Enhance detection of buffer overflows by introducing variable for length of array/blob #9794
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: locked | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
schedule: | |
# nightly | |
- cron: '31 1 * * *' # 01:31 UTC, 02:31/03:31 Munich, 03:31/04:31 Tartu | |
# GitHub Actions load is high at minute 0, so avoid that | |
jobs: | |
regression: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
- macos-latest | |
ocaml-compiler: | |
- ocaml-variants.4.14.0+options,ocaml-option-flambda # matches opam lock file | |
# don't add any other because they won't be used | |
runs-on: ${{ matrix.os }} | |
env: | |
OCAMLRUNPARAM: b | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up OCaml ${{ matrix.ocaml-compiler }} | |
env: | |
# otherwise setup-ocaml pins non-locked dependencies | |
# https://github.com/ocaml/setup-ocaml/issues/166 | |
OPAMLOCKED: locked | |
uses: ocaml/setup-ocaml@v2 | |
with: | |
ocaml-compiler: ${{ matrix.ocaml-compiler }} | |
- name: Install dependencies | |
run: opam install . --deps-only --locked --with-test | |
- name: Build | |
run: ./make.sh nat | |
- name: Test regression | |
run: ./make.sh headers testci | |
- name: Test apron regression # skipped by default but CI has apron, so explicitly test group (which ignores skipping -- it's now a feature!) | |
run: | | |
ruby scripts/update_suite.rb group apron -s | |
ruby scripts/update_suite.rb group apron2 -s | |
- name: Test apron octagon regression # skipped by default but CI has apron, so explicitly test group (which ignores skipping -- it's now a feature!) | |
run: ruby scripts/update_suite.rb group octagon -s | |
- name: Test apron affeq regression # skipped by default but CI has apron, so explicitly test group (which ignores skipping -- it's now a feature!) | |
run: ruby scripts/update_suite.rb group affeq -s | |
- name: Test apron regression (Mukherjee et. al SAS '17 paper') # skipped by default but CI has apron, so explicitly test group (which ignores skipping -- it's now a feature!) | |
run: ruby scripts/update_suite.rb group apron-mukherjee -s | |
- name: Test apron termination regression # skipped by default but CI has apron, so explicitly test group (which ignores skipping -- it's now a feature!) | |
run: ruby scripts/update_suite.rb group termination -s | |
- name: Test regression cram | |
run: opam exec -- dune runtest tests/regression | |
- name: Test incremental cram | |
run: opam exec -- dune runtest tests/incremental | |
- name: Test unit | |
run: opam exec -- dune runtest unittest | |
- name: Test incremental regression | |
run: ruby scripts/update_suite.rb -i | |
- name: Test incremental regression with cfg comparison | |
run: ruby scripts/update_suite.rb -c | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: suite_result-${{ matrix.os }} | |
path: tests/suite_result/ | |
extraction: | |
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
ocaml-compiler: | |
- ocaml-variants.4.14.0+options,ocaml-option-flambda # matches opam lock file | |
# don't add any other because they won't be used | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up OCaml ${{ matrix.ocaml-compiler }} | |
env: | |
# otherwise setup-ocaml pins non-locked dependencies | |
# https://github.com/ocaml/setup-ocaml/issues/166 | |
OPAMLOCKED: locked | |
uses: ocaml/setup-ocaml@v2 | |
with: | |
ocaml-compiler: ${{ matrix.ocaml-compiler }} | |
- name: Install spin | |
run: sudo apt-get -y install spin | |
- name: Install dependencies | |
run: opam install . --deps-only --locked --with-test | |
- name: Build | |
run: ./make.sh nat | |
- name: Test extraction | |
run: opam exec -- dune runtest tests/extraction | |
gobview: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
ocaml-compiler: | |
- ocaml-variants.4.14.0+options,ocaml-option-flambda # matches opam lock file | |
# don't add any other because they won't be used | |
node-version: | |
- 14 | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up OCaml ${{ matrix.ocaml-compiler }} | |
env: | |
# otherwise setup-ocaml pins non-locked dependencies | |
# https://github.com/ocaml/setup-ocaml/issues/166 | |
OPAMLOCKED: locked | |
uses: ocaml/setup-ocaml@v2 | |
with: | |
ocaml-compiler: ${{ matrix.ocaml-compiler }} | |
- name: Set up Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Install dependencies | |
run: opam install . --deps-only --locked | |
- name: Setup Gobview | |
run: ./make.sh setup_gobview | |
- name: Build | |
run: ./make.sh nat | |
- name: Build Gobview | |
run: opam exec -- dune build gobview | |
- name: Install selenium | |
run: pip3 install selenium webdriver-manager | |
- name: Test Gobview | |
run: | | |
python3 scripts/test-gobview.py |