From e3541997f04b0562c0e7ed76ed43c64b33daad76 Mon Sep 17 00:00:00 2001
From: Martin Milata <martin@martinmilata.cz>
Date: Fri, 7 Jan 2022 13:07:45 +0100
Subject: [PATCH] ci(core): run nightly device tests with AddressSanitizer

[no changelog]
---
 ci/build.yml         | 35 ++++++++++++++++++++++
 ci/test.yml          | 70 ++++++++++++++++++++++++++++++++++++++++++++
 core/Makefile        |  7 +++--
 core/SConscript.unix | 42 ++++++++++++++------------
 4 files changed, 132 insertions(+), 22 deletions(-)

diff --git a/ci/build.yml b/ci/build.yml
index b61537ac9..4b898830b 100644
--- a/ci/build.yml
+++ b/ci/build.yml
@@ -140,6 +140,25 @@ core unix frozen btconly debug build:
       - core/build/unix/trezor-emu-core-bitcoinonly
     expire_in: 1 week
 
+core unix frozen btconly debug asan build:
+  stage: build
+  <<: *gitlab_caching
+  needs: []
+  only:
+    - schedules  # nightly build
+  variables:
+    PYOPT: "0"
+    BITCOIN_ONLY: "1"
+    ADDRESS_SANITIZER: "1"
+  script:
+    - nix-shell --run "poetry run make -C core build_unix_frozen"
+    - mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-bitcoinonly
+  artifacts:
+    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
+    paths:
+      - core/build/unix/trezor-emu-core-bitcoinonly
+    expire_in: 1 week
+
 core unix frozen debug build:
   stage: build
   <<: *gitlab_caching
@@ -153,6 +172,22 @@ core unix frozen debug build:
     untracked: true
     expire_in: 1 week
 
+core unix frozen debug asan build:
+  stage: build
+  <<: *gitlab_caching
+  needs: []
+  only:
+    - schedules  # nightly build
+  variables:
+    PYOPT: "0"
+    ADDRESS_SANITIZER: "1"
+  script:
+    - nix-shell --run "poetry run make -C core build_unix_frozen"
+  artifacts:
+    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
+    untracked: true
+    expire_in: 1 week
+
 core unix frozen debug build arm:
   image: vdovhanych/nixos
   stage: build
diff --git a/ci/test.yml b/ci/test.yml
index f75a2079c..ce1b8475a 100644
--- a/ci/test.yml
+++ b/ci/test.yml
@@ -75,6 +75,22 @@ core device test:
     reports:
       junit: tests/junit.xml
 
+core device asan test:
+  stage: test
+  <<: *gitlab_caching
+  needs:
+    - core unix frozen debug asan build
+  only:
+    - schedules  # nightly build
+  script:
+    - nix-shell --run "poetry run make -C core test_emu | ts -s"
+  artifacts:
+    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
+    paths:
+      - tests/trezor.log
+    expire_in: 1 week
+    when: always
+
 core btconly device test:
   stage: test
   <<: *gitlab_caching
@@ -95,6 +111,25 @@ core btconly device test:
     reports:
       junit: tests/junit.xml
 
+core btconly device asan test:
+  stage: test
+  <<: *gitlab_caching
+  needs:
+    - core unix frozen btconly debug asan build
+  only:
+    - schedules  # nightly build
+  variables:
+    MICROPYTHON: "build/unix/trezor-emu-core-bitcoinonly"
+    TREZOR_PYTEST_SKIP_ALTCOINS: 1
+  script:
+    - nix-shell --run "poetry run make -C core test_emu | ts -s"
+  artifacts:
+    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
+    paths:
+      - tests/trezor.log
+    expire_in: 1 week
+    when: always
+
 core monero test:
   stage: test
   <<: *gitlab_caching
@@ -133,6 +168,23 @@ core u2f test:
     expire_in: 1 week
     when: always
 
+core u2f asan test:
+  stage: test
+  <<: *gitlab_caching
+  needs:
+    - core unix frozen debug asan build
+  only:
+    - schedules  # nightly build
+  script:
+    - nix-shell --run "poetry run make -C tests/fido_tests/u2f-tests-hid | ts -s"
+    - nix-shell --run "poetry run make -C core test_emu_u2f | ts -s"
+  artifacts:
+    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
+    paths:
+      - tests/trezor.log
+    expire_in: 1 week
+    when: always
+
 core fido2 test:
   stage: test
   <<: *gitlab_caching
@@ -156,6 +208,24 @@ core fido2 test:
       junit: tests/junit.xml
     when: always
 
+core fido2 asan test:
+  stage: test
+  <<: *gitlab_caching
+  needs:
+    - core unix frozen debug asan build
+  only:
+    - schedules  # nightly build
+  script:
+    - pgrep trezor-emu-core || true
+    - nix-shell --run "poetry run make -C core test_emu_fido2 | ts -s"
+    - pgrep trezor-emu-core || true
+  artifacts:
+    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
+    paths:
+      - tests/trezor.log
+    expire_in: 1 week
+    when: always
+
 core click test:
   stage: test
   <<: *gitlab_caching
diff --git a/core/Makefile b/core/Makefile
index 7cf7f81c3..cd6cfc801 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -23,6 +23,7 @@ PYOPT      ?= 1
 BITCOIN_ONLY ?= 0
 TREZOR_MODEL ?= T
 TREZOR_MEMPERF ?= 0
+ADDRESS_SANITIZER ?= 0
 
 OPENOCD_INTERFACE ?= stlink   # -or- ftdi/olimex-arm-usb-tiny-h
 OPENOCD_TRANSPORT ?= hla_swd  # -or- jtag
@@ -152,13 +153,13 @@ build_firmware: templates build_cross ## build firmware with frozen modules
 	$(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" $(FIRMWARE_BUILD_DIR)/firmware.bin
 
 build_unix: templates ## build unix port
-	$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" BITCOIN_ONLY="$(BITCOIN_ONLY)"
+	$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)"
 
 build_unix_frozen: templates build_cross ## build unix port with frozen modules
-	$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_MEMPERF=$(TREZOR_MEMPERF) TREZOR_EMULATOR_FROZEN=1
+	$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)" TREZOR_MEMPERF="$(TREZOR_MEMPERF)" TREZOR_EMULATOR_FROZEN=1
 
 build_unix_debug: templates ## build unix port
-	$(SCONS) --max-drift=1 CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" TREZOR_EMULATOR_ASAN=1 TREZOR_EMULATOR_DEBUGGABLE=1
+	$(SCONS) --max-drift=1 CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN=1 TREZOR_EMULATOR_DEBUGGABLE=1
 
 build_cross: ## build mpy-cross port
 	$(MAKE) -C vendor/micropython/mpy-cross $(CROSS_PORT_OPTS)
diff --git a/core/SConscript.unix b/core/SConscript.unix
index 251531b1e..aa7d9ad0d 100644
--- a/core/SConscript.unix
+++ b/core/SConscript.unix
@@ -368,20 +368,29 @@ env.Replace(
     OBJCOPY='objcopy',
     COPT=os.getenv('OPTIMIZE', '-Os'), )
 
-if ARGUMENTS.get('TREZOR_EMULATOR_ASAN', 0):
-    asan_flags=(
-            ' -fsanitize=address'+
-            ' -fsanitize-blacklist=asan_blacklist.txt'+
-            ' -fno-omit-frame-pointer'+
-            ' -fno-optimize-sibling-calls'
-    )
+if ARGUMENTS.get('TREZOR_EMULATOR_CLANG', '0') == '1':
     env.Replace(
-        CC=os.getenv('CC') or 'clang',
-        LINK=os.getenv('LINK') or 'clang',
-        CFLAGS=asan_flags,
-        LINKFLAGS=' -Wl,-no_pie' + asan_flags, )
+        CC='clang',
+        LINK='clang', )
 
-if ARGUMENTS.get('TREZOR_EMULATOR_DEBUGGABLE', 0):
+if ARGUMENTS.get('TREZOR_EMULATOR_ASAN', '0') == '1':
+    asan_flags=(
+        ' -fsanitize=address,undefined'+
+        ' -fno-omit-frame-pointer'+
+        ' -fno-optimize-sibling-calls'
+    )
+    env.Append(
+        CFLAGS=asan_flags,
+        LINKFLAGS=asan_flags,
+        LDFLAGS=asan_flags,
+        ENV={
+            # workaround for sanitizers being nightly-only
+            # remove after stabilized https://github.com/rust-lang/rust/issues/39699
+            'RUSTC_BOOTSTRAP': '1',
+            'RUSTFLAGS': '-Z sanitizer=address',
+        }, )
+
+if ARGUMENTS.get('TREZOR_EMULATOR_DEBUGGABLE', '0') == '1':
     env.Replace(
         COPT=' -Og -ggdb',
         STRIP='true', )
@@ -642,17 +651,12 @@ protobuf_blobs = env.Command(
 )
 env.Depends(protobuf_blobs, qstr_generated)
 
-RUST_PROFILE = 'release'
+RUST_PROFILE = 'dev' if ARGUMENTS.get('TREZOR_EMULATOR_DEBUGGABLE', 0) == '1' else 'release'
 RUST_LIB = 'trezor_lib'
 RUST_LIBDIR = f'build/unix/rust/{RUST_PROFILE}'
 RUST_LIBPATH = f'{RUST_LIBDIR}/lib{RUST_LIB}.a'
 
 def cargo_build():
-    # Determine the profile build flags.
-    if RUST_PROFILE == 'release':
-        profile = '--release'
-    else:
-        profile = ''
     if TREZOR_MODEL == "1":
         features = ["model_t1"]
     else:
@@ -665,7 +669,7 @@ def cargo_build():
     elif NEW_UI:
         features.append("ui")
 
-    return f'cd embed/rust; cargo build {profile} --target-dir=../../build/unix/rust --no-default-features --features "{" ".join(features)}"'
+    return f'cd embed/rust; cargo build --profile {RUST_PROFILE} --target-dir=../../build/unix/rust --no-default-features --features "{" ".join(features)}"'
 
 rust = env.Command(
     target=RUST_LIBPATH,