1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-17 21:22:10 +00:00

ci(core): run nightly device tests with AddressSanitizer

[no changelog]
This commit is contained in:
Martin Milata 2022-01-07 13:07:45 +01:00 committed by matejcik
parent 56126b75a7
commit e3541997f0
4 changed files with 132 additions and 22 deletions

View File

@ -140,6 +140,25 @@ core unix frozen btconly debug build:
- core/build/unix/trezor-emu-core-bitcoinonly
expire_in: 1 week
core unix frozen btconly debug asan build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
PYOPT: "0"
BITCOIN_ONLY: "1"
ADDRESS_SANITIZER: "1"
script:
- nix-shell --run "poetry run make -C core build_unix_frozen"
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-bitcoinonly
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- core/build/unix/trezor-emu-core-bitcoinonly
expire_in: 1 week
core unix frozen debug build:
stage: build
<<: *gitlab_caching
@ -153,6 +172,22 @@ core unix frozen debug build:
untracked: true
expire_in: 1 week
core unix frozen debug asan build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
PYOPT: "0"
ADDRESS_SANITIZER: "1"
script:
- nix-shell --run "poetry run make -C core build_unix_frozen"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 1 week
core unix frozen debug build arm:
image: vdovhanych/nixos
stage: build

View File

@ -75,6 +75,22 @@ core device test:
reports:
junit: tests/junit.xml
core device asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- nix-shell --run "poetry run make -C core test_emu | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
core btconly device test:
stage: test
<<: *gitlab_caching
@ -95,6 +111,25 @@ core btconly device test:
reports:
junit: tests/junit.xml
core btconly device asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen btconly debug asan build
only:
- schedules # nightly build
variables:
MICROPYTHON: "build/unix/trezor-emu-core-bitcoinonly"
TREZOR_PYTEST_SKIP_ALTCOINS: 1
script:
- nix-shell --run "poetry run make -C core test_emu | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
core monero test:
stage: test
<<: *gitlab_caching
@ -133,6 +168,23 @@ core u2f test:
expire_in: 1 week
when: always
core u2f asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- nix-shell --run "poetry run make -C tests/fido_tests/u2f-tests-hid | ts -s"
- nix-shell --run "poetry run make -C core test_emu_u2f | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
core fido2 test:
stage: test
<<: *gitlab_caching
@ -156,6 +208,24 @@ core fido2 test:
junit: tests/junit.xml
when: always
core fido2 asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- pgrep trezor-emu-core || true
- nix-shell --run "poetry run make -C core test_emu_fido2 | ts -s"
- pgrep trezor-emu-core || true
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
core click test:
stage: test
<<: *gitlab_caching

View File

@ -23,6 +23,7 @@ PYOPT ?= 1
BITCOIN_ONLY ?= 0
TREZOR_MODEL ?= T
TREZOR_MEMPERF ?= 0
ADDRESS_SANITIZER ?= 0
OPENOCD_INTERFACE ?= stlink # -or- ftdi/olimex-arm-usb-tiny-h
OPENOCD_TRANSPORT ?= hla_swd # -or- jtag
@ -152,13 +153,13 @@ build_firmware: templates build_cross ## build firmware with frozen modules
$(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" $(FIRMWARE_BUILD_DIR)/firmware.bin
build_unix: templates ## build unix port
$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" BITCOIN_ONLY="$(BITCOIN_ONLY)"
$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)"
build_unix_frozen: templates build_cross ## build unix port with frozen modules
$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_MEMPERF=$(TREZOR_MEMPERF) TREZOR_EMULATOR_FROZEN=1
$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)" TREZOR_MEMPERF="$(TREZOR_MEMPERF)" TREZOR_EMULATOR_FROZEN=1
build_unix_debug: templates ## build unix port
$(SCONS) --max-drift=1 CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" TREZOR_EMULATOR_ASAN=1 TREZOR_EMULATOR_DEBUGGABLE=1
$(SCONS) --max-drift=1 CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN=1 TREZOR_EMULATOR_DEBUGGABLE=1
build_cross: ## build mpy-cross port
$(MAKE) -C vendor/micropython/mpy-cross $(CROSS_PORT_OPTS)

View File

@ -368,20 +368,29 @@ env.Replace(
OBJCOPY='objcopy',
COPT=os.getenv('OPTIMIZE', '-Os'), )
if ARGUMENTS.get('TREZOR_EMULATOR_ASAN', 0):
asan_flags=(
' -fsanitize=address'+
' -fsanitize-blacklist=asan_blacklist.txt'+
' -fno-omit-frame-pointer'+
' -fno-optimize-sibling-calls'
)
if ARGUMENTS.get('TREZOR_EMULATOR_CLANG', '0') == '1':
env.Replace(
CC=os.getenv('CC') or 'clang',
LINK=os.getenv('LINK') or 'clang',
CFLAGS=asan_flags,
LINKFLAGS=' -Wl,-no_pie' + asan_flags, )
CC='clang',
LINK='clang', )
if ARGUMENTS.get('TREZOR_EMULATOR_DEBUGGABLE', 0):
if ARGUMENTS.get('TREZOR_EMULATOR_ASAN', '0') == '1':
asan_flags=(
' -fsanitize=address,undefined'+
' -fno-omit-frame-pointer'+
' -fno-optimize-sibling-calls'
)
env.Append(
CFLAGS=asan_flags,
LINKFLAGS=asan_flags,
LDFLAGS=asan_flags,
ENV={
# workaround for sanitizers being nightly-only
# remove after stabilized https://github.com/rust-lang/rust/issues/39699
'RUSTC_BOOTSTRAP': '1',
'RUSTFLAGS': '-Z sanitizer=address',
}, )
if ARGUMENTS.get('TREZOR_EMULATOR_DEBUGGABLE', '0') == '1':
env.Replace(
COPT=' -Og -ggdb',
STRIP='true', )
@ -642,17 +651,12 @@ protobuf_blobs = env.Command(
)
env.Depends(protobuf_blobs, qstr_generated)
RUST_PROFILE = 'release'
RUST_PROFILE = 'dev' if ARGUMENTS.get('TREZOR_EMULATOR_DEBUGGABLE', 0) == '1' else 'release'
RUST_LIB = 'trezor_lib'
RUST_LIBDIR = f'build/unix/rust/{RUST_PROFILE}'
RUST_LIBPATH = f'{RUST_LIBDIR}/lib{RUST_LIB}.a'
def cargo_build():
# Determine the profile build flags.
if RUST_PROFILE == 'release':
profile = '--release'
else:
profile = ''
if TREZOR_MODEL == "1":
features = ["model_t1"]
else:
@ -665,7 +669,7 @@ def cargo_build():
elif NEW_UI:
features.append("ui")
return f'cd embed/rust; cargo build {profile} --target-dir=../../build/unix/rust --no-default-features --features "{" ".join(features)}"'
return f'cd embed/rust; cargo build --profile {RUST_PROFILE} --target-dir=../../build/unix/rust --no-default-features --features "{" ".join(features)}"'
rust = env.Command(
target=RUST_LIBPATH,