[3.8] gh-96710: Make the test timing more lenient for the int/str DoS regression test. (GH-96717) (#98197)

miss-islington · gpshead · web-flow · commit a44cc0a89559 · 2022-10-11T23:13:43.000+02:00
gh-96710: Make the test timing more lenient for the int/str DoS regression test. (GH-96717) A regression would still absolutely fail and even a flaky pass isn't harmful as it'd fail most of the time across our N system test runs. Windows has a low resolution timer and CI systems are prone to odd timing so this just gives more leeway to avoid flakiness. (cherry picked from commit 11e3548) Co-authored-by: Gregory P. Smith <greg@krypto.org>
diff --git a/Lib/test/test_int.py b/Lib/test/test_int.py
@@ -644,7 +644,8 @@ def test_denial_of_service_prevented_int_to_str(self):
         self.assertEqual(len(huge_decimal), digits)
         # Ensuring that we chose a slow enough conversion to measure.
         # It takes 0.1 seconds on a Zen based cloud VM in an opt build.
-        if seconds_to_convert < 0.005:
+        # Some OSes have a low res 1/64s timer, skip if hard to measure.
+        if seconds_to_convert < 1/64:
             raise unittest.SkipTest('"slow" conversion took only '
                                     f'{seconds_to_convert} seconds.')
 
@@ -656,7 +657,7 @@ def test_denial_of_service_prevented_int_to_str(self):
                 str(huge_int)
             seconds_to_fail_huge = get_time() - start
         self.assertIn('conversion', str(err.exception))
-        self.assertLess(seconds_to_fail_huge, seconds_to_convert/8)
+        self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2)
 
         # Now we test that a conversion that would take 30x as long also fails
         # in a similarly fast fashion.
@@ -667,7 +668,7 @@ def test_denial_of_service_prevented_int_to_str(self):
             str(extra_huge_int)
         seconds_to_fail_extra_huge = get_time() - start
         self.assertIn('conversion', str(err.exception))
-        self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8)
+        self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/2)
 
     def test_denial_of_service_prevented_str_to_int(self):
         """Regression test: ensure we fail before performing O(N**2) work."""
@@ -685,7 +686,8 @@ def test_denial_of_service_prevented_str_to_int(self):
         seconds_to_convert = get_time() - start
         # Ensuring that we chose a slow enough conversion to measure.
         # It takes 0.1 seconds on a Zen based cloud VM in an opt build.
-        if seconds_to_convert < 0.005:
+        # Some OSes have a low res 1/64s timer, skip if hard to measure.
+        if seconds_to_convert < 1/64:
             raise unittest.SkipTest('"slow" conversion took only '
                                     f'{seconds_to_convert} seconds.')
 
@@ -695,7 +697,7 @@ def test_denial_of_service_prevented_str_to_int(self):
                 int(huge)
             seconds_to_fail_huge = get_time() - start
         self.assertIn('conversion', str(err.exception))
-        self.assertLess(seconds_to_fail_huge, seconds_to_convert/8)
+        self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2)
 
         # Now we test that a conversion that would take 30x as long also fails
         # in a similarly fast fashion.
@@ -706,7 +708,7 @@ def test_denial_of_service_prevented_str_to_int(self):
             int(extra_huge)
         seconds_to_fail_extra_huge = get_time() - start
         self.assertIn('conversion', str(err.exception))
-        self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8)
+        self.assertLessEqual(seconds_to_fail_extra_huge, seconds_to_convert/2)
 
     def test_power_of_two_bases_unlimited(self):
         """The limit does not apply to power of 2 bases."""
