From 0044d267272d492f0c3d8408f5d37d4db972106c Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Fri, 2 Feb 2024 20:52:25 +0000 Subject: [PATCH 1/7] ci: add asan runs under gcc --- codebuild/spec/buildspec_asan.yml | 58 +++++++++++++++++++++++++++---- 1 file changed, 51 insertions(+), 7 deletions(-) diff --git a/codebuild/spec/buildspec_asan.yml b/codebuild/spec/buildspec_asan.yml index d6ea0e4cb0e..07e09d51bdc 100644 --- a/codebuild/spec/buildspec_asan.yml +++ b/codebuild/spec/buildspec_asan.yml @@ -18,42 +18,86 @@ version: 0.2 # Codebuild's matrix jobs have non-differentiated names so use batch-list # instead. + +# Parameter motivation + +# COMPILERS +# We run asan on both gcc and clang because of different features sets for their +# address sanitizers. Specifically there was a case where GCC was able to detect +# a memcpy-param-overlap that Clang did not. + +# LIBCRYPTOS +# awslc: happy path libcrypto for s2n-tls +# openssl 3: s2n-tls takes different code paths for ossl3, so make sure we run +# asan on it. See pr 4033 for a historical motivating example. +# openssl 1.1.1: a widely deployed version of openssl. +# openssl 1.0.2: the default libcrypto on AL2, and AL2 is still widely deployed. batch: build-list: - # awslc is the happy path libcrypto for s2n-tls - identifier: awslc env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: awslc - # s2n-tls takes different code paths for ossl3, so make sure we run asan on - # it. See pr 4033 for a historical motivating example. + COMPILER: clang - identifier: openssl_3_0 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-3.0 - # openssl 1.1.1 is a widely deployed version of openssl. + COMPILER: clang - identifier: openssl_1_1_1 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-1.1.1 - # openssl 1.0.2 is the default distributed on AL2, and AL2 is still widely - # deployed + COMPILER: clang - identifier: openssl_1_0_2 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-1.0.2 + COMPILER: clang + - identifier: awslc + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + S2N_LIBCRYPTO: awslc + COMPILER: gcc + - identifier: openssl_3_0 + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + S2N_LIBCRYPTO: openssl-3.0 + COMPILER: gcc + - identifier: openssl_1_1_1 + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + S2N_LIBCRYPTO: openssl-1.1.1 + COMPILER: gcc + - identifier: openssl_1_0_2 + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + S2N_LIBCRYPTO: openssl-1.0.2 + COMPILER: gcc phases: + pre_build: + commands: + - | + if [ -d "third-party-src" ]; then + cd third-party-src; + ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps; + fi + - /usr/bin/$COMPILER --version build: on-failure: ABORT commands: - | cmake . -Bbuild \ - -DCMAKE_C_COMPILER=/usr/bin/clang \ + -DCMAKE_C_COMPILER=/usr/bin/$COMPILER \ -DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO \ -DASAN=ON - cmake --build ./build -- -j $(nproc) From 936785b02122c3e789a10bae15163b189172fe3c Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Fri, 2 Feb 2024 21:03:42 +0000 Subject: [PATCH 2/7] add unique build identifiers --- codebuild/spec/buildspec_asan.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/codebuild/spec/buildspec_asan.yml b/codebuild/spec/buildspec_asan.yml index 07e09d51bdc..d08bcf458e0 100644 --- a/codebuild/spec/buildspec_asan.yml +++ b/codebuild/spec/buildspec_asan.yml @@ -34,49 +34,49 @@ version: 0.2 # openssl 1.0.2: the default libcrypto on AL2, and AL2 is still widely deployed. batch: build-list: - - identifier: awslc + - identifier: clang-awslc env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: awslc COMPILER: clang - - identifier: openssl_3_0 + - identifier: clang-openssl_3_0 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-3.0 COMPILER: clang - - identifier: openssl_1_1_1 + - identifier: clang-openssl_1_1_1 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-1.1.1 COMPILER: clang - - identifier: openssl_1_0_2 + - identifier: clang-openssl_1_0_2 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-1.0.2 COMPILER: clang - - identifier: awslc + - identifier: gcc-awslc env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: awslc COMPILER: gcc - - identifier: openssl_3_0 + - identifier: gcc-openssl_3_0 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-3.0 COMPILER: gcc - - identifier: openssl_1_1_1 + - identifier: gcc-openssl_1_1_1 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-1.1.1 COMPILER: gcc - - identifier: openssl_1_0_2 + - identifier: gcc-openssl_1_0_2 env: compute-type: BUILD_GENERAL1_LARGE variables: From 348602fffe6988e60443f70b5716bcf5d52a7e21 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Fri, 2 Feb 2024 21:07:13 +0000 Subject: [PATCH 3/7] codebuild doesn't accept underscore --- codebuild/spec/buildspec_asan.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/codebuild/spec/buildspec_asan.yml b/codebuild/spec/buildspec_asan.yml index d08bcf458e0..5e94bbec0c2 100644 --- a/codebuild/spec/buildspec_asan.yml +++ b/codebuild/spec/buildspec_asan.yml @@ -34,49 +34,49 @@ version: 0.2 # openssl 1.0.2: the default libcrypto on AL2, and AL2 is still widely deployed. batch: build-list: - - identifier: clang-awslc + - identifier: clang_awslc env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: awslc COMPILER: clang - - identifier: clang-openssl_3_0 + - identifier: clang_openssl_3_0 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-3.0 COMPILER: clang - - identifier: clang-openssl_1_1_1 + - identifier: clang_openssl_1_1_1 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-1.1.1 COMPILER: clang - - identifier: clang-openssl_1_0_2 + - identifier: clang_openssl_1_0_2 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-1.0.2 COMPILER: clang - - identifier: gcc-awslc + - identifier: gcc_awslc env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: awslc COMPILER: gcc - - identifier: gcc-openssl_3_0 + - identifier: gcc_openssl_3_0 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-3.0 COMPILER: gcc - - identifier: gcc-openssl_1_1_1 + - identifier: gcc_openssl_1_1_1 env: compute-type: BUILD_GENERAL1_LARGE variables: S2N_LIBCRYPTO: openssl-1.1.1 COMPILER: gcc - - identifier: gcc-openssl_1_0_2 + - identifier: gcc_openssl_1_0_2 env: compute-type: BUILD_GENERAL1_LARGE variables: From e32da060a7c9d2c69052faba7822fbaf6c057fd7 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Fri, 2 Feb 2024 21:25:25 +0000 Subject: [PATCH 4/7] try alternate comparison function --- tests/unit/s2n_build_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/s2n_build_test.c b/tests/unit/s2n_build_test.c index 7e707954df4..1a5f9b8c705 100644 --- a/tests/unit/s2n_build_test.c +++ b/tests/unit/s2n_build_test.c @@ -84,7 +84,7 @@ int main() } else { /* Any other library should have the name of the library (modulo case) in its version string. */ const char *ssleay_version_text = SSLeay_version(SSLEAY_VERSION); - EXPECT_NOT_NULL(strcasestr(ssleay_version_text, name)); + EXPECT_NOT_NULL(strcasecmp(ssleay_version_text, name)); } }; From e1b9ef30fd7b77469a4df14d507bfd0240afe3d5 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Fri, 2 Feb 2024 21:25:42 +0000 Subject: [PATCH 5/7] Revert "try alternate comparison function" This reverts commit e32da060a7c9d2c69052faba7822fbaf6c057fd7. --- tests/unit/s2n_build_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/s2n_build_test.c b/tests/unit/s2n_build_test.c index 1a5f9b8c705..7e707954df4 100644 --- a/tests/unit/s2n_build_test.c +++ b/tests/unit/s2n_build_test.c @@ -84,7 +84,7 @@ int main() } else { /* Any other library should have the name of the library (modulo case) in its version string. */ const char *ssleay_version_text = SSLeay_version(SSLEAY_VERSION); - EXPECT_NOT_NULL(strcasecmp(ssleay_version_text, name)); + EXPECT_NOT_NULL(strcasestr(ssleay_version_text, name)); } }; From c953ce730216be9ad4a413a87321c48ef820b92c Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Mon, 19 Feb 2024 17:37:51 +0000 Subject: [PATCH 6/7] add line numbers to asan runs --- codebuild/spec/buildspec_asan.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/codebuild/spec/buildspec_asan.yml b/codebuild/spec/buildspec_asan.yml index 5e94bbec0c2..bea41fadcf6 100644 --- a/codebuild/spec/buildspec_asan.yml +++ b/codebuild/spec/buildspec_asan.yml @@ -99,6 +99,7 @@ phases: cmake . -Bbuild \ -DCMAKE_C_COMPILER=/usr/bin/$COMPILER \ -DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ -DASAN=ON - cmake --build ./build -- -j $(nproc) post_build: From 7e5d08e4a543811bcc7d11e4f0daef1c76699c86 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Mon, 19 Feb 2024 17:45:00 +0000 Subject: [PATCH 7/7] add explanation of RelWithDebInfo --- codebuild/spec/buildspec_asan.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/codebuild/spec/buildspec_asan.yml b/codebuild/spec/buildspec_asan.yml index bea41fadcf6..ecc68746522 100644 --- a/codebuild/spec/buildspec_asan.yml +++ b/codebuild/spec/buildspec_asan.yml @@ -32,6 +32,11 @@ version: 0.2 # asan on it. See pr 4033 for a historical motivating example. # openssl 1.1.1: a widely deployed version of openssl. # openssl 1.0.2: the default libcrypto on AL2, and AL2 is still widely deployed. + +# CMAKE_BUILD_TYPE +# RelWithDebInfo: This instructs CMake to do all optimizations (Rel -> Release) +# along with debug info (DebInfo). Debug info is necessary to get line numbers +# in the stack traces that ASAN reports. batch: build-list: - identifier: clang_awslc