From 9307375f2e8a01cb4807a15adad7e59909d4dbcc Mon Sep 17 00:00:00 2001 From: Vikas Katariya Date: Tue, 10 Sep 2019 17:22:52 +0100 Subject: [PATCH 01/26] Update Coverity secure token Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c45d4081d..3b2bf3c71 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ after_failure: env: global: - SEED=1 - - secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k=" + - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg=" addons: apt: From 74c9e5750ee87df74d0b83f872714f0baa07eda3 Mon Sep 17 00:00:00 2001 From: Vikas Katariya Date: Tue, 10 Sep 2019 17:29:51 +0100 Subject: [PATCH 02/26] Remove blocked branches "coverity_scan" branch is been removed as Travis shouldn't be blocked from triggering it to run Coverity on it. "development-psa" branch isn't used anymore and also it used to depend on a private submodule which Travis would fail to get. Signed-off-by: Gilles Peskine --- .travis.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3b2bf3c71..1a95f6989 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,12 +5,6 @@ compiler: sudo: false cache: ccache -# blocklist -branches: - except: - - development-psa - - coverity_scan - script: - tests/scripts/recursion.pl library/*.c - tests/scripts/check-generated-files.sh From c91c38182a93c7fdf575f7bd2e3e094ac748e010 Mon Sep 17 00:00:00 2001 From: Vikas Katariya Date: Tue, 10 Sep 2019 17:36:23 +0100 Subject: [PATCH 03/26] Update notification e-mail address Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1a95f6989..0685bdbb4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -36,7 +36,7 @@ addons: coverity_scan: project: name: "ARMmbed/mbedtls" - notification_email: simon.butcher@arm.com + notification_email: support-mbedtls@arm.com build_command_prepend: build_command: make branch_pattern: coverity_scan From 5bd9f56d158e8725f14ea94a04b4d9ca977f772c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 23:37:45 +0200 Subject: [PATCH 04/26] all.sh: run selftest in the full config and with ASan Almost everything the selftest program does is in the test suites. But just in case run the selftest program itself once in the full configuration, and once in the default configuration with ASan, in addition to running it out of box. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4e4951552..d08d52fd3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -618,7 +618,7 @@ component_test_default_out_of_box () { make test msg "selftest: make, default config (out-of-box)" # ~10s - programs/test/selftest + if_build_succeeded programs/test/selftest } component_test_default_cmake_gcc_asan () { @@ -629,6 +629,9 @@ component_test_default_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (ASan build)" # ~ 1 min if_build_succeeded tests/ssl-opt.sh @@ -645,6 +648,9 @@ component_test_full_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (full config, ASan build)" make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (full config, ASan build)" if_build_succeeded tests/ssl-opt.sh From 67c3c3fc1b286ccce608fb15388965f0ef4b412d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 22:21:30 +0200 Subject: [PATCH 05/26] all.sh: make the arm-gcc cross-compiler prefix configurable Make it possible to use a compiler that isn't in $PATH, or that's installed with a different name, or even a compiler for a different target such as arm-linux-gnueabi. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d08d52fd3..ecb845253 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -131,6 +131,7 @@ pre_initialize_variables () { : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} + : ${ARM_GCC_PREFIX:=arm-none-eabi-} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then @@ -192,6 +193,8 @@ General options: -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. + --arm-gcc-prefix= Prefix for gcc as a cross-compiler for arm + (default: "${ARM_GCC_PREFIX}") --armcc Run ARM Compiler builds (on by default). --except Exclude the COMPONENTs listed on the command line, instead of running only those. @@ -312,6 +315,7 @@ pre_parse_command_line () { while [ $# -gt 0 ]; do case "$1" in + --arm-gcc-prefix) shift; ARM_GCC_PREFIX="$1";; --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; @@ -511,7 +515,7 @@ pre_check_tools () { esac case " $RUN_COMPONENTS " in - *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";; + *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_GCC_PREFIX}gcc";; esac case " $RUN_COMPONENTS " in @@ -1232,36 +1236,36 @@ component_test_no_64bit_multiplication () { } component_build_arm_none_eabi_gcc () { - msg "build: arm-none-eabi-gcc, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX}, make" # ~ 10s scripts/config.pl baremetal - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib } component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX} -march=arm5vte, make" # ~ 10s scripts/config.pl baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib } component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } component_build_arm_none_eabi_gcc_no_64bit_multiplication () { - msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s + msg "build: ${ARM_GCC_PREFIX} MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" if_build_succeeded not grep __aeabi_lmul library/*.o } From f2cf40ba1ace897adcf54b28e808b8a8eb7a3b8d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 22:13:43 +0200 Subject: [PATCH 06/26] Travis: don't test with both gcc and clang In practice, we hardly ever get different outcomes, so there is no gain in running tests with different compilers. Experimentally, with the builds and tests we currently do and with the compiler versions on a Travis Ubuntu 16.04, gcc jobs are significantly faster than clang jobs (13 min vs 24 min). So use gcc. Signed-off-by: Gilles Peskine --- .travis.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0685bdbb4..11d679c7c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,5 @@ language: c -compiler: -- clang -- gcc +compiler: gcc sudo: false cache: ccache From 7c4912d75870c51bcb512730d647659b6571b85b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 22:18:58 +0200 Subject: [PATCH 07/26] Travis: split the build into three parallel jobs Split the build between: * Basic checks * A build in the default configuration with extensive tests * Builds in other configurations with less testing The intent is to have one shorter job with basic tests, and two longer jobs that take roughly the same amount of time (split as evenly as possible while keeping an easy-to-understand separation). Signed-off-by: Gilles Peskine --- .travis.yml | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index 11d679c7c..39d42636e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,24 +3,35 @@ compiler: gcc sudo: false cache: ccache -script: -- tests/scripts/recursion.pl library/*.c -- tests/scripts/check-generated-files.sh -- tests/scripts/check-doxy-blocks.pl -- tests/scripts/check-names.sh -- tests/scripts/check-files.py -- tests/scripts/doxygen.sh -- cmake -D CMAKE_BUILD_TYPE:String="Check" . -- make -- make test -- programs/test/selftest -- OSSL_NO_DTLS=1 tests/compat.sh -- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' -- tests/scripts/test-ref-configs.pl -- tests/scripts/curves.pl -- tests/scripts/key-exchanges.pl +jobs: + include: + - name: basic checks + script: + - tests/scripts/recursion.pl library/*.c + - tests/scripts/check-generated-files.sh + - tests/scripts/check-doxy-blocks.pl + - tests/scripts/check-names.sh + - tests/scripts/check-files.py + - tests/scripts/doxygen.sh + + - name: default configuration + script: + - cmake -D CMAKE_BUILD_TYPE:String="Check" . + - make + - make test + - programs/test/selftest + - OSSL_NO_DTLS=1 tests/compat.sh + - tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' + + - name: enumerated configurations + script: + - tests/scripts/test-ref-configs.pl + - tests/scripts/curves.pl + - tests/scripts/key-exchanges.pl + after_failure: - tests/scripts/travis-log-failure.sh + env: global: - SEED=1 From 034ee2b848e89c5937ab1b30b78f4d2637750947 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 23:45:55 +0200 Subject: [PATCH 08/26] Travis: move doxygen dependencies into the "sanity" job Only this job uses doxygen and graphviz. Signed-off-by: Gilles Peskine --- .travis.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 39d42636e..2463a7ef8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,6 +6,11 @@ cache: ccache jobs: include: - name: basic checks + addons: + apt: + packages: + - doxygen + - graphviz script: - tests/scripts/recursion.pl library/*.c - tests/scripts/check-generated-files.sh @@ -38,10 +43,6 @@ env: - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg=" addons: - apt: - packages: - - doxygen - - graphviz coverity_scan: project: name: "ARMmbed/mbedtls" From 9d0cee0d08e2b709d61e27ecc2945551658b7b8f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 21:15:07 +0200 Subject: [PATCH 09/26] Travis: run Pylint Declare an explicit Python version. Pick 3.5 which is the default version on Ubuntu 16.04. This is necessary on Travis to have a working pip for Python 3. Install Pylint 2.4.4. There's nothing special about this version, it's just the latest version. Signed-off-by: Gilles Peskine --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index 2463a7ef8..113ef19e0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,10 @@ jobs: packages: - doxygen - graphviz + language: python # Needed to get pip for Python 3 + python: 3.5 # version from Ubuntu 16.04 + install: + - pip install pylint==2.4.4 script: - tests/scripts/recursion.pl library/*.c - tests/scripts/check-generated-files.sh @@ -18,6 +22,7 @@ jobs: - tests/scripts/check-names.sh - tests/scripts/check-files.py - tests/scripts/doxygen.sh + - tests/scripts/check-python-files.sh - name: default configuration script: From ec4c9563726e290e8d7323f75eb751ddf4ed8a51 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 22:23:35 +0200 Subject: [PATCH 10/26] Travis: call all.sh for sanity checks Different releases have different sets of sanity checks. Keep the list in one place, namely all.sh. Signed-off-by: Gilles Peskine --- .travis.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 113ef19e0..9f439ad90 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,13 +16,7 @@ jobs: install: - pip install pylint==2.4.4 script: - - tests/scripts/recursion.pl library/*.c - - tests/scripts/check-generated-files.sh - - tests/scripts/check-doxy-blocks.pl - - tests/scripts/check-names.sh - - tests/scripts/check-files.py - - tests/scripts/doxygen.sh - - tests/scripts/check-python-files.sh + - tests/scripts/all.sh -k 'check_*' - name: default configuration script: From 5a711aba016e51f0b9ea9f5d196780a52ad9d98c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 23:32:52 +0200 Subject: [PATCH 11/26] Travis: call all.sh for the default-configuration build This way anything we change in all.sh, such as adding tests for programs/*/*, will be reflected here. The build now uses GCC instead of Clang, which doesn't make much difference in practice. The build now enables ASan and UBSan. The tests now run compat.sh and ssl-opt.sh fully. Signed-off-by: Gilles Peskine --- .travis.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9f439ad90..f9cedf0e3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,13 +19,12 @@ jobs: - tests/scripts/all.sh -k 'check_*' - name: default configuration + addons: + apt: + packages: + - gnutls-bin script: - - cmake -D CMAKE_BUILD_TYPE:String="Check" . - - make - - make test - - programs/test/selftest - - OSSL_NO_DTLS=1 tests/compat.sh - - tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' + - tests/scripts/all.sh -k test_default_cmake_gcc_asan - name: enumerated configurations script: From 9a0e0f2655f006dec1aaf3a4808d8e7c5a663672 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 21:31:04 +0200 Subject: [PATCH 12/26] Travis: replace "default configuration by "full configuration" For the one long job with ASan, use the full configuration. We get more coverage this way, at the cost of a slightly longer runtime which we can afford since the "enumerated configurations" job is slower. Add a default-configuration build to the "basic checks" job. This job is fairly quick (no ASan, no SSL testing). Signed-off-by: Gilles Peskine --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index f9cedf0e3..c3580b8f9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,14 +17,15 @@ jobs: - pip install pylint==2.4.4 script: - tests/scripts/all.sh -k 'check_*' + - tests/scripts/all.sh -k test_default_out_of_box - - name: default configuration + - name: full configuration addons: apt: packages: - gnutls-bin script: - - tests/scripts/all.sh -k test_default_cmake_gcc_asan + - tests/scripts/all.sh -k test_full_cmake_gcc_asan - name: enumerated configurations script: From 4b29e7d6827b7e1442abf59452f2c5f41c1b0810 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 23:36:00 +0200 Subject: [PATCH 13/26] Travis: install gnutls-bin for all jobs Some jobs don't actually test against GnuTLS, but all.sh checks its presence in all test jobs, so it needs to be installed regardless. Signed-off-by: Gilles Peskine --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index c3580b8f9..c3bd35278 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,7 @@ jobs: addons: apt: packages: + - gnutls-bin - doxygen - graphviz language: python # Needed to get pip for Python 3 @@ -20,10 +21,6 @@ jobs: - tests/scripts/all.sh -k test_default_out_of_box - name: full configuration - addons: - apt: - packages: - - gnutls-bin script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan @@ -42,6 +39,9 @@ env: - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg=" addons: + apt: + packages: + - gnutls-bin coverity_scan: project: name: "ARMmbed/mbedtls" From 025747bd81a2e5a107845f23f078731a8e9ef758 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 21:46:42 +0200 Subject: [PATCH 14/26] Travis: call all depends_* tests Call all.sh to run all the available test_depends_* components. This adds a run of depends-hashes.pl and depends-pkgalgs.pl. Keep invoking test-ref-configs.pl rather than via all.sh so that it doesn't run with ASan. This saves some time and ASan there doesn't turn up much more than in the full config. Signed-off-by: Gilles Peskine --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index c3bd35278..39933b58b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,8 +27,7 @@ jobs: - name: enumerated configurations script: - tests/scripts/test-ref-configs.pl - - tests/scripts/curves.pl - - tests/scripts/key-exchanges.pl + - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' after_failure: - tests/scripts/travis-log-failure.sh From 1c2c1bd7b03d25d5f0871bbf48f1facad8f000f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 22:30:31 +0200 Subject: [PATCH 15/26] Travis: add a baremetal build Add a baremetal build to Travis, to catch inadvertent dependencies on platform functions. The exact choice of target platform doesn't matter for this purpose. Pick one that's present in all.sh, that uses a compiler that's available in the Travis build environment (Ubuntu 16.04), and that happens to be close to the Debian "armel" distribution. Signed-off-by: Gilles Peskine --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 39933b58b..056990925 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,8 @@ jobs: - gnutls-bin - doxygen - graphviz + - gcc-arm-none-eabi + - libnewlib-arm-none-eabi language: python # Needed to get pip for Python 3 python: 3.5 # version from Ubuntu 16.04 install: @@ -19,6 +21,7 @@ jobs: script: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box + - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte - name: full configuration script: From 317e7a19ebd911e81216167fe02664c59a943e92 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 22:42:41 +0200 Subject: [PATCH 16/26] Travis: add a build on macOS Just do the default build with Clang and run the unit tests. The objective is to have one build on a Unix-like platform other than Linux. Signed-off-by: Gilles Peskine --- .travis.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.travis.yml b/.travis.yml index 056990925..eefb2552d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,6 +32,12 @@ jobs: - tests/scripts/test-ref-configs.pl - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' + - name: macOS + os: osx + compiler: clang + script: + - tests/scripts/all.sh -k test_default_out_of_box + after_failure: - tests/scripts/travis-log-failure.sh From 7c8c9c9531e0583d1045dcb6ccb808b5dfdd88ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 00:33:13 +0200 Subject: [PATCH 17/26] check-files: support Windows .bat files Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 4bc27f067..cd993e260 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -103,7 +103,7 @@ class LineIssueTracker(FileIssueTracker): def is_windows_file(filepath): _root, ext = os.path.splitext(filepath) - return ext in ('.dsp', '.sln', '.vcxproj') + return ext in ('.bat', '.dsp', '.sln', '.vcxproj') class PermissionIssueTracker(FileIssueTracker): @@ -223,6 +223,7 @@ class IntegrityChecker: self.logger = None self.setup_logger(log_file) self.extensions_to_check = ( + ".bat", ".c", ".data", ".dsp", From 468adcc20b1049f3ab58a8eccebf7b21d623e4f0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 00:33:28 +0200 Subject: [PATCH 18/26] Add a simple build script for Windows with Visual Studio Keep it simple and mostly non-parametrizable for now. A path to Visual Studio 2017 is hard-coded. Signed-off-by: Gilles Peskine --- scripts/windows_msbuild.bat | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 scripts/windows_msbuild.bat diff --git a/scripts/windows_msbuild.bat b/scripts/windows_msbuild.bat new file mode 100644 index 000000000..e41993101 --- /dev/null +++ b/scripts/windows_msbuild.bat @@ -0,0 +1,20 @@ +@rem Build and test Mbed TLS with Visual Studio using msbuild. +@rem Usage: windows_msbuild [RETARGET] +@rem RETARGET: version of Visual Studio to emulate +@rem https://docs.microsoft.com/en-us/cpp/build/how-to-modify-the-target-framework-and-platform-toolset + +@rem These parameters are hard-coded for now. +set "arch=x64" & @rem "x86" or "x64" +set "cfg=Release" & @rem "Debug" or "Release" +set "vcvarsall=C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat" + +if not "%~1"=="" set "retarget=,PlatformToolset=%1" + +@rem If the %USERPROFILE%\Source directory exists, then running +@rem vcvarsall.bat will silently change the directory to that directory. +@rem Setting the VSCMD_START_DIR environment variable causes it to change +@rem to that directory instead. +set "VSCMD_START_DIR=%~dp0\..\visualc\VS2010" + +"%vcvarsall%" x64 && ^ +msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln From e335816bf68ac30d5642c737792d91af193915a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 25 Apr 2020 23:25:10 +0200 Subject: [PATCH 19/26] Travis: add a build with Visual Studio on Windows Travis now offers a Windows environment. Do a build with Visual Studio. This brings diversity into the Travis CI which otherwise only uses GCC and Clang. Signed-off-by: Gilles Peskine --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index eefb2552d..057875abc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,6 +38,11 @@ jobs: script: - tests/scripts/all.sh -k test_default_out_of_box + - name: Windows + os: windows + script: + - scripts/windows_msbuild.bat + after_failure: - tests/scripts/travis-log-failure.sh From 2ccdf897d84fceec31e43396cf47dc51a6c54ba0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 13:12:55 +0200 Subject: [PATCH 20/26] Travis: Windows: target Visual Studio 2017 Only the Visual Studio 2017 toolset is currently preinstalled on Travis. Use this, instead of our solution's default which is VS 2010. Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 057875abc..ac997b097 100644 --- a/.travis.yml +++ b/.travis.yml @@ -41,7 +41,7 @@ jobs: - name: Windows os: windows script: - - scripts/windows_msbuild.bat + - scripts/windows_msbuild.bat v141 # Visual Studio 2017 after_failure: - tests/scripts/travis-log-failure.sh From eb59af14b07bacedceeb4514f4270ed36523b208 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 21:26:42 +0200 Subject: [PATCH 21/26] Travis: rebalance the Linux builds Make the running time more even. Signed-off-by: Gilles Peskine --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index ac997b097..da64cd0dd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ cache: ccache jobs: include: - - name: basic checks + - name: basic checks and reference configurations addons: apt: packages: @@ -21,15 +21,15 @@ jobs: script: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box - - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte + - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte # baremetal + - tests/scripts/test-ref-configs.pl - name: full configuration script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan - - name: enumerated configurations + - name: check compilation guards script: - - tests/scripts/test-ref-configs.pl - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' - name: macOS From a3c6c8a945f02119540d940c7c928cc6f65d47a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 18:19:32 +0200 Subject: [PATCH 22/26] Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix This is supposed to be for GCC (or a compiler with a compatible command line interface) targeting arm-none-eabi, so name it accordingly. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ecb845253..de1c99a2b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -131,7 +131,7 @@ pre_initialize_variables () { : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} - : ${ARM_GCC_PREFIX:=arm-none-eabi-} + : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then @@ -193,8 +193,9 @@ General options: -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. - --arm-gcc-prefix= Prefix for gcc as a cross-compiler for arm - (default: "${ARM_GCC_PREFIX}") + --arm-none-eabi-gcc-prefix= + Prefix for a cross-compiler for arm-none-eabi + (default: "${ARM_NONE_EABI_GCC_PREFIX}") --armcc Run ARM Compiler builds (on by default). --except Exclude the COMPONENTs listed on the command line, instead of running only those. @@ -315,7 +316,7 @@ pre_parse_command_line () { while [ $# -gt 0 ]; do case "$1" in - --arm-gcc-prefix) shift; ARM_GCC_PREFIX="$1";; + --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; @@ -515,7 +516,7 @@ pre_check_tools () { esac case " $RUN_COMPONENTS " in - *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_GCC_PREFIX}gcc";; + *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; esac case " $RUN_COMPONENTS " in @@ -1236,36 +1237,36 @@ component_test_no_64bit_multiplication () { } component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_GCC_PREFIX}, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}, make" # ~ 10s scripts/config.pl baremetal - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib } component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: ${ARM_GCC_PREFIX} -march=arm5vte, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -march=arm5vte, make" # ~ 10s scripts/config.pl baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib } component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: ${ARM_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } component_build_arm_none_eabi_gcc_no_64bit_multiplication () { - msg "build: ${ARM_GCC_PREFIX} MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX} MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC="${ARM_GCC_PREFIX}gcc" AR="${ARM_GCC_PREFIX}ar" LD="${ARM_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" if_build_succeeded not grep __aeabi_lmul library/*.o } From fcccfbc64afaf74130b355c244e3e3ba63c1dc1c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 22:54:00 +0200 Subject: [PATCH 23/26] all.sh: build_arm_none_eabi_gcc: do optimize Otherwise the bignum assembly code is not used. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index de1c99a2b..0148eca14 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1237,9 +1237,9 @@ component_test_no_64bit_multiplication () { } component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, make" # ~ 10s scripts/config.pl baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib } component_build_arm_none_eabi_gcc_arm5vte () { From dac156b63166f8b120271906993dda834969c7c5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:00:53 +0200 Subject: [PATCH 24/26] all.sh: add a Cortex-M0+ build It's pretty fast and adds a little variety. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0148eca14..35684dda8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1253,6 +1253,12 @@ component_build_arm_none_eabi_gcc_arm5vte () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib } +component_build_arm_none_eabi_gcc_m0plus () { + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s + scripts/config.pl baremetal + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib +} + component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.pl baremetal From e6c0c7d36980372bc44a73d3bfa223a838472b2b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:11:54 +0200 Subject: [PATCH 25/26] all.sh: on arm builds (GCC or Arm Compiler), show the code size Just show the code size in the logs, for human consumption. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 35684dda8..855109e11 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -280,9 +280,13 @@ armc6_build_test() { FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" + msg "build: ARM Compiler 6 ($FLAGS)" ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ WARNING_CFLAGS='-xc -std=c99' make lib + + msg "size: ARM Compiler 6 ($FLAGS)" + "$ARMC6_FROMELF" -z library/*.o + make clean } @@ -531,9 +535,12 @@ pre_check_tools () { *_armcc*) ARMC5_CC="$ARMC5_BIN_DIR/armcc" ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" ARMC6_CC="$ARMC6_BIN_DIR/armclang" ARMC6_AR="$ARMC6_BIN_DIR/armar" - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; + ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ + "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; esac msg "info: output_env.sh" @@ -1237,13 +1244,16 @@ component_test_no_64bit_multiplication () { } component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.pl baremetal make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -march=arm5vte, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s scripts/config.pl baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). @@ -1251,12 +1261,18 @@ component_build_arm_none_eabi_gcc_arm5vte () { # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_m0plus () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s scripts/config.pl baremetal make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_no_udbl_division () { @@ -1278,10 +1294,13 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { } component_build_armcc () { - msg "build: ARM Compiler 5, make" + msg "build: ARM Compiler 5" scripts/config.pl baremetal - make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + + msg "size: ARM Compiler 5" + "$ARMC5_FROMELF" -z library/*.o + make clean # ARM Compiler 6 - Target ARMv7-A From 43e068c9ebf18c0550c6c514e82d21809ab9302b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Apr 2020 23:10:48 +0200 Subject: [PATCH 26/26] Travis: do both a Cortex-A build and a Cortex-M0+ build The Cortex-A build is similar to Debian armel. The Cortex-M0+ is a handy point of comparison for code size. Put that one last so that it's easy to find in the log. Signed-off-by: Gilles Peskine --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index da64cd0dd..8789c444b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,8 +21,8 @@ jobs: script: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box - - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte # baremetal - tests/scripts/test-ref-configs.pl + - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus - name: full configuration script: