From 0c67160b00ccd15886a984ef34ce581027ed106f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 29 Nov 2022 16:01:41 +0100 Subject: [PATCH] Valgrind for constant flow: skip non-CF test suites When testing under Valgrind for constant flow, skip test suites that don't have any constant-flow annotations, since the testing wouldn't do anything more that testing with ordinary Valgrind (component_test_valgrind and component_test_valgrind_psa). This is a significant time saving since testing with Valgrind is very slow. Signed-off-by: Gilles Peskine --- tests/include/test/constant_flow.h | 6 ++++++ tests/scripts/all.sh | 17 +++++++++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h index 9626af9e4..f3d676e28 100644 --- a/tests/include/test/constant_flow.h +++ b/tests/include/test/constant_flow.h @@ -46,6 +46,12 @@ * This file contains two implementations: one based on MemorySanitizer, the * other on valgrind's memcheck. If none of them is enabled, dummy macros that * do nothing are defined for convenience. + * + * \note #TEST_CF_SECRET must be called directly from within a .function file, + * not indirectly via a macro defined under tests/include or a function + * under tests/src. This is because we only run Valgrind for constant + * flow on test suites that have greppable annotations inside them (see + * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`). */ #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bd40dd051..101d132ac 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1591,6 +1591,17 @@ component_test_full_cmake_clang () { env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } +skip_suites_without_constant_flow () { + # Skip the test suites that don't have any constant-flow annotations. + # This will need to be adjusted if we ever start declaring things as + # secret from macros or functions inside tests/include or tests/src. + SKIP_TEST_SUITES=$( + git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' | + sed 's/test_suite_//; s/\.function$//' | + tr '\n' ,) + export SKIP_TEST_SUITES +} + component_test_memsan_constant_flow () { # This tests both (1) accesses to undefined memory, and (2) branches or # memory access depending on secret values. To distinguish between those: @@ -1642,12 +1653,13 @@ component_test_valgrind_constant_flow () { scripts/config.py full scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + skip_suites_without_constant_flow cmake -D CMAKE_BUILD_TYPE:String=Release . make # this only shows a summary of the results (how many of each type) # details are left in Testing//DynamicAnalysis.xml - msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)" + msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)" make memcheck } @@ -1664,12 +1676,13 @@ component_test_valgrind_constant_flow_psa () { msg "build: cmake release GCC, full config with constant flow testing" scripts/config.py full scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + skip_suites_without_constant_flow cmake -D CMAKE_BUILD_TYPE:String=Release . make # this only shows a summary of the results (how many of each type) # details are left in Testing//DynamicAnalysis.xml - msg "test: main suites (valgrind + constant flow)" + msg "test: some suites (valgrind + constant flow)" make memcheck }