sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-10-19 00:04:35 -04:00
Code Issues Projects Releases Wiki Activity

adding scan-build test (#1240)

Browse Source 
* adding scan-build test

* upgrade to clang-14

* excluding Kyber from scan-build test
This commit is contained in:
Michael Baentsch 2022-06-30 14:49:06 +02:00 committed by GitHub
parent d402280283
commit fbb34be899
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.circleci/config.yml
View File

@ -21,6 +21,7 @@ localCheckout: &localCheckout
run: |- run: |-
PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd) PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd)
mkdir -p ${PROJECT_PATH} mkdir -p ${PROJECT_PATH}
git config --global --add safe.directory /tmp/_circleci_local_build_repo
cd /tmp/_circleci_local_build_repo cd /tmp/_circleci_local_build_repo
git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH} git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH} cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}
@ -124,6 +125,25 @@ jobs:
- store_artifacts: - store_artifacts:
path: build/test-results path: build/test-results
scan_build:
description: Executing scan-build test
parameters:
CONTAINER:
description: "The docker container to use."
type: string
docker:
- image: << parameters.CONTAINER >>
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure (excluding Kyber because of known issue)
command: mkdir build && cd build && pwd && source ~/.bashrc && scan-build-14 cmake -GNinja -DOQS_ENABLE_KEM_KYBER=OFF ..
- run:
name: Build
command: scan-build-14 --status-bugs ninja
working_directory: build
arm_machine: arm_machine:
description: A template for running liboqs tests on ARM(presently only 64) machines description: A template for running liboqs tests on ARM(presently only 64) machines
parameters: parameters:
@ -319,6 +339,11 @@ workflows:
# name: debian-buster # name: debian-buster
# context: openquantumsafe # context: openquantumsafe
# CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest # CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest
- scan_build:
<<: *require_buildcheck
name: scan_build
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
- linux_oqs: - linux_oqs:
<<: *require_buildcheck <<: *require_buildcheck
name: ubuntu-focal-noopenssl name: ubuntu-focal-noopenssl
@ -334,10 +359,10 @@ workflows:
PYTEST_ARGS: --ignore=tests/test_namespace.py --numprocesses=auto PYTEST_ARGS: --ignore=tests/test_namespace.py --numprocesses=auto
- linux_oqs: - linux_oqs:
<<: *require_buildcheck <<: *require_buildcheck
name: ubuntu-focal-clang9 name: ubuntu-focal-clang14
context: openquantumsafe context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-14
- linux_oqs: - linux_oqs:
<<: *require_buildcheck <<: *require_buildcheck
name: ubuntu-bionic-i386 name: ubuntu-bionic-i386

8
docs/algorithms/kem/kyber.md
View File

@ -47,6 +47,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
Are implementations chosen based on runtime CPU feature detection? **Yes**. Are implementations chosen based on runtime CPU feature detection? **Yes**.
Implementation known to fail [scan-build](https://clang-analyzer.llvm.org/scan-build.html).
## Kyber768 implementation characteristics ## Kyber768 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
@ -66,6 +68,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
Are implementations chosen based on runtime CPU feature detection? **Yes**. Are implementations chosen based on runtime CPU feature detection? **Yes**.
Implementation known to fail [scan-build](https://clang-analyzer.llvm.org/scan-build.html).
## Kyber1024 implementation characteristics ## Kyber1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
@ -85,6 +89,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
Are implementations chosen based on runtime CPU feature detection? **Yes**. Are implementations chosen based on runtime CPU feature detection? **Yes**.
Implementation known to fail [scan-build](https://clang-analyzer.llvm.org/scan-build.html).
## Explanation of Terms ## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments. - **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.