From 8fd594222990db71d711e1a74e9b9da06d7d9dad Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 21 Oct 2019 17:11:33 +0200 Subject: [PATCH 1/4] Unify ASan options in make builds Use a common set of options when building with Asan without CMake. --- tests/scripts/all.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 364c8bf3f..73e564be4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -144,6 +144,9 @@ pre_initialize_variables () { export MAKEFLAGS="-j" fi + # CFLAGS and LDFLAGS for Asan builds that don't use CMake + ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address' + # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". # Parse the script with sed, because in sh there is no way to list @@ -1163,7 +1166,7 @@ component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s scripts/config.py full - make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address' + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc -O0 (ASan build)" make test @@ -1179,7 +1182,7 @@ component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s scripts/config.py full - make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address' + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O1" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc -O1 (ASan build)" make test @@ -1195,7 +1198,7 @@ component_test_m32_everest () { msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address' + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s make test From 2558d30f93ae41718a4f9f3a3249d7ad1409e1e4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 21 Oct 2019 20:09:22 +0200 Subject: [PATCH 2/4] Use UBsan in addition to Asan with 'make test' When building with make with the address sanitizer enabled, also enable the undefined behavior sanitizer. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 73e564be4..89f43ef67 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -145,7 +145,7 @@ pre_initialize_variables () { fi # CFLAGS and LDFLAGS for Asan builds that don't use CMake - ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address' + ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined' # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". From 5ca393f7b8f72bbd90f1be798dc06e0efd434d62 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 21 Oct 2019 19:06:33 +0200 Subject: [PATCH 3/4] Asan make builds: avoid sanitizer recovery Some sanitizers default to displaying an error message and recovering. This could result in a test being recorded as passing despite a complaint from the sanitizer. Turn off sanitizer recovery to avoid this risk. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 89f43ef67..cd0eca790 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -145,7 +145,7 @@ pre_initialize_variables () { fi # CFLAGS and LDFLAGS for Asan builds that don't use CMake - ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined' + ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all' # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". From ce35cb3cc7bfc2275aef2f9e842c5c3174d1bc09 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 21 Oct 2019 19:08:07 +0200 Subject: [PATCH 4/4] 'make test' must fail if Asan fails When running 'make test' with GNU make, if a test suite program displays "PASSED", this was automatically counted as a pass. This would in particular count as passing: * A test suite with the substring "PASSED" in a test description. * A test suite where all the test cases succeeded, but the final cleanup failed, in particular if a sanitizer reported a memory leak. Use the test executable's return status instead to determine whether the test suite passed. It's always 0 on PASSED unless the executable's cleanup code fails, and it's never 0 on any failure. Fix ARMmbed/mbed-crypto#303 --- tests/scripts/run-test-suites.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 329ed146a..e55d08336 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -93,7 +93,7 @@ for my $suite (@suites) $suite_cases_failed = () = $result =~ /.. FAILED/g; $suite_cases_skipped = () = $result =~ /.. ----/g; - if( $result =~ /PASSED/ ) { + if( $? == 0 ) { print "PASS\n"; if( $verbose > 2 ) { pad_print_center( 72, '-', "Begin $suite" );