diff --git a/.circleci/config.yml b/.circleci/config.yml index 8c1cdbbc8..7bcc28dd0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -21,6 +21,7 @@ localCheckout: &localCheckout run: |- PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd) mkdir -p ${PROJECT_PATH} + git config --global --add safe.directory /tmp/_circleci_local_build_repo cd /tmp/_circleci_local_build_repo git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH} cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH} @@ -124,6 +125,25 @@ jobs: - store_artifacts: path: build/test-results + + scan_build: + description: Executing scan-build test + parameters: + CONTAINER: + description: "The docker container to use." + type: string + docker: + - image: << parameters.CONTAINER >> + steps: + - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally + - run: + name: Configure (excluding Kyber because of known issue) + command: mkdir build && cd build && pwd && source ~/.bashrc && scan-build-14 cmake -GNinja -DOQS_ENABLE_KEM_KYBER=OFF .. + - run: + name: Build + command: scan-build-14 --status-bugs ninja + working_directory: build + arm_machine: description: A template for running liboqs tests on ARM(presently only 64) machines parameters: @@ -319,6 +339,11 @@ workflows: # name: debian-buster # context: openquantumsafe # CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest + - scan_build: + <<: *require_buildcheck + name: scan_build + context: openquantumsafe + CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest - linux_oqs: <<: *require_buildcheck name: ubuntu-focal-noopenssl @@ -334,10 +359,10 @@ workflows: PYTEST_ARGS: --ignore=tests/test_namespace.py --numprocesses=auto - linux_oqs: <<: *require_buildcheck - name: ubuntu-focal-clang9 + name: ubuntu-focal-clang14 context: openquantumsafe CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest - CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 + CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-14 - linux_oqs: <<: *require_buildcheck name: ubuntu-bionic-i386 diff --git a/docs/algorithms/kem/kyber.md b/docs/algorithms/kem/kyber.md index 89e415e3a..d979f944b 100644 --- a/docs/algorithms/kem/kyber.md +++ b/docs/algorithms/kem/kyber.md @@ -47,6 +47,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. Are implementations chosen based on runtime CPU feature detection? **Yes**. +Implementation known to fail [scan-build](https://clang-analyzer.llvm.org/scan-build.html). + ## Kyber768 implementation characteristics | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | @@ -66,6 +68,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. Are implementations chosen based on runtime CPU feature detection? **Yes**. +Implementation known to fail [scan-build](https://clang-analyzer.llvm.org/scan-build.html). + ## Kyber1024 implementation characteristics | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | @@ -85,6 +89,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. Are implementations chosen based on runtime CPU feature detection? **Yes**. +Implementation known to fail [scan-build](https://clang-analyzer.llvm.org/scan-build.html). + ## Explanation of Terms -- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments. \ No newline at end of file +- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.