Expand i386 all.sh tests to include full configuration ASan builds

[simonbutcher]

Description

The i386 test builds were only building the default configuration and had no address sanitisation. This pull request expands the test configuration to the full configuration in all.sh and generates ASan builds for test suite execution.

This pull request extends test coverage sufficiently that issue #1550, where the MPI assembly code on i386 which was fundamentally broken, would have been caught.

It also fixes the inline assembly which was previously only being included in builds with no optimisation, which was the opposite of what it should have been doing.

Once reviewed, this PR needs backporting.

Status

READY

Requires Backporting

Yes

Which branch?
mbedtls-2.7 and mbedtls-2.1

Todos

• Tests
• Documentation
• Changelog updated
• Backported

[RonEld]

wouldn't we want ASan build for ILP32 as well?

[simonbutcher]

Installing libasan for x32 didn't seem straight forward, and I guess isn't commonly used.

If you feel we should have it, I suggest we raise a bug to avoid holding up this PR, as we'd likely have to install it outside of the package manager to get it to work.

[RonEld]

The changes look good.
I just added a question I would like answered before I approve

[RonEld]

Isn't this dependant on #1778 to be merged first?

[mpg]

The code changes look good to me, however I'm having trouble testing it.

If I try to run all.sh in this branch, it fails as expected. So far so good. Then I created a temporary branch and merged #1778 into this one before trying again, only to run into a new error:

bignum.c: In function ‘mpi_mul_hlp’:
../include/mbedtls/bn_mul.h:46:13: error: ‘asm’ operand has impossible constraints
 #define asm __asm
             ^
../include/mbedtls/bn_mul.h:55:5: note: in expansion of macro ‘asm’
     asm(                                    \
     ^
bignum.c:1142:9: note: in expansion of macro ‘MULADDC_INIT’
         MULADDC_INIT
         ^

(This was on Ubuntu 16.04.) Does it work on your machine? Is there something I could be doing wrong?

[simonbutcher]

HI @mpg!

I have discovered that PR #1778 doesn't work for -O0, only -O1 upwards to -O3. Can you confirm that's your problem? #1778 will need rework, but it would be nice to confirm that you have the same problem.

cc: @Patater

[mpg]

Hi @sbutcher-arm! I can confirm that by adding -O1 to the make invocations for -m32 and -mx32 in all.sh, the tests now pass.

By the way, independently of the current issue with #1778 I think we should always use non-zero -O level because otherwise we're not taking full advantage of -Wall -Wextra -Werror. That is of course, unless the purpose of the test is specifically to make sure that a certain configuration builds with -O0.

[simonbutcher]

In my view, Mbed TLS should reasonably build with all settings of -O from 0 to 2 or whatever. I don't think it should fail inexplicably on -O0. The error message isn't self-explanatory at the moment, and it's not clear that that is the fault.

However, the fix in #1778 just gets working again the code that's been in there for years, that worked with the right compiler, so the fix is just meant to get it working again. It's a correction to the design, not a new design, which would be needed. Therefore I think we have two options:

• we document in the header that the assembly doesn't work with -O0, and we change all.sh to always use -O2, and we also create a bug to say that i386 doesn't work with -O0.

• or, @Patater's team rewrite the assembly to use fewer registers. (And a rewrite isn't going to be done by you or me).

This is @Patater's bug, so what do you think @Patater?

[Patater]

Let's avoid using assembly at -O0 for now. Users would want to use assembly for an optimized use case. However, this may limit the testing we do at -O0 as assembly isn't used there. Later, to regain that test coverage, we can consider rewriting to use fewer registers. I've raised #1831 to track the enhancement with minor priority.

[simonbutcher]

@mpg suggested over in #1778, that we can wrap the assembly with:

#if defined(__GNUC__) && defined(__OPTIMIZE__)
...inline assembly...
#endif

And if __OPTIMIZE__ isn't defined, meaning -O0 was passed or -O omitted, we can fallback to the C code which will compile everytime.

I think this is the best solution.

[simonbutcher]

PR #1831 has now been resubmitted with the fix @mpg suggested above.

@Patater / @mpg - Could you please re-review/re-test this PR?

[Patater]

Code LGTM

I didn't test it manually.

[mpg]

I think the test needs improvement. As it stands, it would no longer catch issues with the i386 assembly.

[mpg]

This builds with -O0, meaning we might not get full warnings, but more importantly we're not testing the assembly code. I think we want to have two builds and tests: one with -O0 and the other with -O1 (with comments explaining why we need the two).

[simonbutcher]

Have added an additional test as suggested.

Review is outdated by rework.

[simonbutcher]

@RonEld - Can you please review this again?

[RonEld]

LGTM

[simonbutcher]

retest