diff --git a/CMakeLists.txt b/CMakeLists.txt index c855a5c578..32772bb255 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -707,8 +707,8 @@ if(USE_CUSTOM_LIBCXX) message(FATAL_ERROR "USE_CUSTOM_LIBCXX only supported with Clang") endif() - # The docker images set an environement variable to the llvm project directory which the sandbox builds will use, - # you can also pass in the llvm project path as a CMake parameter which takes precedance over the environment variable + # The docker images set an environment variable to the llvm project directory which the sandbox builds will use, + # you can also pass in the llvm project path as a CMake parameter which takes precedence over the environment variable if(DEFINED ENV{LLVM_PROJECT_HOME} AND NOT LLVM_PROJECT_HOME) set(LLVM_PROJECT_HOME $ENV{LLVM_PROJECT_HOME}) endif() @@ -732,7 +732,7 @@ if(USE_CUSTOM_LIBCXX) # This is patterned after buildtools/third_party/libc++/BUILD.gn and # buildtools/third_party/libc++abi/BUILD.gn in Chromium. - file(GLOB LIBCXX_SOURCES "${LLVM_PROJECT_HOME}/libcxx/src/*.cpp") + file(GLOB LIBCXX_SOURCES "${LLVM_PROJECT_HOME}/libcxx/src/*.cpp" "${LLVM_PROJECT_HOME}/libcxx/src/ryu/*.cpp") file(GLOB LIBCXXABI_SOURCES "${LLVM_PROJECT_HOME}/libcxxabi/src/*.cpp") # This file is meant for exception-less builds. @@ -751,9 +751,6 @@ if(USE_CUSTOM_LIBCXX) libcxxabi PRIVATE -D_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS ) - set_target_properties(libcxxabi PROPERTIES COMPILE_FLAGS "-Wno-missing-prototypes -Wno-implicit-fallthrough") - # libc++abi depends on libc++ internal headers. - set_property(TARGET libcxxabi APPEND PROPERTY INCLUDE_DIRECTORIES "${LLVM_PROJECT_HOME}/libcxx/src") add_library(libcxx ${LIBCXX_SOURCES}) if(ASAN OR MSAN OR TSAN) @@ -768,6 +765,15 @@ if(USE_CUSTOM_LIBCXX) -D_LIBCPP_BUILDING_LIBRARY -DLIBCXX_BUILDING_LIBCXXABI ) + set_target_properties( + libcxx libcxxabi PROPERTIES + COMPILE_FLAGS "-Wno-missing-prototypes -Wno-implicit-fallthrough" + # libc++ and libc++abi must be built in C++20 mode. + CXX_STANDARD 20 + CXX_STANDARD_REQUIRED TRUE + ) + # libc++abi depends on libc++ internal headers. + set_property(TARGET libcxx libcxxabi APPEND PROPERTY INCLUDE_DIRECTORIES "${LLVM_PROJECT_HOME}/libcxx/src") target_link_libraries(libcxx libcxxabi) endif() diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index b73dff9cd8..2f61fd1cfb 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -160,7 +160,14 @@ int i2c_ASN1_INTEGER(const ASN1_INTEGER *in, unsigned char **outp) { if (pad) { (*outp)[0] = 0; } - OPENSSL_memcpy(*outp + pad, in->data + start, in->length - start); + // If in->data is null the Undefined Behavior Sanitior flags this as applying + // an offset to a null pointer. Gracefully handle the case even though + // OPENSSL_memcpy handles the case when in->data is null and in->length is zero. + // Don't return early because an empty integer is still encoded as a single + // below byte. + if (in->data != NULL) { + OPENSSL_memcpy(*outp + pad, in->data + start, in->length - start); + } if (is_negative) { negate_twos_complement(*outp, len); assert((*outp)[0] >= 0x80); diff --git a/crypto/blake2/blake2.c b/crypto/blake2/blake2.c index e757e66864..a662f95a1b 100644 --- a/crypto/blake2/blake2.c +++ b/crypto/blake2/blake2.c @@ -105,6 +105,12 @@ void BLAKE2B256_Init(BLAKE2B_CTX *b2b) { } void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *in_data, size_t len) { + // A length of zero is a valid input, however there is no work to be done and + // the logic below attempts to apply a zero offset to the potentially null + // pointer in_data which is undefined behavior. + if (len == 0) { + return; + } const uint8_t *data = (const uint8_t *)in_data; size_t todo = sizeof(b2b->block.bytes) - b2b->block_used; @@ -116,7 +122,7 @@ void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *in_data, size_t len) { data += todo; len -= todo; - if (!len) { + if (len == 0) { return; } diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_linux_arm_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_linux_arm_omnibus.yaml index e181def9ec..cb304393f9 100644 --- a/tests/ci/cdk/cdk/codebuild/github_ci_linux_arm_omnibus.yaml +++ b/tests/ci/cdk/cdk/codebuild/github_ci_linux_arm_omnibus.yaml @@ -90,64 +90,6 @@ batch: compute-type: BUILD_GENERAL1_LARGE image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:ubuntu-20.04_clang-9x_latest - - identifier: ubuntu2004_clang9x_aarch_sanitizer - buildspec: ./tests/ci/codebuild/linux-aarch/run_sanitizer_tests.yml - env: - type: ARM_CONTAINER - privileged-mode: true - compute-type: BUILD_GENERAL1_LARGE - image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:ubuntu-20.04_clang-9x_sanitizer_latest - - # BoringSSL has 7k+ ssl runner tests, and the total number of the runner tests keep increasing. - # When ASAN enabled, the tests take more than 1 hour to finish. The cause relates to https://github.com/google/sanitizers/issues/1331 - # To reduce the total time, these tests will be executed in below CodeBuild dimensions: - # 1. ubuntu2004_clang9x_ssl_asan_1 - # 2. ubuntu2004_clang9x_ssl_asan_2 - # 3. ubuntu2004_clang9x_ssl_asan_3 - # 4. ubuntu2004_clang9x_ssl_asan_4 - # Env var |AWS_LC_SSL_RUNNER_START_INDEX| and |AWS_LC_SSL_RUNNER_END_INDEX| are used to filter the runner tests. - - identifier: ubuntu2004_clang9x_ssl_asan_1 - buildspec: ./tests/ci/codebuild/linux-aarch/run_ssl_asan_tests.yml - env: - type: ARM_CONTAINER - privileged-mode: true - compute-type: BUILD_GENERAL1_LARGE - image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:ubuntu-20.04_clang-9x_latest - variables: - AWS_LC_SSL_RUNNER_END_INDEX: 3500 - - - identifier: ubuntu2004_clang9x_ssl_asan_2 - buildspec: ./tests/ci/codebuild/linux-aarch/run_ssl_asan_tests.yml - env: - type: ARM_CONTAINER - privileged-mode: true - compute-type: BUILD_GENERAL1_LARGE - image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:ubuntu-20.04_clang-9x_latest - variables: - AWS_LC_SSL_RUNNER_START_INDEX: 3501 - AWS_LC_SSL_RUNNER_END_INDEX: 5500 - - - identifier: ubuntu2004_clang9x_ssl_asan_3 - buildspec: ./tests/ci/codebuild/linux-aarch/run_ssl_asan_tests.yml - env: - type: ARM_CONTAINER - privileged-mode: true - compute-type: BUILD_GENERAL1_LARGE - image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:ubuntu-20.04_clang-9x_latest - variables: - AWS_LC_SSL_RUNNER_START_INDEX: 5501 - AWS_LC_SSL_RUNNER_END_INDEX: 7000 - - - identifier: ubuntu2004_clang9x_ssl_asan_4 - buildspec: ./tests/ci/codebuild/linux-aarch/run_ssl_asan_tests.yml - env: - type: ARM_CONTAINER - privileged-mode: true - compute-type: BUILD_GENERAL1_LARGE - image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:ubuntu-20.04_clang-9x_latest - variables: - AWS_LC_SSL_RUNNER_START_INDEX: 7001 - - identifier: ubuntu2004_clang10x_aarch buildspec: ./tests/ci/codebuild/linux-aarch/run_posix_tests.yml env: @@ -239,3 +181,62 @@ batch: privileged-mode: true compute-type: BUILD_GENERAL1_LARGE image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:amazonlinux-2022_gcc-11x_latest + + - identifier: amazonlinux_2022_clang_14x_sanitizer + buildspec: ./tests/ci/codebuild/linux-aarch/run_sanitizer_tests.yml + env: + type: ARM_CONTAINER + privileged-mode: true + compute-type: BUILD_GENERAL1_LARGE + image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:amazonlinux-2022_clang-14x_sanitizer_latest + + # BoringSSL has 7k+ ssl runner tests, and the total number of the runner tests keep increasing. + # When ASAN enabled, the tests take more than 1 hour to finish. The cause relates to https://github.com/google/sanitizers/issues/1331, + # https://github.com/google/sanitizers/issues/703, and fixed in https://reviews.llvm.org/D60243 which is pending a review. + # To reduce the total time, these tests will be executed in below CodeBuild dimensions: + # 1. amazonlinux_2022_clang_14x_ssl_asan1 + # 2. amazonlinux_2022_clang_14x_ssl_asan2 + # 3. amazonlinux_2022_clang_14x_ssl_asan3 + # 4. amazonlinux_2022_clang_14x_ssl_asan4 + # Env var |AWS_LC_SSL_RUNNER_START_INDEX| and |AWS_LC_SSL_RUNNER_END_INDEX| are used to filter the runner tests. + - identifier: amazonlinux_2022_clang_14x_ssl_asan1 + buildspec: ./tests/ci/codebuild/linux-aarch/run_ssl_asan_tests.yml + env: + type: ARM_CONTAINER + privileged-mode: true + compute-type: BUILD_GENERAL1_LARGE + image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:amazonlinux-2022_clang-14x_sanitizer_latest + variables: + AWS_LC_SSL_RUNNER_END_INDEX: 3500 + + - identifier: amazonlinux_2022_clang_14x_ssl_asan2 + buildspec: ./tests/ci/codebuild/linux-aarch/run_ssl_asan_tests.yml + env: + type: ARM_CONTAINER + privileged-mode: true + compute-type: BUILD_GENERAL1_LARGE + image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:amazonlinux-2022_clang-14x_sanitizer_latest + variables: + AWS_LC_SSL_RUNNER_START_INDEX: 3501 + AWS_LC_SSL_RUNNER_END_INDEX: 5500 + + - identifier: amazonlinux_2022_clang_14x_ssl_asan3 + buildspec: ./tests/ci/codebuild/linux-aarch/run_ssl_asan_tests.yml + env: + type: ARM_CONTAINER + privileged-mode: true + compute-type: BUILD_GENERAL1_LARGE + image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:amazonlinux-2022_clang-14x_sanitizer_latest + variables: + AWS_LC_SSL_RUNNER_START_INDEX: 5501 + AWS_LC_SSL_RUNNER_END_INDEX: 7000 + + - identifier: amazonlinux_2022_clang_14x_ssl_asan4 + buildspec: ./tests/ci/codebuild/linux-aarch/run_ssl_asan_tests.yml + env: + type: ARM_CONTAINER + privileged-mode: true + compute-type: BUILD_GENERAL1_LARGE + image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:amazonlinux-2022_clang-14x_sanitizer_latest + variables: + AWS_LC_SSL_RUNNER_START_INDEX: 7001 diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml index 1b7669ca5f..ccff062d7f 100644 --- a/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml +++ b/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml @@ -122,14 +122,6 @@ batch: compute-type: BUILD_GENERAL1_LARGE image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-9x_latest - - identifier: ubuntu2004_clang9x_x86_64_sanitizer - buildspec: ./tests/ci/codebuild/linux-x86/run_sanitizer_tests.yml - env: - type: LINUX_CONTAINER - privileged-mode: true - compute-type: BUILD_GENERAL1_LARGE - image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-9x_sanitizer_latest - - identifier: ubuntu2004_clang10x_x86_64 buildspec: ./tests/ci/codebuild/linux-x86/run_posix_tests.yml env: @@ -256,6 +248,15 @@ batch: compute-type: BUILD_GENERAL1_LARGE image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:amazonlinux-2022_clang-14x_latest + - identifier: amazonlinux2022_clang14x_x86_64_sanitizer + buildspec: ./tests/ci/codebuild/linux-x86/run_sanitizer_tests.yml + env: + type: LINUX_CONTAINER + privileged-mode: true + compute-type: BUILD_GENERAL1_LARGE + image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:amazonlinux-2022_clang-14x_sanitizer_latest + + - identifier: s2n_integration buildspec: ./tests/ci/codebuild/linux-x86/s2n_integration.yml env: diff --git a/tests/ci/docker_images/linux-aarch/amazonlinux-2022_clang-14x_sanitizer/Dockerfile b/tests/ci/docker_images/linux-aarch/amazonlinux-2022_clang-14x_sanitizer/Dockerfile new file mode 100644 index 0000000000..b3d80ce4a7 --- /dev/null +++ b/tests/ci/docker_images/linux-aarch/amazonlinux-2022_clang-14x_sanitizer/Dockerfile @@ -0,0 +1,25 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 OR ISC + +FROM amazonlinux-2022-aarch:clang-14x + +SHELL ["/bin/bash", "-c"] + +ENV DEPENDENCIES_DIR=/home/dependencies +ENV LLVM_PROJECT_HOME=${DEPENDENCIES_DIR}/llvm-project + +RUN set -ex && \ + yum -y update && yum install -y \ + llvm \ + llvm-devel \ + lld && \ + mkdir -p ${DEPENDENCIES_DIR} && \ + cd ${DEPENDENCIES_DIR} && \ + git clone https://github.com/llvm/llvm-project.git --branch llvmorg-14.0.5 --depth 1 && \ + cd llvm-project && rm -rf $(ls -A | grep -Ev "(libcxx|libcxxabi)") && \ + yum clean packages && \ + yum clean metadata && \ + yum clean all && \ + rm -rf /tmp/* && \ + rm -rf /var/cache/yum + diff --git a/tests/ci/docker_images/linux-aarch/build_images.sh b/tests/ci/docker_images/linux-aarch/build_images.sh index f07522494c..5760350a98 100755 --- a/tests/ci/docker_images/linux-aarch/build_images.sh +++ b/tests/ci/docker_images/linux-aarch/build_images.sh @@ -12,6 +12,7 @@ docker build -t amazonlinux-2-aarch:clang-7x amazonlinux-2_clang-7x docker build -t amazonlinux-2022-aarch:base amazonlinux-2022_base docker build -t amazonlinux-2022-aarch:gcc-11x amazonlinux-2022_gcc-11x docker build -t amazonlinux-2022-aarch:clang-14x amazonlinux-2022_clang-14x +docker build -t amazonlinux-2022-aarch:clang-14x-sanitizer amazonlinux-2022_clang-14x_sanitizer docker build -t ubuntu-20.04-aarch:base ubuntu-20.04_base docker build -t ubuntu-20.04-aarch:gcc-7x ubuntu-20.04_gcc-7x docker build -t ubuntu-20.04-aarch:gcc-8x ubuntu-20.04_gcc-8x @@ -19,7 +20,6 @@ docker build -t ubuntu-20.04-aarch:clang-7x ubuntu-20.04_clang-7x docker build -t ubuntu-20.04-aarch:clang-8x ubuntu-20.04_clang-8x docker build -t ubuntu-20.04-aarch:clang-9x ubuntu-20.04_clang-9x docker build -t ubuntu-20.04-aarch:clang-10x ubuntu-20.04_clang-10x -docker build -t ubuntu-20.04-aarch:clang-9x-sanitizer ubuntu-20.04_clang-9x_sanitizer docker build -t ubuntu-20.04-aarch:clang-7x-bm-framework ubuntu-20.04_clang-7x-bm-framework docker build -t ubuntu-22.04-aarch:base ubuntu-22.04_base docker build -t ubuntu-22.04-aarch:gcc-11x ubuntu-22.04_gcc-11x diff --git a/tests/ci/docker_images/linux-aarch/push_images.sh b/tests/ci/docker_images/linux-aarch/push_images.sh index 03650faf6f..c352f85f22 100755 --- a/tests/ci/docker_images/linux-aarch/push_images.sh +++ b/tests/ci/docker_images/linux-aarch/push_images.sh @@ -19,13 +19,13 @@ tag_and_push_img 'amazonlinux-2-aarch:gcc-7x' "${ECS_REPO}:amazonlinux-2_gcc-7x" tag_and_push_img 'amazonlinux-2-aarch:clang-7x' "${ECS_REPO}:amazonlinux-2_clang-7x" tag_and_push_img 'amazonlinux-2022-aarch:gcc-11x' "${ECS_REPO}:amazonlinux-2022_gcc-11x" tag_and_push_img 'amazonlinux-2022-aarch:clang-14x' "${ECS_REPO}:amazonlinux-2022_clang-14x" +tag_and_push_img 'amazonlinux-2022-aarch:clang-14x-sanitizer' "${ECS_REPO}:amazonlinux-2022_clang-14x_sanitizer" tag_and_push_img 'ubuntu-20.04-aarch:gcc-7x' "${ECS_REPO}:ubuntu-20.04_gcc-7x" tag_and_push_img 'ubuntu-20.04-aarch:gcc-8x' "${ECS_REPO}:ubuntu-20.04_gcc-8x" tag_and_push_img 'ubuntu-20.04-aarch:clang-7x' "${ECS_REPO}:ubuntu-20.04_clang-7x" tag_and_push_img 'ubuntu-20.04-aarch:clang-8x' "${ECS_REPO}:ubuntu-20.04_clang-8x" tag_and_push_img 'ubuntu-20.04-aarch:clang-9x' "${ECS_REPO}:ubuntu-20.04_clang-9x" tag_and_push_img 'ubuntu-20.04-aarch:clang-10x' "${ECS_REPO}:ubuntu-20.04_clang-10x" -tag_and_push_img 'ubuntu-20.04-aarch:clang-9x-sanitizer' "${ECS_REPO}:ubuntu-20.04_clang-9x_sanitizer" tag_and_push_img 'ubuntu-20.04-aarch:clang-7x-bm-framework' "${ECS_REPO}:ubuntu-20.04_clang-7x-bm-framework" tag_and_push_img 'ubuntu-20.04-aarch:cryptofuzz' "${ECS_REPO}:ubuntu-20.04_cryptofuzz" tag_and_push_img 'ubuntu-22.04-aarch:gcc-11x' "${ECS_REPO}:ubuntu-22.04_gcc-11x" diff --git a/tests/ci/docker_images/linux-aarch/ubuntu-20.04_clang-9x_sanitizer/Dockerfile b/tests/ci/docker_images/linux-aarch/ubuntu-20.04_clang-9x_sanitizer/Dockerfile deleted file mode 100644 index 011e983d82..0000000000 --- a/tests/ci/docker_images/linux-aarch/ubuntu-20.04_clang-9x_sanitizer/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 OR ISC - -FROM ubuntu-20.04-aarch:clang-9x - -SHELL ["/bin/bash", "-c"] - -RUN set -ex && \ - apt-get update && \ - apt-get -y --no-install-recommends upgrade && \ - apt-get -y --no-install-recommends install \ - llvm-9-dev && \ - apt-get autoremove --purge -y && \ - apt-get clean && \ - apt-get autoclean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* diff --git a/tests/ci/docker_images/linux-x86/amazonlinux-2022_clang-14x_sanitizer/Dockerfile b/tests/ci/docker_images/linux-x86/amazonlinux-2022_clang-14x_sanitizer/Dockerfile new file mode 100644 index 0000000000..2193b38fdd --- /dev/null +++ b/tests/ci/docker_images/linux-x86/amazonlinux-2022_clang-14x_sanitizer/Dockerfile @@ -0,0 +1,24 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 OR ISC + +FROM amazonlinux-2022:clang-14x + +SHELL ["/bin/bash", "-c"] + +ENV DEPENDENCIES_DIR=/home/dependencies +ENV LLVM_PROJECT_HOME=${DEPENDENCIES_DIR}/llvm-project + +RUN set -ex && \ + yum -y update && yum install -y \ + llvm \ + llvm-devel \ + lld && \ + mkdir -p ${DEPENDENCIES_DIR} && \ + cd ${DEPENDENCIES_DIR} && \ + git clone https://github.com/llvm/llvm-project.git --branch llvmorg-14.0.5 --depth 1 && \ + cd llvm-project && rm -rf $(ls -A | grep -Ev "(libcxx|libcxxabi)") && \ + yum clean packages && \ + yum clean metadata && \ + yum clean all && \ + rm -rf /tmp/* && \ + rm -rf /var/cache/yum diff --git a/tests/ci/docker_images/linux-x86/build_images.sh b/tests/ci/docker_images/linux-x86/build_images.sh index 8a83fff731..658bc714f0 100755 --- a/tests/ci/docker_images/linux-x86/build_images.sh +++ b/tests/ci/docker_images/linux-x86/build_images.sh @@ -22,7 +22,6 @@ docker build -t ubuntu-20.04:clang-9x ubuntu-20.04_clang-9x docker build -t ubuntu-20.04:clang-10x ubuntu-20.04_clang-10x docker build -t ubuntu-20.04:android ubuntu-20.04_android docker build -t ubuntu-20.04:clang-7x-bm-framework ubuntu-20.04_clang-7x-bm-framework -docker build -t ubuntu-20.04:clang-9x-sanitizer ubuntu-20.04_clang-9x_sanitizer # This passes in the Dockerfile in the folder but uses the parent directory for the context so it has access to cryptofuzz_data.zip docker build -t ubuntu-20.04:cryptofuzz -f ubuntu-20.04_cryptofuzz/Dockerfile ../ docker build -t ubuntu-22.04:base ubuntu-22.04_base @@ -35,6 +34,7 @@ docker build -t amazonlinux-2:clang-7x amazonlinux-2_clang-7x docker build -t amazonlinux-2022:base amazonlinux-2022_base docker build -t amazonlinux-2022:gcc-11x amazonlinux-2022_gcc-11x docker build -t amazonlinux-2022:clang-14x amazonlinux-2022_clang-14x +docker build -t amazonlinux-2022:clang-14x-sanitizer amazonlinux-2022_clang-14x_sanitizer docker build -t ubuntu-16.04:gcc-5x ubuntu-16.04_gcc-5x docker build -t centos-7:gcc-4x centos-7_gcc-4x docker build -t fedora-31:clang-9x fedora-31_clang-9x diff --git a/tests/ci/docker_images/linux-x86/push_images.sh b/tests/ci/docker_images/linux-x86/push_images.sh index bf88f5bf53..ef725f5cb9 100755 --- a/tests/ci/docker_images/linux-x86/push_images.sh +++ b/tests/ci/docker_images/linux-x86/push_images.sh @@ -23,7 +23,6 @@ tag_and_push_img 'ubuntu-20.04:clang-8x' "${ECS_REPO}:ubuntu-20.04_clang-8x" tag_and_push_img 'ubuntu-20.04:clang-9x' "${ECS_REPO}:ubuntu-20.04_clang-9x" tag_and_push_img 'ubuntu-20.04:clang-10x' "${ECS_REPO}:ubuntu-20.04_clang-10x" tag_and_push_img 'ubuntu-20.04:android' "${ECS_REPO}:ubuntu-20.04_android" -tag_and_push_img 'ubuntu-20.04:clang-9x-sanitizer' "${ECS_REPO}:ubuntu-20.04_clang-9x_sanitizer" tag_and_push_img 'ubuntu-20.04:clang-7x-bm-framework' "${ECS_REPO}:ubuntu-20.04_clang-7x-bm-framework" tag_and_push_img 'ubuntu-20.04:cryptofuzz' "${ECS_REPO}:ubuntu-20.04_cryptofuzz" tag_and_push_img 'ubuntu-20.04:clang-10x_formal-verification' "${ECS_REPO}:ubuntu-20.04_clang-10x_formal-verification" @@ -37,5 +36,6 @@ tag_and_push_img 'amazonlinux-2:clang-7x' "${ECS_REPO}:amazonlinux-2_clang-7x" tag_and_push_img 'amazonlinux-2:gcc-7x-intel-sde' "${ECS_REPO}:amazonlinux-2_gcc-7x_intel-sde" tag_and_push_img 'amazonlinux-2022:gcc-11x' "${ECS_REPO}:amazonlinux-2022_gcc-11x" tag_and_push_img 'amazonlinux-2022:clang-14x' "${ECS_REPO}:amazonlinux-2022_clang-14x" +tag_and_push_img 'amazonlinux-2022:clang-14x-sanitizer' "${ECS_REPO}:amazonlinux-2022_clang-14x_sanitizer" tag_and_push_img 'fedora-31:clang-9x' "${ECS_REPO}:fedora-31_clang-9x" tag_and_push_img 'ubuntu-10.04_gcc-4.1x' "${ECS_REPO}:ubuntu-10.04_gcc-4.1x" diff --git a/tests/ci/docker_images/linux-x86/ubuntu-20.04_clang-9x_sanitizer/Dockerfile b/tests/ci/docker_images/linux-x86/ubuntu-20.04_clang-9x_sanitizer/Dockerfile deleted file mode 100644 index c93837a6ea..0000000000 --- a/tests/ci/docker_images/linux-x86/ubuntu-20.04_clang-9x_sanitizer/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 OR ISC - -FROM ubuntu-20.04:clang-9x - -SHELL ["/bin/bash", "-c"] - -RUN set -ex && \ - apt-get update && \ - apt-get -y --no-install-recommends upgrade && \ - apt-get -y --no-install-recommends install \ - llvm-9-dev && \ - apt-get autoremove --purge -y && \ - apt-get clean && \ - apt-get autoclean && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* diff --git a/tests/ci/run_posix_sanitizers.sh b/tests/ci/run_posix_sanitizers.sh index cc4ab56835..18fe0bca2c 100755 --- a/tests/ci/run_posix_sanitizers.sh +++ b/tests/ci/run_posix_sanitizers.sh @@ -7,8 +7,7 @@ source tests/ci/common_posix_setup.sh build_type=Release cflags=("-DCMAKE_BUILD_TYPE=${build_type}") - -if [ $(dpkg --print-architecture) == "arm64" ]; then +if [ $(uname -p) == "aarch64" ]; then # BoringSSL provides two sets tests: the C/C++ tests and the blackbox tests. # Details: https://github.com/google/boringssl/blob/master/BUILDING.md # The blackbox tests (run `go test` under `ssl/test/runner`) take 30 minutes to complete on ARM when ASAN clang flag enabled. @@ -16,22 +15,22 @@ if [ $(dpkg --print-architecture) == "arm64" ]; then # Instead of running the two sets tests, only the former test is executed here. ssl runner tests are covered by |run_ssl_asan_tests.sh|. # https://github.com/google/sanitizers/issues/1331 echo "Building AWS-LC in ${build_type} mode with address sanitizer, and running only non ssl test." - run_build -DASAN=1 -DUSE_CUSTOM_LIBCXX=1 "${cflags[@]}" + run_build -DASAN=1 "${cflags[@]}" go run util/all_tests.go -build-dir "$BUILD_ROOT" else echo "Testing AWS-LC in ${build_type} mode with address sanitizer." - build_and_test -DASAN=1 -DUSE_CUSTOM_LIBCXX=1 "${cflags[@]}" + build_and_test -DASAN=1 "${cflags[@]}" fi echo "Testing AWS-LC in ${build_type} mode with control flow integrity sanitizer." -build_and_test -DCFI=1 -DUSE_CUSTOM_LIBCXX=1 "${cflags[@]}" +build_and_test -DCFI=1 "${cflags[@]}" echo "Testing AWS-LC in ${build_type} mode with undefined behavior sanitizer." export UBSAN_OPTIONS=print_stacktrace=1 build_and_test -DUBSAN=1 "${cflags[@]}" unset UBSAN_OPTIONS -if [ $(dpkg --print-architecture) == "arm64" ]; then +if [ $(uname -p) == "aarch64" ]; then # ARM MSAN runs get stuck on PoolTest.Threads for over an hour https://github.com/awslabs/aws-lc/issues/13 echo "Building AWS-LC in ${build_type} mode with memory sanitizer." run_build -DMSAN=1 -DUSE_CUSTOM_LIBCXX=1 "${cflags[@]}" @@ -40,7 +39,7 @@ else build_and_test -DMSAN=1 -DUSE_CUSTOM_LIBCXX=1 "${cflags[@]}" fi -if [ $(dpkg --print-architecture) == "amd64" ]; then +if [ $(uname -p) == "x86_64" ]; then # x86 TSAN runs get stuck on PoolTest.Threads for over an hour https://github.com/awslabs/aws-lc/issues/13 echo "Building AWS-LC in ${build_type} mode with thread sanitizer." run_build -DTSAN=1 -DUSE_CUSTOM_LIBCXX=1 "${cflags[@]}" diff --git a/tests/ci/run_ssl_asan_tests.sh b/tests/ci/run_ssl_asan_tests.sh index 9417ef1252..6b57611c3c 100755 --- a/tests/ci/run_ssl_asan_tests.sh +++ b/tests/ci/run_ssl_asan_tests.sh @@ -12,8 +12,8 @@ source tests/ci/common_posix_setup.sh build_type=Release cflags=("-DCMAKE_BUILD_TYPE=${build_type}") -if [ $(dpkg --print-architecture) == "arm64" ]; then +if [ $(uname -p) == "aarch64" ]; then echo "Executing AWS-LC SSL runner tests in ${build_type} mode with address sanitizer." - run_build -DASAN=1 -DUSE_CUSTOM_LIBCXX=1 "${cflags[@]}" + run_build -DASAN=1 "${cflags[@]}" run_cmake_custom_target 'run_ssl_runner_tests' fi diff --git a/util/bot/DEPS b/util/bot/DEPS index 0a54abe07b..7f91ca971d 100644 --- a/util/bot/DEPS +++ b/util/bot/DEPS @@ -25,18 +25,17 @@ vars = { # cipd describe PACKAGE_NAME -version latest # infra/3pp/tools/cmake/linux-amd64 - 'cmake_version': 'version:2@3.23.1', + 'cmake_version': 'version:2@3.25.0.chromium.5', # infra/3pp/tools/go/linux-amd64 - 'go_version': 'version:2@1.18.2', + 'go_version': 'version:2@1.19.3', # Update the following from # https://chromium.googlesource.com/chromium/src/+/main/DEPS - 'android_sdk_platform-tools_version': 'g7n_-r6yJd_SGRklujGB1wEt8iyr77FZTUJVS9w6O34C', + 'android_sdk_platform-tools_version': 'RSI3iwryh7URLGRgJHsCvUxj092woTPnKt4pwFcJ6L8C', 'android_ndk_revision': '8388a2be5421311dc75c5f937aae13d821a27f3d', 'libfuzzer_revision': 'debe7d2d1982e540fbd6bd78604bf001753f9e74', - 'libcxx_revision': '79a2e924d96e2fc1e4b937c42efd08898fa472d7', - 'libcxxabi_revision': '9b8228b4a9be26e0881f36089d9a8d62df851acc', - 'ninja_version': 'version:2@1.8.2.chromium.3', + 'libcxx_revision': 'cd0a05047451dfbdef5ba85f97ac4888e432a377', + 'libcxxabi_revision': '1a32724f721e1c3b6c590a07fe4a954344f15e48', } deps = { diff --git a/util/bot/UPDATING b/util/bot/UPDATING index 10c2295e8a..8eaa1cfa84 100644 --- a/util/bot/UPDATING +++ b/util/bot/UPDATING @@ -26,14 +26,11 @@ update, place the updated files in their intended location and run: nasm-win32.exe: Update to the appropriate release of NASM, found at https://www.nasm.us/. Use the same version as Chromium, found at - https://chromium.googlesource.com/chromium/src/+/main/third_party/nasm/README.chromium + https://chromium.googlesource.com/chromium/deps/nasm/+/refs/heads/main/README.chromium Extract nasm.exe from the download named nasm-VERSION-win64.zip. The current revision is nasm-2.13.03-win64.zip. - TODO(davidben): The Chromium link currently does not work. It will get - filled in in the future. See https://crbug.com/766721. - perl-win32.zip: Update to the latest 64-bit prebuilt "Portable" edition of Strawberry Perl, found at http://strawberryperl.com/releases.html. The download will be named strawberry-perl-VERSION-64bit-portable.zip. diff --git a/util/bot/update_clang.py b/util/bot/update_clang.py index 59b0cad926..0970514093 100644 --- a/util/bot/update_clang.py +++ b/util/bot/update_clang.py @@ -28,8 +28,8 @@ # CLANG_REVISION and CLANG_SUB_REVISION determine the build of clang # to use. These should be synced with tools/clang/scripts/update.py in # Chromium. -CLANG_REVISION = 'llvmorg-15-init-10168-gc2a7904a' -CLANG_SUB_REVISION = 2 +CLANG_REVISION = 'llvmorg-16-init-10736-ged9638c4' +CLANG_SUB_REVISION = 1 PACKAGE_VERSION = '%s-%s' % (CLANG_REVISION, CLANG_SUB_REVISION) @@ -94,7 +94,7 @@ def DownloadAndUnpack(url, output_dir): DownloadUrl(url, f) f.seek(0) EnsureDirExists(output_dir) - tarfile.open(mode='r:gz', fileobj=f).extractall(path=output_dir) + tarfile.open(mode='r:*', fileobj=f).extractall(path=output_dir) def ReadStampFile(path=STAMP_FILE): @@ -133,7 +133,7 @@ def CopyFile(src, dst): def UpdateClang(): - cds_file = "clang-%s.tgz" % PACKAGE_VERSION + cds_file = "clang-%s.tar.xz" % PACKAGE_VERSION if sys.platform == 'win32' or sys.platform == 'cygwin': cds_full_url = CDS_URL + '/Win/' + cds_file elif sys.platform.startswith('linux'):