1# components-sanitizers.sh
2#
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5
6# This file contains test components that are executed by all.sh
7
8################################################################
9#### Sanitizer Testing
10################################################################
11
12skip_suites_without_constant_flow () {
13    # Skip the test suites that don't have any constant-flow annotations.
14    # This will need to be adjusted if we ever start declaring things as
15    # secret from macros or functions inside framework/tests/include or framework/tests/src.
16    SKIP_TEST_SUITES=$(
17        git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
18            sed 's/test_suite_//; s/\.function$//' |
19            tr '\n' ,),$(
20        git -C tf-psa-crypto/tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
21            sed 's/test_suite_//; s/\.function$//' |
22            tr '\n' ,)
23    export SKIP_TEST_SUITES
24}
25
26skip_all_except_given_suite () {
27    # Skip all but the given test suite
28    SKIP_TEST_SUITES=$(
29        ls -1 tests/suites/test_suite_*.function |
30        grep -v $1.function |
31         sed 's/tests.suites.test_suite_//; s/\.function$//' |
32        tr '\n' ,),$(
33        ls -1 tf-psa-crypto/tests/suites/test_suite_*.function |
34        grep -v $1.function |
35         sed 's/tf-psa-crypto.tests.suites.test_suite_//; s/\.function$//' |
36        tr '\n' ,)
37    export SKIP_TEST_SUITES
38}
39
40component_test_memsan_constant_flow_psa () {
41    # This tests both (1) accesses to undefined memory, and (2) branches or
42    # memory access depending on secret values. To distinguish between those:
43    # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
44    # - or alternatively, change the build type to MemSanDbg, which enables
45    # origin tracking and nicer stack traces (which are useful for debugging
46    # anyway), and check if the origin was TEST_CF_SECRET() or something else.
47    msg "build: cmake MSan (clang), full config with constant flow testing"
48    scripts/config.py full
49    scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
50    scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
51    scripts/config.py unset MBEDTLS_HAVE_ASM
52    CC=clang cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=MemSan .
53    make
54
55    msg "test: main suites (Msan + constant flow)"
56    make test
57}
58
59component_release_test_valgrind_constant_flow_no_asm () {
60    # This tests both (1) everything that valgrind's memcheck usually checks
61    # (heap buffer overflows, use of uninitialized memory, use-after-free,
62    # etc.) and (2) branches or memory access depending on secret values,
63    # which will be reported as uninitialized memory. To distinguish between
64    # secret and actually uninitialized:
65    # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
66    # - or alternatively, build with debug info and manually run the offending
67    # test suite with valgrind --track-origins=yes, then check if the origin
68    # was TEST_CF_SECRET() or something else.
69    msg "build: cmake release GCC, full config minus MBEDTLS_HAVE_ASM with constant flow testing"
70    scripts/config.py full
71    scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
72    scripts/config.py unset MBEDTLS_AESNI_C
73    scripts/config.py unset MBEDTLS_HAVE_ASM
74    skip_suites_without_constant_flow
75    cmake -D CMAKE_BUILD_TYPE:String=Release .
76    make
77
78    # this only shows a summary of the results (how many of each type)
79    # details are left in Testing/<date>/DynamicAnalysis.xml
80    msg "test: some suites (full minus MBEDTLS_HAVE_ASM, valgrind + constant flow)"
81    make memcheck
82}
83
84component_release_test_valgrind_constant_flow_psa () {
85    # This tests both (1) everything that valgrind's memcheck usually checks
86    # (heap buffer overflows, use of uninitialized memory, use-after-free,
87    # etc.) and (2) branches or memory access depending on secret values,
88    # which will be reported as uninitialized memory. To distinguish between
89    # secret and actually uninitialized:
90    # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
91    # - or alternatively, build with debug info and manually run the offending
92    # test suite with valgrind --track-origins=yes, then check if the origin
93    # was TEST_CF_SECRET() or something else.
94    msg "build: cmake release GCC, full config with constant flow testing"
95    scripts/config.py full
96    scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
97    skip_suites_without_constant_flow
98    cmake -D CMAKE_BUILD_TYPE:String=Release .
99    make
100
101    # this only shows a summary of the results (how many of each type)
102    # details are left in Testing/<date>/DynamicAnalysis.xml
103    msg "test: some suites (valgrind + constant flow)"
104    make memcheck
105}
106
107component_test_tsan () {
108    msg "build: TSan (clang)"
109    scripts/config.py full
110    scripts/config.py set MBEDTLS_THREADING_C
111    scripts/config.py set MBEDTLS_THREADING_PTHREAD
112    # Self-tests do not currently use multiple threads.
113    scripts/config.py unset MBEDTLS_SELF_TEST
114    # Interruptible ECC tests are not thread safe
115    scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
116
117    CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
118    make
119
120    msg "test: main suites (TSan)"
121    make test
122}
123
124component_test_memsan () {
125    msg "build: MSan (clang)" # ~ 1 min 20s
126    scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
127    scripts/config.py unset MBEDTLS_HAVE_ASM
128    CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
129    make
130
131    msg "test: main suites (MSan)" # ~ 10s
132    make test
133
134    msg "test: metatests (MSan)"
135    tests/scripts/run-metatests.sh any msan
136
137    msg "program demos (MSan)" # ~20s
138    tests/scripts/run_demos.py
139
140    msg "test: ssl-opt.sh (MSan)" # ~ 1 min
141    tests/ssl-opt.sh
142
143    # Optional part(s)
144
145    if [ "$MEMORY" -gt 0 ]; then
146        msg "test: compat.sh (MSan)" # ~ 6 min 20s
147        tests/compat.sh
148    fi
149}
150
151component_release_test_valgrind () {
152    msg "build: Release (clang)"
153    # default config
154    CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
155    make
156
157    msg "test: main suites, Valgrind (default config)"
158    make memcheck
159
160    # Optional parts (slow; currently broken on OS X because programs don't
161    # seem to receive signals under valgrind on OS X).
162    # These optional parts don't run on the CI.
163    if [ "$MEMORY" -gt 0 ]; then
164        msg "test: ssl-opt.sh --memcheck (default config)"
165        tests/ssl-opt.sh --memcheck
166    fi
167
168    if [ "$MEMORY" -gt 1 ]; then
169        msg "test: compat.sh --memcheck (default config)"
170        tests/compat.sh --memcheck
171    fi
172
173    if [ "$MEMORY" -gt 0 ]; then
174        msg "test: context-info.sh --memcheck (default config)"
175        tests/context-info.sh --memcheck
176    fi
177}
178
179component_release_test_valgrind_psa () {
180    msg "build: Release, full (clang)"
181    # full config
182    scripts/config.py full
183    CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
184    make
185
186    msg "test: main suites, Valgrind (full config)"
187    make memcheck
188}
189