-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
General CI discussion #707
Comments
I think BE is basically solved in travis since there is s390 (lol). It sounds like the arm is arm64 which is useful but less interesting than 32bit arm. The big gaps I see in travis:
To me the obvious thing to do is to run a jenkins instance. Jenkins is extremely simple to operate (in my experience much easier to use than travis, because you're less subject to trial and error-- particularly because if you're the group running it you can just ssh in and try the tests locally until they work). Jenkins supports remote executors (and you can confine jobs to only run on particular executors), so its trivial to have an executor that runs on dedicated hardware that allows benchmarking... or on fast systems. The big challenge I see is that the travis ecosystem has created an expectation that PRs from random people will get CI run against them. And having random people's code run on your own hosts/networks is super scary. One option would be to just run the jenkins on PRs by whitelisted people and on merged commits (this is apparently a standard feature of the jenkins PR integration module, which I've never used-- my experience has been w/ just running it on merged commits). I can offer to run some executors (and can do arm7, big endian systems, whatever) on an isolated network that just vpns back to the jenkins install and has no network access. But the limitation there is that if I get hit by a bus you might have issues finding someone else willing to volunteer a half rack of assorted old hardware. An extension of the "cant benchmark" is that the library really should have regression tests for sidechannel behaviour. Right now someone could flip a compiler flag, and the cmovs some being constant and you get an enormous sidechannel and no one would notice until it shows up in an attack (or hopefully, attack paper). There are a couple different ways of dealing with that which would allow CI integration of a sidechannel test, but most of them require being able to use test on bizarre hardware (e.g. with a jenkins remote executor). The one option that wouldn't would be running tests in a cycle accurate cpu simulator-- essentially like running in valgrind but could get cycle counts and dram access traces as a side effect which could be compared across different secrets to be sure they were constant, but when I went down that path a couple years ago none that I could find simulated dram. @tdaede might have more recent suggestions. |
Travis hiding the output of ./tests failing really stinks, did it used to do that? |
We cat the log files in the end but you need to "unfold" output by clicking the arrow. |
Ah, I missed the 'unfold' Thanks. |
FYI. We've removed the GitHub Actions workflow from our repository. See discussion in that issue and bitcoin/bitcoin#18031. |
The CI should probably do a build on a system without libgmp to catch accidental header dependencies. The CI should probably have a makefileless build (e.g. just a big GCC commandline that sets all the required defines) |
related: bitcoin/bitcoin#18659 |
We may want to look into Azure Pipelines: https://azure.microsoft.com/de-de/services/devops/pipelines/ |
We have the ubsan sanitizer now on Travis (#839). Has anyone tried other sanitizers that we may want to enable? |
asan/lsan is generally as easy as ubsan to enable (and they can all be enabled simultaneously) though has a higher performance impact. It can catch out-of-bound accesses (also on the stack), and memory leaks. tsan isn't useful for us as there is no threading. msan is a pain to integrate (as it requires building libc and other dependencies with msan as well), and we already have valgrind which largely detects the same issues. |
This isn't really correct for C, msan contains shims for the common libc uses, so there shouldn't be a need to rebuild libc to run msan here. |
Travis is effectively shutting down for open source: Options:
Non-options:
|
Any public "free" solution is going to either be short lived or extremely stingy with cpu time for obvious economic reasons-- or, likely, both. Any "custom rolled" solution has the life limits from their sponsors not having time for maintenance, hardware failures, etc. but presumably wouldn't be cpu resources limited. Custom rolled can also guarantee uncontested access to systems, allowing for real benchmarking. I suggest regardless: All testing should be setup as generic shell scripts (and/or python if really needed) that could be invoked from any CI system-- they're pretty much there already except for the travis matrixing. Then it becomes easier to move things around. The project isn't just limited to just using one thing. If some free hosted thing works then it would probably good to run it in parallel with whatever else gets setup. [I would already have a jenkins setup running but for ongoing power usage limitations here which are finally almost resolved.]
I don't think having s390x is particularly important, esp since it's slightly broken for reasons out of our hands-- but having a BE target is nice. Debian on MIPS BE (with valgrind too) and Sparc run fine in qemu-system though both quite slow, and I assume BE PPC works but I haven't tried it. ...and each of these is way more important than s390x: They're all found in really cool spacecraft. I don't know where s390x machines are found, but certainly not in space. Armonk, New York, probably. Space is much better than Armonk: For one thing, space doesn't have any computer crackers. |
Yes, sure. I don't care about s390x in particular. We should just have some BE architecture. If it's just for BE testing, we should probably just take the one which is fastest on qemu. Of course, having valgrind is better than not having it, and the probability that the Sparc build is relevant for some users is larger than for s390x. |
Well I know mips with valgrind works, and I successfully got debian in sparc working but there is no valgrind. (which is too bad, sparc otherwise tends to expose some issues due to register windowing). |
Indeed. More on the free thing: I think Cirrus CI is the best free/"cloud" option for now. |
There are plans to increase the stability and performance (as well as supported architectures) on bitcoinbuilds.org. There is also a GitHub integration (running only here for now). The CI is completely custom built and easy to extend. I'm currently trying to setup a team of devs/admins. Ideally it would support running tests on hardware provided by authenticated developers/users. |
Thanks for letting us know. This sounds great and is certainly an option for the long run. |
I am working on building a new x86 system with many cores and am happy to replicate any @gmaxwell script infrastructure, to reduce the bus number. But I don't have any oddball hardware, nor do I have plans to amass any. |
@real-or-random The Azure docs claim that it can be used with generic Git repos (not requiring GitHub). Would that mode be suitable? I assume it wouldn't demand problematic GitHub permissions since it has no knowledge of GitHub in that mode, but I may be missing something. |
This is how I am building my fork (with VRF support) for Windows using GitHub Actions and Visual C: here |
I'm heavily working on Cirrus CI integration in https://github.com/real-or-random/secp256k1/tree/202012-cirrusci . It looks promising so far but I want to continue to hack on this a little bit and clean it up before I open a PR here. (And anyway, a PR wouldn't be build currently because Cirrus is not yet enabled.) |
notes from irc:
|
By the way, I still don't the like way the results are shown in Cirrus. We run We could simply run the tests without |
Maybe the clang static analyzer (scan-build) is a nice tool we could include in the CI: #959 (comment) |
Cirrus CI now has ARM64 hardware, see cirruslabs/cirrus-ci-docs#905 and bitcoin/bitcoin#22749 |
We could add a few more jobs with |
When thinking about #705 I realized it's maybe a good idea to take a step back and look at this in the context of a general CI revamp. There are multiple things that would be nice and I think some of these probably have a higher priority than coverage reports:
Is there anything else you would like to see?
If we want to work on this, this is a good time to think about the CI platform. I don't mind Travis and it's reasonably stable in the past months but if we think that a different (or additional) provider is a better fit, it's better to discuss this before we start working on these issues.
By the way, Bitcoin is currently looking into GitHub Actions for Windows at least:
bitcoin/bitcoin#17803
The text was updated successfully, but these errors were encountered: