Nightly Valgrind Matrix #4421
Nightly Valgrind Matrix #4421
Conversation
reneme
force-pushed
the
ci/valgrind_matrix
branch
from
011d3fe
to
a2eaafc
Compare
|
I think the no optimizations case is not really that useful; if someone using using that in production they are insane since performance will be terrible, we quite explicitly rely on the compiler performing extensive inlining/etc. Same logic applies to There are two completely distinct reasons we're running valgrind
We should distinguish these in the build
|
I wanted to agree, but the -O0 did actually find something that may or may not be worth fixing: 67964a8 |
Given that the runtime is bearable (for a nightly job and excluding -O0), I am wondering whether it is really worth the effort of splitting these out. Perhaps to tweak the valgrind flags for the CT-matrix. But I'd put a question mark on the hand-picked tests, as we'll inevitably miss adding relevant things to this list in the future. |
reneme
force-pushed
the
ci/valgrind_matrix
branch
from
d270d43
to
0735ce1
Compare
Without this, the self-test won't be able to determine when to run the regression test on a compiler-induced side channel under -Os.
Both clang and GCC generate a conditional jump on a secret-dependent value when compiling without any optimizations (-O0)! My best guess is that the conjunction of two bools is generated canonically *jumping* over the evaluation of the second opperand when the first was already found to be false. Optimizers will figure out that this can be implemented using an 'and' instruction for two bool operands.
These are particularly slow for -O0, hence we run only the smallest configuration in the 'valgrind' target and leave the others to 'valgrind-full'.
This aims to increase the signal of secret-dependent execution gained from the CT::poison() helpers by running these Valgrind-based tests across a range of compilers and optimization flags. For instance randombit#4107 would have been detectable using this matrix.
reneme
force-pushed
the
ci/valgrind_matrix
branch
from
0735ce1
to
cdd6fc3
Compare
This sets up a configuration matrix for the nightly Valgrind run. In the hope to generate a stronger signal from the
CT::poison()helpers. For that, I introduced two new build targets 'valgrind-ct' and 'valgrind-ct-full'. Currently, as their only difference compared to the non-ct targets, they don't enable the--leak-check=full,--show-reachablesand--track-originsValgrind features.Explicitly note that the
clang -Osvariant would have been able to detect #4107, as evident by thect_selftest.pytest "clang_vs_bare_metal_ct_mask... ok" which reproduced this issue. This particular self-test is skipped for all other configurations.Below are some runtimes. Note that the compiliation results were cached in ccache (from previous test runs). So these runtimes are mostly comprised of runner setup, cached compilation and valgrind-hosted test suite runtime.
🔸, means that it ran a reduced set of tests (
valgrind-ct)The valgrind configuration matrix also contains the existing 'valgrind-full' run on clang with -O3. This is the only configuration that explicitly aims to find memory bugs and enables the
--leak-check=full,--show-reachablesand--track-originsValgrind features.Here are, now outdated, runtimes (before switching off
--leak-check,--show-reachables,--track-origins) and compiling with a cold ccache:❌, means that they failed in a timeout after 6 hours.
🔸, means that it timed out with
valgrind-fullbut succeeded withvalgrindCloses #4396