| Minos Galanakis | 7771119 | 2024-07-25 14:24:37 +0100 | [diff] [blame] | 1 | # components-sanitizers.sh | 
|  | 2 | # | 
|  | 3 | # Copyright The Mbed TLS Contributors | 
|  | 4 | # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later | 
|  | 5 |  | 
|  | 6 | # This file contains test components that are executed by all.sh | 
|  | 7 |  | 
|  | 8 | ################################################################ | 
|  | 9 | #### Sanitizer Testing | 
|  | 10 | ################################################################ | 
| Minos Galanakis | 4a2a351 | 2024-08-01 17:28:37 +0100 | [diff] [blame] | 11 |  | 
|  | 12 | skip_suites_without_constant_flow () { | 
|  | 13 | # Skip the test suites that don't have any constant-flow annotations. | 
|  | 14 | # This will need to be adjusted if we ever start declaring things as | 
| David Horstmann | dcf42a0 | 2024-11-08 14:40:12 +0000 | [diff] [blame] | 15 | # secret from macros or functions inside framework/tests/include or framework/tests/src. | 
| Minos Galanakis | 4a2a351 | 2024-08-01 17:28:37 +0100 | [diff] [blame] | 16 | SKIP_TEST_SUITES=$( | 
|  | 17 | git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' | | 
|  | 18 | sed 's/test_suite_//; s/\.function$//' | | 
|  | 19 | tr '\n' ,) | 
|  | 20 | export SKIP_TEST_SUITES | 
|  | 21 | } | 
|  | 22 |  | 
|  | 23 | skip_all_except_given_suite () { | 
|  | 24 | # Skip all but the given test suite | 
|  | 25 | SKIP_TEST_SUITES=$( | 
|  | 26 | ls -1 tests/suites/test_suite_*.function | | 
|  | 27 | grep -v $1.function | | 
|  | 28 | sed 's/tests.suites.test_suite_//; s/\.function$//' | | 
|  | 29 | tr '\n' ,) | 
|  | 30 | export SKIP_TEST_SUITES | 
|  | 31 | } | 
|  | 32 |  | 
|  | 33 | component_test_memsan_constant_flow () { | 
|  | 34 | # This tests both (1) accesses to undefined memory, and (2) branches or | 
|  | 35 | # memory access depending on secret values. To distinguish between those: | 
|  | 36 | # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? | 
|  | 37 | # - or alternatively, change the build type to MemSanDbg, which enables | 
|  | 38 | # origin tracking and nicer stack traces (which are useful for debugging | 
|  | 39 | # anyway), and check if the origin was TEST_CF_SECRET() or something else. | 
|  | 40 | msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing" | 
|  | 41 | scripts/config.py full | 
|  | 42 | scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN | 
|  | 43 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO | 
|  | 44 | scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm | 
| Elena Uziunaite | cd2ae32 | 2024-07-01 16:55:19 +0100 | [diff] [blame] | 45 | scripts/config.py unset MBEDTLS_HAVE_ASM | 
| Minos Galanakis | 4a2a351 | 2024-08-01 17:28:37 +0100 | [diff] [blame] | 46 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . | 
|  | 47 | make | 
|  | 48 |  | 
|  | 49 | msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)" | 
|  | 50 | make test | 
|  | 51 | } | 
|  | 52 |  | 
|  | 53 | component_test_memsan_constant_flow_psa () { | 
|  | 54 | # This tests both (1) accesses to undefined memory, and (2) branches or | 
|  | 55 | # memory access depending on secret values. To distinguish between those: | 
|  | 56 | # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? | 
|  | 57 | # - or alternatively, change the build type to MemSanDbg, which enables | 
|  | 58 | # origin tracking and nicer stack traces (which are useful for debugging | 
|  | 59 | # anyway), and check if the origin was TEST_CF_SECRET() or something else. | 
|  | 60 | msg "build: cmake MSan (clang), full config with constant flow testing" | 
|  | 61 | scripts/config.py full | 
|  | 62 | scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN | 
|  | 63 | scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm | 
| Elena Uziunaite | cd2ae32 | 2024-07-01 16:55:19 +0100 | [diff] [blame] | 64 | scripts/config.py unset MBEDTLS_HAVE_ASM | 
| Minos Galanakis | 4a2a351 | 2024-08-01 17:28:37 +0100 | [diff] [blame] | 65 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . | 
|  | 66 | make | 
|  | 67 |  | 
|  | 68 | msg "test: main suites (Msan + constant flow)" | 
|  | 69 | make test | 
|  | 70 | } | 
|  | 71 |  | 
|  | 72 | component_release_test_valgrind_constant_flow () { | 
|  | 73 | # This tests both (1) everything that valgrind's memcheck usually checks | 
|  | 74 | # (heap buffer overflows, use of uninitialized memory, use-after-free, | 
|  | 75 | # etc.) and (2) branches or memory access depending on secret values, | 
|  | 76 | # which will be reported as uninitialized memory. To distinguish between | 
|  | 77 | # secret and actually uninitialized: | 
|  | 78 | # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? | 
|  | 79 | # - or alternatively, build with debug info and manually run the offending | 
|  | 80 | # test suite with valgrind --track-origins=yes, then check if the origin | 
|  | 81 | # was TEST_CF_SECRET() or something else. | 
|  | 82 | msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing" | 
|  | 83 | scripts/config.py full | 
|  | 84 | scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND | 
|  | 85 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO | 
|  | 86 | skip_suites_without_constant_flow | 
|  | 87 | cmake -D CMAKE_BUILD_TYPE:String=Release . | 
|  | 88 | make | 
|  | 89 |  | 
|  | 90 | # this only shows a summary of the results (how many of each type) | 
|  | 91 | # details are left in Testing/<date>/DynamicAnalysis.xml | 
|  | 92 | msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)" | 
|  | 93 | make memcheck | 
|  | 94 |  | 
|  | 95 | # Test asm path in constant time module - by default, it will test the plain C | 
|  | 96 | # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s) | 
|  | 97 | msg "test: valgrind asm constant_time" | 
| Minos Galanakis | 4a2a351 | 2024-08-01 17:28:37 +0100 | [diff] [blame] | 98 | skip_all_except_given_suite test_suite_constant_time | 
|  | 99 | cmake -D CMAKE_BUILD_TYPE:String=Release . | 
|  | 100 | make clean | 
|  | 101 | make | 
|  | 102 | make memcheck | 
|  | 103 | } | 
|  | 104 |  | 
| Elena Uziunaite | f0871be | 2024-07-02 15:52:03 +0100 | [diff] [blame] | 105 | component_release_test_valgrind_constant_flow_no_asm () { | 
|  | 106 | # This tests both (1) everything that valgrind's memcheck usually checks | 
|  | 107 | # (heap buffer overflows, use of uninitialized memory, use-after-free, | 
|  | 108 | # etc.) and (2) branches or memory access depending on secret values, | 
|  | 109 | # which will be reported as uninitialized memory. To distinguish between | 
|  | 110 | # secret and actually uninitialized: | 
|  | 111 | # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? | 
|  | 112 | # - or alternatively, build with debug info and manually run the offending | 
|  | 113 | # test suite with valgrind --track-origins=yes, then check if the origin | 
|  | 114 | # was TEST_CF_SECRET() or something else. | 
|  | 115 | msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM with constant flow testing" | 
|  | 116 | scripts/config.py full | 
|  | 117 | scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND | 
|  | 118 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO | 
|  | 119 | scripts/config.py unset MBEDTLS_AESNI_C | 
|  | 120 | scripts/config.py unset MBEDTLS_HAVE_ASM | 
|  | 121 | skip_suites_without_constant_flow | 
|  | 122 | cmake -D CMAKE_BUILD_TYPE:String=Release . | 
|  | 123 | make | 
|  | 124 |  | 
|  | 125 | # this only shows a summary of the results (how many of each type) | 
|  | 126 | # details are left in Testing/<date>/DynamicAnalysis.xml | 
|  | 127 | msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" | 
|  | 128 | make memcheck | 
| Elena Uziunaite | f0871be | 2024-07-02 15:52:03 +0100 | [diff] [blame] | 129 | } | 
|  | 130 |  | 
| Minos Galanakis | 4a2a351 | 2024-08-01 17:28:37 +0100 | [diff] [blame] | 131 | component_release_test_valgrind_constant_flow_psa () { | 
|  | 132 | # This tests both (1) everything that valgrind's memcheck usually checks | 
|  | 133 | # (heap buffer overflows, use of uninitialized memory, use-after-free, | 
|  | 134 | # etc.) and (2) branches or memory access depending on secret values, | 
|  | 135 | # which will be reported as uninitialized memory. To distinguish between | 
|  | 136 | # secret and actually uninitialized: | 
|  | 137 | # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? | 
|  | 138 | # - or alternatively, build with debug info and manually run the offending | 
|  | 139 | # test suite with valgrind --track-origins=yes, then check if the origin | 
|  | 140 | # was TEST_CF_SECRET() or something else. | 
|  | 141 | msg "build: cmake release GCC, full config with constant flow testing" | 
|  | 142 | scripts/config.py full | 
|  | 143 | scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND | 
|  | 144 | skip_suites_without_constant_flow | 
|  | 145 | cmake -D CMAKE_BUILD_TYPE:String=Release . | 
|  | 146 | make | 
|  | 147 |  | 
|  | 148 | # this only shows a summary of the results (how many of each type) | 
|  | 149 | # details are left in Testing/<date>/DynamicAnalysis.xml | 
|  | 150 | msg "test: some suites (valgrind + constant flow)" | 
|  | 151 | make memcheck | 
|  | 152 | } | 
|  | 153 |  | 
|  | 154 | component_test_tsan () { | 
|  | 155 | msg "build: TSan (clang)" | 
|  | 156 | scripts/config.py full | 
|  | 157 | scripts/config.py set MBEDTLS_THREADING_C | 
|  | 158 | scripts/config.py set MBEDTLS_THREADING_PTHREAD | 
|  | 159 | # Self-tests do not currently use multiple threads. | 
|  | 160 | scripts/config.py unset MBEDTLS_SELF_TEST | 
|  | 161 |  | 
|  | 162 | # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe. | 
|  | 163 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C | 
|  | 164 |  | 
|  | 165 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . | 
|  | 166 | make | 
|  | 167 |  | 
|  | 168 | msg "test: main suites (TSan)" | 
|  | 169 | make test | 
|  | 170 | } | 
|  | 171 |  | 
|  | 172 | component_test_memsan () { | 
|  | 173 | msg "build: MSan (clang)" # ~ 1 min 20s | 
|  | 174 | scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm | 
| Elena Uziunaite | 9af882d | 2024-07-02 10:52:13 +0100 | [diff] [blame] | 175 | scripts/config.py unset MBEDTLS_HAVE_ASM | 
| Minos Galanakis | 4a2a351 | 2024-08-01 17:28:37 +0100 | [diff] [blame] | 176 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . | 
|  | 177 | make | 
|  | 178 |  | 
|  | 179 | msg "test: main suites (MSan)" # ~ 10s | 
|  | 180 | make test | 
|  | 181 |  | 
|  | 182 | msg "test: metatests (MSan)" | 
|  | 183 | tests/scripts/run-metatests.sh any msan | 
|  | 184 |  | 
|  | 185 | msg "program demos (MSan)" # ~20s | 
|  | 186 | tests/scripts/run_demos.py | 
|  | 187 |  | 
|  | 188 | msg "test: ssl-opt.sh (MSan)" # ~ 1 min | 
|  | 189 | tests/ssl-opt.sh | 
|  | 190 |  | 
|  | 191 | # Optional part(s) | 
|  | 192 |  | 
|  | 193 | if [ "$MEMORY" -gt 0 ]; then | 
|  | 194 | msg "test: compat.sh (MSan)" # ~ 6 min 20s | 
|  | 195 | tests/compat.sh | 
|  | 196 | fi | 
|  | 197 | } | 
|  | 198 |  | 
|  | 199 | component_release_test_valgrind () { | 
|  | 200 | msg "build: Release (clang)" | 
|  | 201 | # default config, in particular without MBEDTLS_USE_PSA_CRYPTO | 
|  | 202 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . | 
|  | 203 | make | 
|  | 204 |  | 
|  | 205 | msg "test: main suites, Valgrind (default config)" | 
|  | 206 | make memcheck | 
|  | 207 |  | 
|  | 208 | # Optional parts (slow; currently broken on OS X because programs don't | 
|  | 209 | # seem to receive signals under valgrind on OS X). | 
|  | 210 | # These optional parts don't run on the CI. | 
|  | 211 | if [ "$MEMORY" -gt 0 ]; then | 
|  | 212 | msg "test: ssl-opt.sh --memcheck (default config)" | 
|  | 213 | tests/ssl-opt.sh --memcheck | 
|  | 214 | fi | 
|  | 215 |  | 
|  | 216 | if [ "$MEMORY" -gt 1 ]; then | 
|  | 217 | msg "test: compat.sh --memcheck (default config)" | 
|  | 218 | tests/compat.sh --memcheck | 
|  | 219 | fi | 
|  | 220 |  | 
|  | 221 | if [ "$MEMORY" -gt 0 ]; then | 
|  | 222 | msg "test: context-info.sh --memcheck (default config)" | 
|  | 223 | tests/context-info.sh --memcheck | 
|  | 224 | fi | 
|  | 225 | } | 
|  | 226 |  | 
|  | 227 | component_release_test_valgrind_psa () { | 
|  | 228 | msg "build: Release, full (clang)" | 
|  | 229 | # full config, in particular with MBEDTLS_USE_PSA_CRYPTO | 
|  | 230 | scripts/config.py full | 
|  | 231 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . | 
|  | 232 | make | 
|  | 233 |  | 
|  | 234 | msg "test: main suites, Valgrind (full config)" | 
|  | 235 | make memcheck | 
|  | 236 | } |