Author Topic: audit of api use in 3.4.0/4.0.0 (Read 2196 times)

ken · April 28, 2011, 10:23:52 pm

Folks,

I've found two issues in 3.4.0 (see CRM-7989 and CRM-7994) where problems have been caused by an incomplete change from v2 to v3.

In CRM-7989, the v3 API was included in 2 spots and then the v2 API calls were made
In CRM-7994, the v3 API did not produce a side-effect that the calling code relied on (viz, adding an element to the parameters array).

Is this a sign of a wider problem? (I may be overreacting, but it does seem to be evidence of a systemic problem that I'm finding related issues in widely separated pieces of code.) If so, should there be an audit of the changes from v2 to v3 of the API?

Thanks!
Ken

Eileen · April 28, 2011, 11:28:47 pm

The intention was that code using api v2 should remain unchanged. However, for a period this wasn't working & the partial migration was done. Once it was working again (because we changed the apiv2 signatures) I don't think it was revisted.

Ideally all code that is using v2 would still call the functions directly & only code that has been checked would use civicrm_api.

Erik Hommel · April 29, 2011, 12:00:31 am

Ken, do I understand you are volunteering to do an audit? Excellent idea!

ken · April 29, 2011, 12:10:13 am

<groan>I should have seen that coming!</groan>

Without wishing to appear to be taking this on, how would we scope this?

I understand 3.4.0 is the first release to use API v3? So would a 'diff' between 3.3.x and 3.4.0, then a 'grep' for civicrm_api. would that locate all changes?

And what would the hapless volunteer look for?

We could look for all cases where API v3 is included and then the API v2 calls are made?
Does anyone have a feel for which API v2 calls have side-effects?

Ken

Erik Hommel · April 29, 2011, 12:13:52 am

Seriously.....I think we should focus on getting the UnitTests right, they should spot these instances and problems. So I would concentrate on updating the UnitTests to reflect the issues you found? Would that not be the most consistent and quickest way?

Eileen · April 29, 2011, 12:31:36 am

A grep for civicrm_api will spot all the calls that now go through the new api structure.

Erik, the tests are pretty solid on the api itself but the test coverage on all the other functions that call the api is less

Erik Hommel · April 29, 2011, 12:56:17 am

Eileen, is that not an area that would need improving in the tests or is that too simple a thought?

Eileen · April 29, 2011, 12:58:03 am

Yes, you are right - it would be great to improve it. Ideally find the functions that use civicrm_api, check if they have tests & if not, write them....

Erik Hommel · April 29, 2011, 01:00:55 am

Sounds so simple......

xavier · April 29, 2011, 01:07:26 am

Hi,

The problem is real, but complex. how do you know that one api function was wrongly modifying the param X and that result wrongly used in the calling code? (wrongly as in that was a rule not to do it, but because it was passed by reference it could, and did, happen). To make it harder, it isn't systematic, ie the side effect can only happen in one branch of a if structure, or of a much more complex and specific configuration.

Moreover, some of the params value could have been modified without being used (ie. we fixed a bug that no code tripped on), or in v3, we sometimes modify a param, knowing that it's a local modification because that's by value.

I don't know how to make that audit more systematic ( the naive grepping $params[.*] = probably wont cover everything), but I suspect that working on a better test coverage (mostly of the calling functions) would be a more valuable investment of our time.

Eg. when we find a bug, write a test (that would fail), fix the code and submit both the code and the test. It's probably not a big overhead if you know the test infrastructure (well and have the patience of letting them run, cf usual rant about their speed). I know that's best practice, and I know I'm guilty not doing it (but I'm firmly in the majority here, unfortunately).

The test infrastructure has greatly improved IMO and we have introduced a few tricks to make run tests in a few seconds, but only a few test suites benefit from them now.

Ken, don't take me wrongly, your fixes are super appreciated, was more a general comment and thinking that instead of an audit, writing tests to be sure that what you have fixed it going to be fixed forever (or at least visible if broken again) might be more useful in the long run.

X+

ken · April 29, 2011, 01:52:51 am

I couldn't take it the wrong way if you're trying to encourage me *not* to do a code audit!

Eileen · April 29, 2011, 01:54:17 am

So, instead of a full code audit .. you could pick one instance & write a test for it to make sure it never gets broken again...

xavier · April 29, 2011, 03:53:58 am

Quote

I couldn't take it the wrong way if you're trying to encourage me *not* to do a code audit!

afraid you missed the part of you volunteering to write tests until it reaches 100% coverage

ken · April 30, 2011, 12:29:28 am

Folks,

As I've just released 3.4.0 into production, and I hate the thought of defects, I just couldn't resist looking at the code.

I looked for any situations where 'civicrm_api_include' is called to include the v3 API, yet the latest revision of the branch/3.4 code uses v2 calls ...

./bin/Email2Activity.php:111: civicrm_api_include('activity');
./CRM/Activity/Import/Parser/Activity.php:39:civicrm_api_include('utils', false, 3);
./CRM/Bridge/OG/CiviCRM.php:94: civicrm_api_include('uf_group', false, 3);
./CRM/Bridge/OG/Utils.php:85: civicrm_api_include('uf_group', false, 3);
./CRM/Contribute/Page/UserDashboard.php:83: civicrm_api_include('utils', false, 3);
./CRM/Mailing/Event/BAO/Subscribe.php:107: civicrm_api_include('contact', false, 3); ***** This v3 API isn't used, and the v2 API is included on line 119
./CRM/Profile/Selector/Listings.php:505: civicrm_api_include('uf_group', false, 3);
./CRM/Utils/SoapServer.php:47:civicrm_api_include('utils', false, 3); ***** This API doesn't appear to be used
./CRM/Utils/SoapServer.php:48:civicrm_api_include('mailer', false, 3);
./drupal/modules/civicrm_group_roles/civicrm_group_roles.module:114: civicrm_api_include('uf_group'); ***** see the TODO - 'uf_match_id_get' doesn't exist in v2 or v3

Ken

Eileen · April 30, 2011, 03:16:17 am

Yes, so I kinda didn't track what code changes were made outside the actual api but that civicrm_api_include shouldn't really be in use.

Basically all api calls should look like

require_once 'api/api.php'; // not really required in Core files as it should loaded from prev discussions
civicrm_api($entity,$action,$params);

All the examples you have found should either be reverted to 'normal' v2 calls (ie. directly including & calling the function) or upgraded to v3 calls. Ideally with a test added to the test suite to prove their usage

CiviCRM Community Forums (archive)

News:

Author Topic: audit of api use in 3.4.0/4.0.0 (Read 2196 times)

ken

audit of api use in 3.4.0/4.0.0

Eileen

Re: audit of api use in 3.4.0/4.0.0

Erik Hommel

Re: audit of api use in 3.4.0/4.0.0

ken

Re: audit of api use in 3.4.0/4.0.0

Erik Hommel

Re: audit of api use in 3.4.0/4.0.0

Eileen

Re: audit of api use in 3.4.0/4.0.0

Erik Hommel

Re: audit of api use in 3.4.0/4.0.0

Eileen

Re: audit of api use in 3.4.0/4.0.0

Erik Hommel

Re: audit of api use in 3.4.0/4.0.0

xavier

Re: audit of api use in 3.4.0/4.0.0

ken

Re: audit of api use in 3.4.0/4.0.0

Eileen

Re: audit of api use in 3.4.0/4.0.0

xavier

Re: audit of api use in 3.4.0/4.0.0

ken

Re: audit of api use in 3.4.0/4.0.0

Eileen

Re: audit of api use in 3.4.0/4.0.0