Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: Adding CTest memcheck to CodeBuild #4776

Merged
merged 33 commits into from
Oct 2, 2024
Merged

CI: Adding CTest memcheck to CodeBuild #4776

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
21f979a
ci: add ctest memcheck test
Sep 6, 2024
13f270b
ci: add valgrind options into `CMakeLists.txt`
Sep 9, 2024
d1c197d
ci: add CTest memcheck for codebuild
Sep 12, 2024
ff78b5d
ci: adjusting valgrind suppressions and valgrind setup
Sep 16, 2024
c02588a
ci: modify valgrind suppressions
Sep 16, 2024
d4d0d52
ci: fixing valgrind suppressions and reformat valgrind yml
Sep 17, 2024
76aa3b4
ci: reformat buildspec_valgrind.yml
Sep 17, 2024
8e3b17c
ci: address PR comments
Sep 17, 2024
757d5de
Merge branch 'main' into memcheck-ci
boquan-fang Sep 17, 2024
654a9e0
ci: address PR comments
Sep 17, 2024
4f3b543
ci: address PR comments
Sep 17, 2024
b6c7fb6
ci: address PR comments
Sep 17, 2024
eea54eb
ci: address PR comments
Sep 17, 2024
0abf3fc
Merge branch 'main' into memcheck-ci
boquan-fang Sep 18, 2024
93b4f86
ci: change `CMakeLists.txt` comments
Sep 18, 2024
fb8ef64
ci: address PR comments
Sep 18, 2024
f899747
ci: address PR comments
Sep 18, 2024
5b85e3b
Merge branch 'main' into memcheck-ci
boquan-fang Sep 18, 2024
f0f08c6
ci: address PR comments
Sep 18, 2024
3bab3bb
ci: adjust indentations for valgrind default options
Sep 19, 2024
b0f74a1
ci: adjust `valgrind.suppressions`
Sep 19, 2024
9b219e5
Merge branch 'main' into memcheck-ci
boquan-fang Sep 19, 2024
47147f1
ci: modify links in comments
Sep 19, 2024
991b2a9
ci: add docker image
Sep 19, 2024
2f45d5b
Merge branch 'main' into memcheck-ci
boquan-fang Sep 20, 2024
fdeac70
ci: adding display error script to CI
Sep 20, 2024
e74c1d5
ci: address PR comments
Sep 24, 2024
8ebb050
Merge branch 'main' into memcheck-ci
boquan-fang Sep 27, 2024
e7ab1ff
ci: correct Valgrind and buildspec setting
Sep 27, 2024
efe6477
ci: address PR comments
Oct 1, 2024
6db76f4
ci: address PR comments
Oct 1, 2024
0e4774b
Update tests/unit/valgrind.suppressions
boquan-fang Oct 1, 2024
29b6da3
Merge branch 'main' into memcheck-ci
boquan-fang Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 26 additions & 3 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ option(S2N_LTO, "Enables link time optimizations when building s2n-tls." OFF)
option(S2N_STACKTRACE "Enables stacktrace functionality in s2n-tls. Note that this functionality is
only available on platforms that support execinfo." ON)
option(COVERAGE "Enable profiling collection for code coverage calculation" OFF)
option(BUILD_TESTING "Build tests for s2n-tls. By default only unit tests are built." ON)
option(S2N_INTEG_TESTS "Enable the integrationv2 tests" OFF)
boquan-fang marked this conversation as resolved.
Show resolved Hide resolved
option(S2N_FAST_INTEG_TESTS "Enable the integrationv2 with more parallelism, only has effect if S2N_INTEG_TESTS=ON" ON)
option(S2N_INSTALL_S2NC_S2ND "Install the binaries s2nc and s2nd" OFF)
Expand All @@ -41,9 +42,6 @@ option(TSAN "Enable ThreadSanitizer to test thread safety" OFF)
option(ASAN "Enable AddressSanitizer to test memory safety" OFF)
option(SECCOMP "Link with seccomp and run seccomp tests" OFF)

# Turn BUILD_TESTING=ON by default
include(CTest)

file(GLOB API_HEADERS "api/*.h")
file(GLOB API_UNSTABLE_HEADERS "api/unstable/*.h")

Expand Down Expand Up @@ -497,6 +495,29 @@ if (BUILD_TESTING)
########################## configure unit tests ############################
############################################################################

# CTest configuration variables need to be set before include(CTest) is called
set(VALGRIND_DEFAULT " \
--leak-check=full \
--leak-resolution=high \
--trace-children=yes \
-q --error-exitcode=123 \
--error-limit=no \
--num-callers=40 \
--undef-value-errors=no \
--log-fd=2 \
--suppressions=valgrind.suppressions")

# "pedantic valgrind" will error on memory that is "Still Reachable".
# We only run this on OpenSSL 1.1.1 because there are hundreds of false positives in other libcryptos.
# Tracking issue: https://github.com/aws/s2n-tls/issues/4777
if ($ENV{S2N_LIBCRYPTO} MATCHES "openssl-1.1.1")
set(MEMORYCHECK_COMMAND_OPTIONS "${VALGRIND_DEFAULT} --run-libc-freeres=yes --errors-for-leak-kinds=all --show-leak-kinds=all")
lrstewart marked this conversation as resolved.
Show resolved Hide resolved
else()
set(MEMORYCHECK_COMMAND_OPTIONS "${VALGRIND_DEFAULT} --run-libc-freeres=no")
endif()

set(MEMORYCHECK_TYPE "Valgrind")

set(UNIT_TEST_ENVS S2N_DONT_MLOCK=1)
if (TSAN OR ASAN)
set(UNIT_TEST_ENVS ${UNIT_TEST_ENVS} S2N_ADDRESS_SANITIZER=1)
Expand Down Expand Up @@ -525,6 +546,8 @@ if (BUILD_TESTING)
endif()
message(STATUS "Running tests with environment: ${UNIT_TEST_ENVS}")

include(CTest)

############################################################################
############################ build unit tests ##############################
############################################################################
Expand Down
72 changes: 72 additions & 0 deletions codebuild/spec/buildspec_valgrind.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
---
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
# this file except in compliance with the License. A copy of the License is
# located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied. See the License for the specific language governing permissions and
# limitations under the License.
version: 0.2

batch:
build-list:
- identifier: gcc_awslc
env:
compute-type: BUILD_GENERAL1_LARGE
image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
variables:
S2N_LIBCRYPTO: awslc
COMPILER: gcc
- identifier: gcc_openssl_3_0
env:
compute-type: BUILD_GENERAL1_LARGE
image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
variables:
S2N_LIBCRYPTO: openssl-3.0
COMPILER: gcc
boquan-fang marked this conversation as resolved.
Show resolved Hide resolved
- identifier: gcc_openssl_1_1_1
env:
compute-type: BUILD_GENERAL1_LARGE
image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
boquan-fang marked this conversation as resolved.
Show resolved Hide resolved
variables:
S2N_LIBCRYPTO: openssl-1.1.1
COMPILER: gcc
- identifier: gcc_openssl_1_0_2
env:
compute-type: BUILD_GENERAL1_LARGE
image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
variables:
S2N_LIBCRYPTO: openssl-1.0.2
COMPILER: gcc

phases:
pre_build:
commands:
- |
if [ -d "third-party-src" ]; then
cd third-party-src;
fi
lrstewart marked this conversation as resolved.
Show resolved Hide resolved
- /usr/bin/$COMPILER --version
build:
on-failure: ABORT
commands:
- |
cmake . -Bbuild \
-DCMAKE_C_COMPILER=/usr/bin/$COMPILER \
-DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO \
-DCMAKE_BUILD_TYPE=RelWithDebInfo
- cmake --build ./build -- -j $(nproc)
post_build:
on-failure: ABORT
commands:
- |
S2N_VALGRIND=1 \
CTEST_PARALLEL_LEVEL=$(nproc) \
CTEST_OUTPUT_ON_FAILURE=1 \
cmake --build build/ --target test \
-- ARGS="--test-action memcheck"
41 changes: 38 additions & 3 deletions tests/unit/valgrind.suppressions
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,48 @@
# It looks like valgrind may generate false positives on pthreads: https://stackoverflow.com/a/13132968
# Valgrind may generate false positives on pthreads: https://stackoverflow.com/a/13132968
# Without these suppressions, the following tests will fail:
# s2n_examples_test, s2n_fork_generation_number_test, s2n_init_test, s2n_key_update_threads_test, and s2n_random_test.
{
pthred_false_positive
pthread_false_positive
Memcheck:Leak
match-leak-kinds: possible
fun:calloc
...
fun:allocate_dtv
fun:_dl_allocate_tls
fun:allocate_stack
fun:pthread_create@@GLIBC_2.2.5
fun:pthread_create@@*
...
fun:main
}

# This memory leak is believed to be caused by backtrace() loading libgcc dynamically.
# See https://man7.org/linux/man-pages/man3/backtrace_symbols_fd.3.html
# We were unable to find any relevant bug reports. However, testing showed that the memory
# leak didn't scale with the number of calls to backtrace(), both supporting this theory and
# limiting the potential impact of the leak.
{
stacktrace_suppression
Memcheck:Leak
match-leak-kinds: possible
fun:malloc
fun:malloc
fun:_dlfo_mappings_segment_allocate
fun:_dl_find_object_update_1
fun:_dl_find_object_update
fun:dl_open_worker_begin
fun:_dl_catch_exception
fun:dl_open_worker
fun:_dl_catch_exception
fun:_dl_open
fun:do_dlopen
fun:_dl_catch_exception
fun:_dl_catch_error
fun:dlerror_run
fun:__libc_dlopen_mode
fun:__libc_unwind_link_get
...
fun:backtrace
...
fun:main
}

Expand Down
Loading