arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-05-29 20:28:45 +00:00
Code Issues Releases Wiki Activity

ci(core): run nightly device tests with AddressSanitizer

Browse Source 
[no changelog]
This commit is contained in:
Martin Milata 2022-01-07 13:07:45 +01:00 committed by matejcik
parent 56126b75a7
commit e3541997f0
4 changed files with 132 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
ci/build.yml
View File

@ -140,6 +140,25 @@ core unix frozen btconly debug build:
- core/build/unix/trezor-emu-core-bitcoinonly - core/build/unix/trezor-emu-core-bitcoinonly
expire_in: 1 week expire_in: 1 week
core unix frozen btconly debug asan build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
PYOPT: "0"
BITCOIN_ONLY: "1"
ADDRESS_SANITIZER: "1"
script:
- nix-shell --run "poetry run make -C core build_unix_frozen"
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-bitcoinonly
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- core/build/unix/trezor-emu-core-bitcoinonly
expire_in: 1 week
core unix frozen debug build: core unix frozen debug build:
stage: build stage: build
<<: *gitlab_caching <<: *gitlab_caching
@ -153,6 +172,22 @@ core unix frozen debug build:
untracked: true untracked: true
expire_in: 1 week expire_in: 1 week
core unix frozen debug asan build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
PYOPT: "0"
ADDRESS_SANITIZER: "1"
script:
- nix-shell --run "poetry run make -C core build_unix_frozen"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 1 week
core unix frozen debug build arm: core unix frozen debug build arm:
image: vdovhanych/nixos image: vdovhanych/nixos
stage: build stage: build

70
ci/test.yml
View File

@ -75,6 +75,22 @@ core device test:
reports: reports:
junit: tests/junit.xml junit: tests/junit.xml
core device asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- nix-shell --run "poetry run make -C core test_emu | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
core btconly device test: core btconly device test:
stage: test stage: test
<<: *gitlab_caching <<: *gitlab_caching
@ -95,6 +111,25 @@ core btconly device test:
reports: reports:
junit: tests/junit.xml junit: tests/junit.xml
core btconly device asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen btconly debug asan build
only:
- schedules # nightly build
variables:
MICROPYTHON: "build/unix/trezor-emu-core-bitcoinonly"
TREZOR_PYTEST_SKIP_ALTCOINS: 1
script:
- nix-shell --run "poetry run make -C core test_emu | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
core monero test: core monero test:
stage: test stage: test
<<: *gitlab_caching <<: *gitlab_caching
@ -133,6 +168,23 @@ core u2f test:
expire_in: 1 week expire_in: 1 week
when: always when: always
core u2f asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- nix-shell --run "poetry run make -C tests/fido_tests/u2f-tests-hid | ts -s"
- nix-shell --run "poetry run make -C core test_emu_u2f | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
core fido2 test: core fido2 test:
stage: test stage: test
<<: *gitlab_caching <<: *gitlab_caching
@ -156,6 +208,24 @@ core fido2 test:
junit: tests/junit.xml junit: tests/junit.xml
when: always when: always
core fido2 asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- pgrep trezor-emu-core || true
- nix-shell --run "poetry run make -C core test_emu_fido2 | ts -s"
- pgrep trezor-emu-core || true
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
core click test: core click test:
stage: test stage: test
<<: *gitlab_caching <<: *gitlab_caching

7
core/Makefile
View File

@ -23,6 +23,7 @@ PYOPT ?= 1
BITCOIN_ONLY ?= 0 BITCOIN_ONLY ?= 0
TREZOR_MODEL ?= T TREZOR_MODEL ?= T
TREZOR_MEMPERF ?= 0 TREZOR_MEMPERF ?= 0
ADDRESS_SANITIZER ?= 0
OPENOCD_INTERFACE ?= stlink # -or- ftdi/olimex-arm-usb-tiny-h OPENOCD_INTERFACE ?= stlink # -or- ftdi/olimex-arm-usb-tiny-h
OPENOCD_TRANSPORT ?= hla_swd # -or- jtag OPENOCD_TRANSPORT ?= hla_swd # -or- jtag
@ -152,13 +153,13 @@ build_firmware: templates build_cross ## build firmware with frozen modules
$(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" $(FIRMWARE_BUILD_DIR)/firmware.bin $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" $(FIRMWARE_BUILD_DIR)/firmware.bin
build_unix: templates ## build unix port build_unix: templates ## build unix port
$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" BITCOIN_ONLY="$(BITCOIN_ONLY)" $(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)"
build_unix_frozen: templates build_cross ## build unix port with frozen modules build_unix_frozen: templates build_cross ## build unix port with frozen modules
$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_MEMPERF=$(TREZOR_MEMPERF) TREZOR_EMULATOR_FROZEN=1 $(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)" TREZOR_MEMPERF="$(TREZOR_MEMPERF)" TREZOR_EMULATOR_FROZEN=1
build_unix_debug: templates ## build unix port build_unix_debug: templates ## build unix port
$(SCONS) --max-drift=1 CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" TREZOR_EMULATOR_ASAN=1 TREZOR_EMULATOR_DEBUGGABLE=1 $(SCONS) --max-drift=1 CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) TREZOR_MODEL="$(TREZOR_MODEL)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN=1 TREZOR_EMULATOR_DEBUGGABLE=1
build_cross: ## build mpy-cross port build_cross: ## build mpy-cross port
$(MAKE) -C vendor/micropython/mpy-cross $(CROSS_PORT_OPTS) $(MAKE) -C vendor/micropython/mpy-cross $(CROSS_PORT_OPTS)

42
core/SConscript.unix
View File

@ -368,20 +368,29 @@ env.Replace(
OBJCOPY='objcopy', OBJCOPY='objcopy',
COPT=os.getenv('OPTIMIZE', '-Os'), ) COPT=os.getenv('OPTIMIZE', '-Os'), )
if ARGUMENTS.get('TREZOR_EMULATOR_ASAN', 0): if ARGUMENTS.get('TREZOR_EMULATOR_CLANG', '0') == '1':
asan_flags=(
' -fsanitize=address'+
' -fsanitize-blacklist=asan_blacklist.txt'+
' -fno-omit-frame-pointer'+
' -fno-optimize-sibling-calls'
)
env.Replace( env.Replace(
CC=os.getenv('CC') or 'clang', CC='clang',
LINK=os.getenv('LINK') or 'clang', LINK='clang', )
CFLAGS=asan_flags,
LINKFLAGS=' -Wl,-no_pie' + asan_flags, )
if ARGUMENTS.get('TREZOR_EMULATOR_DEBUGGABLE', 0): if ARGUMENTS.get('TREZOR_EMULATOR_ASAN', '0') == '1':
asan_flags=(
' -fsanitize=address,undefined'+
' -fno-omit-frame-pointer'+
' -fno-optimize-sibling-calls'
)
env.Append(
CFLAGS=asan_flags,
LINKFLAGS=asan_flags,
LDFLAGS=asan_flags,
ENV={
# workaround for sanitizers being nightly-only
# remove after stabilized https://github.com/rust-lang/rust/issues/39699
'RUSTC_BOOTSTRAP': '1',
'RUSTFLAGS': '-Z sanitizer=address',
}, )
if ARGUMENTS.get('TREZOR_EMULATOR_DEBUGGABLE', '0') == '1':
env.Replace( env.Replace(
COPT=' -Og -ggdb', COPT=' -Og -ggdb',
STRIP='true', ) STRIP='true', )
@ -642,17 +651,12 @@ protobuf_blobs = env.Command(
) )
env.Depends(protobuf_blobs, qstr_generated) env.Depends(protobuf_blobs, qstr_generated)
RUST_PROFILE = 'release' RUST_PROFILE = 'dev' if ARGUMENTS.get('TREZOR_EMULATOR_DEBUGGABLE', 0) == '1' else 'release'
RUST_LIB = 'trezor_lib' RUST_LIB = 'trezor_lib'
RUST_LIBDIR = f'build/unix/rust/{RUST_PROFILE}' RUST_LIBDIR = f'build/unix/rust/{RUST_PROFILE}'
RUST_LIBPATH = f'{RUST_LIBDIR}/lib{RUST_LIB}.a' RUST_LIBPATH = f'{RUST_LIBDIR}/lib{RUST_LIB}.a'
def cargo_build(): def cargo_build():
# Determine the profile build flags.
if RUST_PROFILE == 'release':
profile = '--release'
else:
profile = ''
if TREZOR_MODEL == "1": if TREZOR_MODEL == "1":
features = ["model_t1"] features = ["model_t1"]
else: else:
@ -665,7 +669,7 @@ def cargo_build():
elif NEW_UI: elif NEW_UI:
features.append("ui") features.append("ui")
return f'cd embed/rust; cargo build {profile} --target-dir=../../build/unix/rust --no-default-features --features "{" ".join(features)}"' return f'cd embed/rust; cargo build --profile {RUST_PROFILE} --target-dir=../../build/unix/rust --no-default-features --features "{" ".join(features)}"'
rust = env.Command( rust = env.Command(
target=RUST_LIBPATH, target=RUST_LIBPATH,