOLIZER_PATH
+build:clang-asan --linkopt -fuse-ld=lld
 
 # Clang 5.0 TSAN
 build:clang-tsan --define ENVOY_CONFIG_TSAN=1
 build:clang-tsan --copt -fsanitize=thread
 build:clang-tsan --linkopt -fsanitize=thread
 build:clang-tsan --define tcmalloc=disabled
+build:clang-tsan --linkopt -fuse-ld=lld
 
 # Clang 5.0 MSAN - broken today since we need to rebuild lib[std]c++ and external deps with MSAN
 # support (see https://github.com/envoyproxy/envoy/issues/443).

diff --git a/.circleci/Dockerfile b/.circleci/Dockerfile
@@ -10,24 +10,25 @@ FROM circleci/openjdk:latest
 
 # clang is used for TSAN and ASAN tests
 RUN sudo sh -c 'curl http://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -'
-RUN sudo sh -c 'echo "deb http://apt.llvm.org/stretch/ llvm-toolchain-stretch-6.0 main" > /etc/apt/sources.list.d/llvm.list'
+RUN sudo sh -c 'echo "deb http://apt.llvm.org/stretch/ llvm-toolchain-stretch-7 main" > /etc/apt/sources.list.d/llvm.list'
 
 RUN sudo apt-get update && \
     sudo apt-get -y install \
     wget software-properties-common make cmake python python-pip pkg-config \
     zlib1g-dev bash-completion bc libtool automake zip time g++-6 gcc-6 \
-    clang-6.0 clang-format-6.0 rsync ninja-build
+    clang-7 clang-format-7 clang-tidy-7 lld-7 libc++-7-dev libc++abi-7-dev \
+    rsync ninja-build
 
 # ~100M, depends on g++, zlib1g-dev, bash-completions
-RUN curl -Lo /tmp/bazel.deb https://github.com/bazelbuild/bazel/releases/download/0.18.0/bazel_0.18.0-linux-x86_64.deb && \
+RUN curl -Lo /tmp/bazel.deb https://github.com/bazelbuild/bazel/releases/download/0.22.0/bazel_0.22.0-linux-x86_64.deb && \
     sudo dpkg -i /tmp/bazel.deb && rm /tmp/bazel.deb
 
 
 # Instead of "apt-get -y install  golang"
 RUN cd /tmp && \
-    wget https://redirector.gvt1.com/edgedl/go/go1.10.3.linux-amd64.tar.gz && \
+    wget https://redirector.gvt1.com/edgedl/go/go1.11.5.linux-amd64.tar.gz && \
     sudo rm -rf /usr/local/go && \
-    sudo tar -C /usr/local -xzf go1.10.3.linux-amd64.tar.gz && \
+    sudo tar -C /usr/local -xzf go1.11.5.linux-amd64.tar.gz && \
     sudo chown -R circleci /usr/local/go && \
     sudo ln -s /usr/local/go/bin/go /usr/local/bin
 

diff --git a/.circleci/Makefile b/.circleci/Makefile
@@ -2,7 +2,7 @@ HUB ?=
 PROJECT ?= istio
 
 # Using same naming convention as istio/istio
-VERSION ?= go1.10-bazel0.18-clang6.0
+VERSION ?= go1.11-bazel0.22-clang7
 IMG ?= ci
 
 # Build a local image, can be used for testing with circleci command line.

diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -3,9 +3,10 @@ version: 2
 jobs:
   build:
     docker:
-      - image: istio/ci:go1.10-bazel0.18-clang6.0
+      - image: istio/ci:go1.11-bazel0.22-clang7
     environment:
-      - BAZEL_TEST_ARGS: "--test_env=ENVOY_IP_TEST_VERSIONS=v4only --test_output=all"
+      - BAZEL_BUILD_ARGS: "--local_resources=12288,5,1"
+      - BAZEL_TEST_ARGS: "--test_env=ENVOY_IP_TEST_VERSIONS=v4only --test_output=all --local_resources=12288,5,1 --local_test_jobs=8"
     resource_class: xlarge
     steps:
       - checkout
@@ -30,9 +31,10 @@ jobs:
           destination: /proxy/bin
   linux_asan:
     docker:
-      - image: istio/ci:go1.10-bazel0.18-clang6.0
+      - image: istio/ci:go1.11-bazel0.22-clang7
     environment:
-      - BAZEL_TEST_ARGS: "--test_env=ENVOY_IP_TEST_VERSIONS=v4only --test_output=all"
+      - BAZEL_BUILD_ARGS: "--local_resources=12288,5,1"
+      - BAZEL_TEST_ARGS: "--test_env=ENVOY_IP_TEST_VERSIONS=v4only --test_output=all --local_resources=12288,5,1 --local_test_jobs=8"
     resource_class: xlarge
     steps:
       - checkout
@@ -49,9 +51,10 @@ jobs:
             - /home/circleci/.cache/bazel
   linux_tsan:
     docker:
-      - image: istio/ci:go1.10-bazel0.18-clang6.0
+      - image: istio/ci:go1.11-bazel0.22-clang7
     environment:
-      - BAZEL_TEST_ARGS: "--test_env=ENVOY_IP_TEST_VERSIONS=v4only --test_output=all"
+      - BAZEL_BUILD_ARGS: "--local_resources=12288,5,1"
+      - BAZEL_TEST_ARGS: "--test_env=ENVOY_IP_TEST_VERSIONS=v4only --test_output=all --local_resources=12288,5,1 --local_test_jobs=8"
     resource_class: xlarge
     steps:
       - checkout
@@ -71,7 +74,8 @@ jobs:
       xcode: "9.3.0"
     environment:
       - BAZEL_STARTUP_ARGS: "--output_base /Users/distiller/.cache/bazel"
-      - BAZEL_TEST_ARGS: "--test_env=ENVOY_IP_TEST_VERSIONS=v4only --test_output=all"
+      - BAZEL_BUILD_ARGS: "--local_resources=12288,5,1"
+      - BAZEL_TEST_ARGS: "--test_env=ENVOY_IP_TEST_VERSIONS=v4only --test_output=all --local_resources=12288,5,1 --local_test_jobs=8"
       - CC: clang
       - CXX: clang++
     steps:

diff --git a/Makefile b/Makefile
@@ -20,39 +20,43 @@ ARTIFACTS_DIR ?= $(LOCAL_ARTIFACTS_DIR)
 BAZEL_STARTUP_ARGS ?=
 BAZEL_BUILD_ARGS ?=
 BAZEL_TEST_ARGS ?=
+BAZEL_TARGETS ?= //...
+# Some tests run so slowly under the santizers that they always timeout.
+SANITIZER_EXCLUSIONS ?= -test/integration:mixer_fault_test
 HUB ?=
 TAG ?=
 ifeq "$(origin CC)" "default"
-CC := clang-6.0
+CC := clang-7
 endif
 ifeq "$(origin CXX)" "default"
-CXX := clang++-6.0
+CXX := clang++-7
 endif
+PATH := /usr/lib/llvm-7/bin:$(PATH)
 
 build:
-	CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) build $(BAZEL_BUILD_ARGS) //...
-	@bazel shutdown
+	PATH=$(PATH) CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) build $(BAZEL_BUILD_ARGS) $(BAZEL_TARGETS)
+	-@bazel shutdown
 
 # Build only envoy - fast
 build_envoy:
-	CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) build $(BAZEL_BUILD_ARGS) //src/envoy:envoy
-	@bazel shutdown
+	PATH=$(PATH) CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) build $(BAZEL_BUILD_ARGS) //src/envoy:envoy
+	-@bazel shutdown
 
 clean:
 	@bazel clean
 	@bazel shutdown
 
 test:
-	CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) test $(BAZEL_TEST_ARGS) //...
-	@bazel shutdown
+	PATH=$(PATH) CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) test $(BAZEL_TEST_ARGS) $(BAZEL_TARGETS)
+	-@bazel shutdown
 
 test_asan:
-	CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) test $(BAZEL_TEST_ARGS) --config=clang-asan //...
-	@bazel shutdown
+	PATH=$(PATH) CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) test $(BAZEL_TEST_ARGS) --config=clang-asan -- $(BAZEL_TARGETS) $(SANITIZER_EXCLUSIONS)
+	-@bazel shutdown
 
 test_tsan:
-	CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) test $(BAZEL_TEST_ARGS) --config=clang-tsan //...
-	@bazel shutdown
+	PATH=$(PATH) CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) test $(BAZEL_TEST_ARGS) --config=clang-tsan -- $(BAZEL_TARGETS) $(SANITIZER_EXCLUSIONS)
+	-@bazel shutdown
 
 check:
 	@script/check-license-headers
@@ -64,7 +68,7 @@ artifacts: build
 
 deb:
 	CC=$(CC) CXX=$(CXX) bazel $(BAZEL_STARTUP_ARGS) build $(BAZEL_BUILD_ARGS) //tools/deb:istio-proxy
-	@bazel shutdown
+	-@bazel shutdown
 
 
 .PHONY: build clean test check artifacts
diff --git a/OWNERS b/OWNERS
@@ -1,16 +1,20 @@
 reviewers:
   - qiwzhang
   - lizan
-  - sebastienvas
+  - utka
   - rshriram
   - linsun
   - JimmyCYJ
   - venilnoronha
+  - kyessenov
+  - duderino
 approvers:
   - qiwzhang
   - lizan
-  - sebastienvas
+  - utka
   - rshriram
   - linsun
   - JimmyCYJ
   - venilnoronha
+  - kyessenov
+  - duderino
diff --git a/WORKSPACE b/WORKSPACE
@@ -35,9 +35,9 @@ bind(
 # When updating envoy sha manually please update the sha in istio.deps file also
 #
 # Determine SHA256 `wget https://github.com/envoyproxy/envoy/archive/COMMIT.tar.gz && sha256sum COMMIT.tar.gz`
-ENVOY_SHA = "b3be5713f2100ab5c40316e73ce34581245bd26a"
+ENVOY_SHA = "5ea1a0c1cb506ed3e80d52b572b0f767f55f9f39"
 
-ENVOY_SHA256 = "79629284ae143d66b873c08883dc6382fac2e8ed45f6f3521f7e7282b6650216"
+ENVOY_SHA256 = "64beeb27f68ed644ff0bd37b193e5a85f49b883250940e292f6f150ec7173e38"
 
 http_archive(
     name = "envoy",
@@ -46,10 +46,18 @@ http_archive(
     url = "https://github.com/envoyproxy/envoy/archive/" + ENVOY_SHA + ".tar.gz",
 )
 
-load("@envoy//bazel:repositories.bzl", "envoy_dependencies")
+load("@envoy//bazel:api_repositories.bzl", "envoy_api_dependencies")
+
+envoy_api_dependencies()
+
+load("@envoy//bazel:repositories.bzl", "GO_VERSION", "envoy_dependencies")
 
 envoy_dependencies()
 
+load("@rules_foreign_cc//:workspace_definitions.bzl", "rules_foreign_cc_dependencies")
+
+rules_foreign_cc_dependencies()
+
 load("@envoy//bazel:cc_configure.bzl", "cc_configure")
 
 cc_configure()
@@ -58,20 +66,8 @@ load("@envoy_api//bazel:repositories.bzl", "api_dependencies")
 
 api_dependencies()
 
-load("@io_bazel_rules_go//go:def.bzl", "go_register_toolchains", "go_rules_dependencies")
+load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
 
 go_rules_dependencies()
 
-go_register_toolchains()
-
-# Nov 28, 2017 (bazel 0.8.0 support)
-RULES_PROTOBUF_SHA = "563b674a2ce6650d459732932ea2bc98c9c9a9bf"
-
-RULES_PROTOBUF_SHA256 = "338e0d65cd709c6a6f9b5702466e641d536479be8b564d1e12a5d1de22a5cff6"
-
-http_archive(
-    name = "org_pubref_rules_protobuf",
-    sha256 = RULES_PROTOBUF_SHA256,
-    strip_prefix = "rules_protobuf-" + RULES_PROTOBUF_SHA,
-    url = "https://github.com/pubref/rules_protobuf/archive/" + RULES_PROTOBUF_SHA + ".tar.gz",
-)
+go_register_toolchains(go_version = GO_VERSION)
diff --git a/include/istio/control/http/request_handler.h b/include/istio/control/http/request_handler.h
@@ -35,10 +35,13 @@ class RequestHandler {
   // * extract attributes from the config.
   // * if necessary, forward some attributes to downstream
   // * make a Check call.
-  virtual ::istio::mixerclient::CancelFunc Check(
-      CheckData* check_data, HeaderUpdate* header_update,
-      ::istio::mixerclient::TransportCheckFunc transport,
-      ::istio::mixerclient::CheckDoneFunc on_done) = 0;
+  virtual void Check(CheckData* check_data, HeaderUpdate* header_update,
+                     const ::istio::mixerclient::TransportCheckFunc& transport,
+                     const ::istio::mixerclient::CheckDoneFunc& on_done) = 0;
+
+  virtual void ResetCancel() = 0;
+
+  virtual void CancelCheck() = 0;
 
   // Make a Report call. It will:
   // * check service config to see if Report is required

diff --git a/include/istio/control/tcp/request_handler.h b/include/istio/control/tcp/request_handler.h
@@ -32,8 +32,12 @@ class RequestHandler {
   // Perform a Check call. It will:
   // * extract downstream tcp connection attributes
   // * check config, make a Check call if necessary.
-  virtual ::istio::mixerclient::CancelFunc Check(
-      CheckData* check_data, ::istio::mixerclient::CheckDoneFunc on_done) = 0;
+  virtual void Check(CheckData* check_data,
+                     const ::istio::mixerclient::CheckDoneFunc& on_done) = 0;
+
+  virtual void ResetCancel() = 0;
+
+  virtual void CancelCheck() = 0;
 
   // Make report call.
   virtual void Report(ReportData* report_data,

diff --git a/include/istio/mixerclient/check_response.h b/include/istio/mixerclient/check_response.h
@@ -22,21 +22,15 @@
 namespace istio {
 namespace mixerclient {
 
-// The CheckResponseInfo holds response information in detail.
-struct CheckResponseInfo {
-  // Whether this check response is from cache.
-  bool is_check_cache_hit{false};
+// The CheckResponseInfo exposes policy and quota check details to the check
+// callbacks.
+class CheckResponseInfo {
+ public:
+  virtual ~CheckResponseInfo(){};
 
-  // Whether this quota response is from cache.
-  bool is_quota_cache_hit{false};
+  virtual const ::google::protobuf::util::Status& status() const = 0;
 
-  // The check and quota response status.
-  ::google::protobuf::util::Status response_status{
-      ::google::protobuf::util::Status::UNKNOWN};
-
-  // Routing directive (applicable if the status is OK)
-  ::istio::mixer::v1::RouteDirective route_directive{
-      ::istio::mixer::v1::RouteDirective::default_instance()};
+  virtual const ::istio::mixer::v1::RouteDirective& routeDirective() const = 0;
 };
 
 }  // namespace mixerclient