llvm: Fix validity predicate for memory reads with symbolic block numbers #2177
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: crux-llvm | |
on: | |
push: | |
tags: ["crux-v?[0-9]+.[0-9]+(.[0-9]+)?"] | |
branches: [master, "release-**"] | |
pull_request: | |
schedule: | |
- cron: "0 10 * * *" # 10am UTC -> 2/3am PST | |
workflow_dispatch: | |
# The CACHE_VERSION can be updated to force the use of a new cache if | |
# the current cache contents become corrupted/invalid. This can | |
# sometimes happen when (for example) the OS version is changed but | |
# older .so files are cached, which can have various effects | |
# (e.g. cabal complains it can't find a valid version of the "happy" | |
# tool). | |
# | |
# This also periodically happens on MacOS builds due to a tar bug | |
# (symptom: "No suitable image found ... unknown file type, first | |
# eight bytes: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00") | |
env: | |
CACHE_VERSION: 1 | |
jobs: | |
config: | |
runs-on: ubuntu-22.04 | |
outputs: | |
name: ${{ steps.config.outputs.name }} | |
crux-llvm-version: ${{ steps.config.outputs.crux-llvm-version }} | |
event-tag: ${{ steps.config.outputs.tag }} | |
event-schedule: ${{ steps.config.outputs.schedule }} | |
publish: ${{ steps.config.outputs.publish }} | |
release: ${{ steps.config.outputs.release }} | |
retention-days: ${{ steps.config.outputs.retention-days }} | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: config | |
id: config | |
env: | |
EVENT_TAG: ${{ startsWith(github.event.ref, 'refs/tags/') }} | |
EVENT_SCHEDULE: ${{ github.event_name == 'schedule' }} | |
EVENT_DISPATCH: ${{ github.event_name == 'workflow_dispatch' }} | |
RELEASE: ${{ startsWith(github.event.ref, 'refs/heads/release-crux-') }} | |
run: | | |
set -x | |
.github/ci.sh output name crux-llvm-$(.github/ci.sh crux_llvm_ver) | |
.github/ci.sh output crux-llvm-version $(.github/ci.sh crux_llvm_ver) | |
.github/ci.sh output tag $EVENT_TAG | |
.github/ci.sh output schedule $EVENT_SCHEDULE | |
.github/ci.sh output publish $({ $EVENT_TAG || $EVENT_SCHEDULE; } && echo true || echo false) | |
.github/ci.sh output release $([[ "refs/heads/release-crux-$(.github/ci.sh crux_llvm_ver)" == "${{ github.event.ref }}" ]] && echo true || echo false) | |
.github/ci.sh output retention-days $($RELEASE && echo 90 || echo 5) | |
build: | |
runs-on: ${{ matrix.os }} | |
needs: [config] | |
env: | |
CI_TEST_LEVEL: "1" | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-22.04] | |
cabal: ["3.10.3.0"] | |
ghc: ["9.4.8", "9.6.5", "9.8.2"] | |
include: | |
- os: ubuntu-20.04 | |
cabal: 3.10.3.0 | |
ghc: 9.4.8 | |
- os: macos-14 | |
cabal: 3.10.3.0 | |
ghc: 9.4.8 | |
- os: windows-2019 | |
cabal: 3.10.3.0 | |
ghc: 9.4.8 | |
name: crux-llvm - GHC v${{ matrix.ghc }} - ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
submodules: true | |
- uses: haskell-actions/setup@v2 | |
id: setup-haskell | |
with: | |
ghc-version: ${{ matrix.ghc }} | |
cabal-version: ${{ matrix.cabal }} | |
- name: Post-GHC installation fixups on Windows | |
shell: bash | |
if: runner.os == 'Windows' | |
run: | | |
# A workaround for https://github.com/Mistuke/CabalChoco/issues/5 | |
cabal user-config update -a "extra-include-dirs: \"\"" | |
cabal user-config update -a "extra-lib-dirs: \"\"" | |
- name: Install Nix | |
if: runner.os == 'Linux' | |
uses: cachix/install-nix-action@v16 | |
with: | |
nix_path: nixpkgs=channel:21.11 | |
install_url: https://releases.nixos.org/nix/nix-2.10.3/install | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/cache/restore@v3 | |
name: Restore cabal store cache | |
with: | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-newstyle | |
key: ${{ env.CACHE_VERSION }}-cabal-${{ matrix.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }} | |
restore-keys: | | |
${{ env.CACHE_VERSION }}-cabal-${{ matrix.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}- | |
- shell: bash | |
run: .github/ci.sh install_system_deps | |
env: | |
SOLVER_PKG_VERSION: "snapshot-20240212" | |
BUILD_TARGET_OS: ${{ matrix.os }} | |
BUILD_TARGET_ARCH: ${{ runner.arch }} | |
- name: Setup Environment Vars | |
if: runner.os == 'Linux' | |
run: | | |
GHC=haskell.compiler.ghc$(echo ${{ matrix.ghc }} | sed -e s,\\.,,g) | |
case ${{ matrix.ghc }} in | |
9.4.8) GHC_NIXPKGS=github:nixos/nixpkgs/nixos-24.05 ;; | |
9.6.5) GHC_NIXPKGS=github:nixos/nixpkgs/nixos-24.05 ;; | |
9.8.2) GHC_NIXPKGS=github:nixos/nixpkgs/nixos-24.05 ;; | |
*) GHC_NIXPKGS=github:nixos/nixpkgs/21.11 ;; | |
esac | |
echo NS="nix shell ${GHC_NIXPKGS}#cabal-install ${GHC_NIXPKGS}#${GHC} nixpkgs#gmp nixpkgs#zlib nixpkgs#zlib.dev" >> $GITHUB_ENV | |
- name: Package's Cabal/GHC compatibility | |
shell: bash | |
if: runner.os == 'Linux' | |
# Using setup will use the cabal library installed with GHC | |
# instead of the cabal library of the Cabal-install tool to | |
# verify the cabal file is compatible with the associated | |
# GHC cabal library version. Cannot run configure or build, | |
# because dependencies aren't present, but a clean is | |
# sufficient to cause parsing/validation of the cabal file. | |
run: | | |
defsetup() { echo import Distribution.Simple; echo main = defaultMain; } | |
setup_src() { if [ ! -f Setup.hs ] ; then defsetup > DefSetup.hs; fi; ls *Setup.hs; } | |
setup_bin() { echo setup.${{ matrix.ghc }}; } | |
with_ghc() { $NS -c ${@}; } | |
(cd crucible; with_ghc ghc -o $(setup_bin) $(setup_src) && ./$(setup_bin) clean) | |
(cd crucible-cli; with_ghc ghc -o $(setup_bin) $(setup_src) && ./$(setup_bin) clean) | |
(cd crucible-llvm; with_ghc ghc -o $(setup_bin) $(setup_src) && ./$(setup_bin) clean) | |
(cd crucible-llvm-cli; with_ghc ghc -o $(setup_bin) $(setup_src) && ./$(setup_bin) clean) | |
(cd crucible-llvm-syntax; with_ghc ghc -o $(setup_bin) $(setup_src) && ./$(setup_bin) clean) | |
(cd crux; with_ghc ghc -o $(setup_bin) $(setup_src) && ./$(setup_bin) clean) | |
(cd crux-llvm; with_ghc ghc -o $(setup_bin) $(setup_src) && ./$(setup_bin) clean) | |
(cd uc-crux-llvm; with_ghc ghc -o $(setup_bin) $(setup_src) && ./$(setup_bin) clean) | |
- shell: bash | |
run: .github/ci.sh configure | |
- name: Generate source distributions | |
shell: bash | |
run: cabal sdist crucible-symio crucible-llvm crucible-llvm-syntax crux-llvm uc-crux-llvm crucible-cli crucible-llvm-cli | |
- shell: bash | |
run: | | |
.github/ci.sh build exe:crucible | |
.github/ci.sh build lib:crucible-llvm-syntax | |
.github/ci.sh build exe:crucible-llvm | |
.github/ci.sh build exe:crux-llvm | |
.github/ci.sh build exe:crux-llvm-for-ide | |
.github/ci.sh build exe:crux-llvm-svcomp | |
.github/ci.sh build exe:uc-crux-llvm | |
- shell: bash | |
name: Haddock | |
run: cabal v2-haddock crucible-symio crucible-llvm{,-syntax} crux-llvm uc-crux-llvm | |
- shell: bash | |
name: Test crucible | |
run: .github/ci.sh test crucible | |
- shell: bash | |
name: Test crucible-cli | |
run: .github/ci.sh test crucible-cli | |
- shell: bash | |
name: Test crucible-symio | |
run: cabal test pkg:crucible-symio | |
if: runner.os == 'Linux' | |
- shell: bash | |
name: Test crucible-llvm | |
run: .github/ci.sh test crucible-llvm | |
if: runner.os == 'Linux' || runner.os == 'macOS' | |
- shell: bash | |
name: Test crucible-llvm-syntax | |
run: .github/ci.sh test crucible-llvm-syntax | |
if: runner.os == 'Linux' | |
- shell: bash | |
name: Test crucible-llvm-cli | |
run: .github/ci.sh test crucible-llvm-cli | |
if: runner.os == 'Linux' | |
- shell: bash | |
name: Test crux-llvm | |
run: .github/ci.sh test crux-llvm | |
if: runner.os == 'Linux' || runner.os == 'macOS' | |
- shell: bash | |
name: Test uc-crux-llvm (Linux) | |
run: .github/ci.sh test uc-crux-llvm | |
if: matrix.os == 'ubuntu-22.04' | |
- name: Create binary artifact | |
shell: bash | |
run: | | |
NAME="crux-llvm-${{ needs.config.outputs.crux-llvm-version }}-${{ matrix.os }}-${{ runner.arch }}" | |
echo "NAME=$NAME" >> $GITHUB_ENV | |
.github/ci.sh bundle_crux_llvm_files | |
if: github.repository == 'GaloisInc/crucible' | |
env: | |
OS_TAG: ${{ matrix.os }} | |
ARCH_TAG: ${{ runner.arch }} | |
VERSION: ${{ needs.config.outputs.crux-llvm-version }} | |
- name: Sign binary artifact | |
# The SIGNING_PASSPHRASE and SIGNING_KEY secrets are only available on | |
# jobs run from the main repo, and as a result, they won't work when | |
# run from a fork. Signing binaries isn't essential to the rest of the | |
# workflow, so it is safe to skip this step on forks. | |
if: github.event.pull_request.head.repo.fork == false | |
shell: bash | |
env: | |
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} | |
SIGNING_KEY: ${{ secrets.SIGNING_KEY }} | |
run: | | |
.github/ci.sh sign "${NAME}.tar.gz" | |
- uses: actions/upload-artifact@v2 | |
if: github.repository == 'GaloisInc/crucible' | |
with: | |
path: crux-llvm-*.tar.gz* | |
name: crux-llvm-${{ matrix.os }}-${{ matrix.ghc }} | |
- uses: actions/cache/save@v3 | |
name: Save cabal store cache | |
if: always() | |
with: | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-newstyle | |
key: ${{ env.CACHE_VERSION }}-cabal-${{ matrix.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }} | |
build-push-image: | |
runs-on: ubuntu-22.04 | |
needs: [config] | |
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || needs.config.outputs.release == 'true' | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- file: .github/Dockerfile-crux-llvm | |
image: ghcr.io/galoisinc/crux-llvm | |
cache: ghcr.io/galoisinc/cache-crux-llvm | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
submodules: true | |
- uses: rlespinasse/[email protected] | |
- id: common-tag | |
run: | | |
echo "::set-output name=common-tag::$GITHUB_REF_SLUG" | |
echo "COMMON_TAG=$GITHUB_REF_SLUG" >> $GITHUB_ENV | |
- uses: docker/setup-buildx-action@v1 | |
- uses: crazy-max/ghaction-docker-meta@v1 | |
name: Labels | |
id: labels | |
with: | |
images: ${{ matrix.image }} | |
- uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: docker/build-push-action@v2 | |
with: | |
context: . | |
tags: ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }} | |
labels: ${{ steps.labels.outputs.labels }} | |
load: true | |
push: false | |
file: ${{ matrix.file }} | |
build-args: ${{ matrix.build-args }} | |
cache-from: | | |
type=registry,ref=${{ matrix.cache }}:${{ steps.prefix.outputs.prefix }}master | |
type=registry,ref=${{ matrix.cache }}:${{ steps.common-tag.outputs.common-tag }} | |
- name: Cache image build | |
uses: docker/build-push-action@v2 | |
continue-on-error: true # Tolerate cache upload failures - this should be handled better | |
with: | |
context: . | |
file: ${{ matrix.file }} | |
build-args: ${{ matrix.build-args }} | |
cache-to: type=registry,ref=${{ matrix.cache }}:${{ steps.common-tag.outputs.common-tag }},mode=max | |
- if: needs.config.outputs.event-schedule == 'true' | |
name: ${{ matrix.image }}:nightly | |
run: | | |
docker tag ${{ matrix.image }}:$COMMON_TAG ${{ matrix.image }}:nightly | |
docker push ${{ matrix.image }}:nightly | |
- if: needs.config.outputs.release == 'true' | |
name: ${{ matrix.image }}:${{ needs.config.outputs.crux-llvm-version }} | |
run: | | |
docker tag ${{ matrix.image }}:$COMMON_TAG ${{ matrix.image }}:${{ needs.config.outputs.crux-llvm-version }} | |
docker push ${{ matrix.image }}:${{ needs.config.outputs.crux-llvm-version }} | |
docker tag ${{ matrix.image }}:$COMMON_TAG ${{ matrix.image }}:latest | |
docker push ${{ matrix.image }}:latest |