Skip to content

arithmetic/limb: Clarify memory safety of limbs_reduce_once_constant_time. #4560

arithmetic/limb: Clarify memory safety of limbs_reduce_once_constant_time.

arithmetic/limb: Clarify memory safety of limbs_reduce_once_constant_time. #4560

Workflow file for this run

name: ci
permissions:
contents: read
on:
pull_request:
push:
jobs:
rustfmt:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- run: rustup --version
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: cargo fmt --all -- --check
clippy:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- run: rustup --version
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: mk/clippy.sh
audit:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- run: rustup --version
- uses: briansmith/actions-cache@v3
with:
path: |
~/.cargo/bin/cargo-audit
~/.cargo/.crates.toml
~/.cargo/.crates2.json
key: ${{ runner.os }}-v2-cargo-audit-locked-0.20.1
- run: cargo install cargo-audit --locked --vers "0.20.1"
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: cargo generate-lockfile
- run: cargo audit --deny warnings
cargo-semver-checks:
runs-on: ubuntu-22.04
steps:
- run: rustup --version
- uses: briansmith/actions-cache@v3
with:
path: |
~/.cargo/bin/cargo-semver-checks
~/.cargo/.crates.toml
~/.cargo/.crates2.json
key: ${{ runner.os }}-v2-cargo-semver-checks-0.37.0
- run: cargo install cargo-semver-checks --locked --vers "0.37.0"
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: cargo semver-checks
deny:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- run: rustup --version
- uses: briansmith/actions-cache@v3
with:
path: |
~/.cargo/bin/cargo-deny
~/.cargo/.crates.toml
~/.cargo/.crates2.json
key: ${{ runner.os }}-v2-cargo-deny-locked-0.16.1
- run: cargo install cargo-deny --locked --vers "0.16.1"
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: cargo deny check
# Verify that documentation builds.
rustdoc:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- run: rustup --version
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: |
cargo doc --all-features
package:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: windows-latest
steps:
- run: rustup --version
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: ./mk/install-build-tools.ps1
- run: echo "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\Llvm\x64\bin" >> $GITHUB_PATH
shell: bash
- run: sh mk/package.sh
shell: bash
# Intentionally excludes benchmarks for build performance reasons.
test:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ${{ matrix.host_os }}
env:
CC_ENABLE_DEBUG_OUTPUT: 1
strategy:
matrix:
# XXX: See `test-features` below.
features:
- # Default
target:
- aarch64-apple-darwin
- aarch64-apple-ios
# - aarch64-apple-tvos Tier 3; handled below
# - aarch64-apple-visionos Tier 3; handled below
# - aarch64-apple-watchos Tier 3; handled below
- aarch64-linux-android
- aarch64-pc-windows-msvc
- aarch64-unknown-linux-gnu
- aarch64-unknown-linux-musl
- arm-unknown-linux-gnueabi
- armv7-linux-androideabi
- armv7-unknown-linux-musleabihf
- i686-pc-windows-msvc
- i686-unknown-linux-gnu
- i686-unknown-linux-musl
- riscv64gc-unknown-linux-gnu
- wasm32-wasi
- wasm32-wasip1
- wasm32-wasip2
- x86_64-pc-windows-gnu
- x86_64-pc-windows-msvc
- x86_64-apple-darwin
- x86_64-unknown-linux-musl
- x86_64-unknown-linux-gnu
mode:
- # debug
- --release
rust_channel:
- stable
# Keep in sync with Cargo.toml and similar `rust_channel` sections.
- 1.63.0 # MSRV
# TODO: Move these to a daily/pre-release job.
# - nightly
# - beta
exclude:
# Not available anymore.
- target: wasm32-wasi
rust_channel: stable
# Not available.
- target: wasm32-wasip1
rust_channel: 1.63.0
# Not available.
- target: wasm32-wasip2
rust_channel: 1.63.0
include:
- target: aarch64-apple-darwin
host_os: macos-14
- target: aarch64-apple-ios
host_os: macos-14
# TODO: Run in the emulator.
cargo_options: --no-run
- target: aarch64-apple-tvos
host_os: macos-14
rust_channel: nightly
mode: --release
# TODO: Run in the emulator.
cargo_options: --no-run -Z build-std
- target: aarch64-apple-visionos
host_os: macos-14
rust_channel: nightly
mode: --release
xcode_version: 15.2
# TODO: Run in the emulator.
cargo_options: --no-run -Z build-std
- target: aarch64-apple-watchos
host_os: macos-14
rust_channel: nightly
mode: --release
# TODO: Run in the emulator.
cargo_options: --no-run -Z build-std
- target: aarch64-linux-android
host_os: ubuntu-22.04
# TODO: https://github.com/briansmith/ring/issues/486
cargo_options: --no-run
- target: aarch64-pc-windows-msvc
host_os: windows-latest
# GitHub Actions doesn't have a way to run this target yet.
cargo_options: --no-run
- target: aarch64-unknown-linux-gnu
host_os: ubuntu-22.04
- target: aarch64-unknown-linux-musl
host_os: ubuntu-22.04
- target: arm-unknown-linux-gnueabi
host_os: ubuntu-22.04
- target: armv7-linux-androideabi
host_os: ubuntu-22.04
# TODO: https://github.com/briansmith/ring/issues/838
cargo_options: --no-run
- target: armv7-unknown-linux-musleabihf
host_os: ubuntu-22.04
- target: i686-pc-windows-msvc
host_os: windows-latest
- target: i686-unknown-linux-gnu
host_os: ubuntu-22.04
- target: i686-unknown-linux-musl
host_os: ubuntu-22.04
- target: mips-unknown-linux-gnu
mode: --release
rust_channel: 1.71.0 # No prebuilt toolchain for later versions.
host_os: ubuntu-22.04
- target: mips64el-unknown-linux-gnuabi64
mode: --release
rust_channel: 1.71.0 # No prebuilt toolchain for later versions.
host_os: ubuntu-22.04
- target: mipsel-unknown-linux-gnu
mode: --release
rust_channel: 1.71.0 # No prebuilt toolchain for later versions.
host_os: ubuntu-22.04
- target: powerpc-unknown-linux-gnu
mode: --release
rust_channel: stable
host_os: ubuntu-22.04
- target: powerpc64-unknown-linux-gnu
mode: --release
rust_channel: stable
host_os: ubuntu-22.04
- target: powerpc64le-unknown-linux-gnu
mode: --release
rust_channel: stable
host_os: ubuntu-22.04
- target: riscv64gc-unknown-linux-gnu
host_os: ubuntu-22.04
- target: s390x-unknown-linux-gnu
mode: --release
rust_channel: stable
host_os: ubuntu-22.04
- target: wasm32-wasi
host_os: ubuntu-22.04
- target: wasm32-wasip1
host_os: ubuntu-22.04
- target: wasm32-wasip2
host_os: ubuntu-22.04
- target: x86_64-pc-windows-gnu
host_os: windows-latest
- target: x86_64-pc-windows-msvc
host_os: windows-latest
- target: x86_64-apple-darwin
host_os: macos-13
- target: x86_64-unknown-linux-musl
host_os: ubuntu-22.04
- target: x86_64-unknown-linux-gnu
host_os: ubuntu-22.04
steps:
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: mk/install-build-tools.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
shell: sh
- if: ${{ contains(matrix.host_os, 'windows') }}
run: ./mk/install-build-tools.ps1
- if: ${{ matrix.target == 'aarch64-pc-windows-msvc' }}
run: |
echo "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\Llvm\x64\bin" >> $GITHUB_PATH
shell: bash
- if: ${{ matrix.xcode_version != '' }}
run: sudo xcode-select -s /Applications/Xcode_${{ matrix.xcode_version }}.app
- if: ${{ !contains(matrix.host_os, 'windows') }}
run: |
mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
- if: ${{ contains(matrix.host_os, 'windows') }}
run: |
cargo +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
# Check that all the needed symbol renaming was done.
# TODO: Do this check on Windows too.
- if: ${{ (matrix.target != 'aarch64-apple-ios' || matrix.rust_channel != '1.63.0') &&
!contains(matrix.host_os, 'windows') }}
run: rustup toolchain install --component=llvm-tools-preview ${{ matrix.rust_channel }}
- if: ${{ (matrix.target != 'aarch64-apple-ios' || matrix.rust_channel != '1.63.0') &&
!contains(matrix.host_os, 'windows') }}
run: mk/check-symbol-prefixes.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
test-bench:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: mk/install-build-tools.sh +stable --target=x86_64-unknown-linux-gnu
shell: sh
- run: rustup --version
- run: cargo test -p ring-bench --all-features --all-targets
test-doc:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
strategy:
matrix:
rust_channel:
- stable
- nightly
steps:
- run: sudo apt-get update -y
- run: rustup toolchain add --profile=minimal ${{ matrix.rust_channel }}
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: |
cargo +${{ matrix.rust_channel }} test -vv --doc --all-features
# XXX: GitHub Actions won't let us test all the combinations of features in
# the "test" matrix because the resultant matrix would be larger than the
# maximum they allow.
test-features:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ${{ matrix.host_os }}
env:
CC_ENABLE_DEBUG_OUTPUT: 1
strategy:
matrix:
features:
- --no-default-features
- --features=std,slow_tests
target:
- aarch64-unknown-linux-musl
- i686-pc-windows-msvc
- x86_64-unknown-linux-gnu
mode:
- --release
rust_channel:
- stable
- nightly
# Keep in sync with Cargo.toml and similar `rust_channel` sections.
- 1.63.0 # MSRV
include:
- target: aarch64-unknown-linux-musl
host_os: ubuntu-22.04
- target: i686-pc-windows-msvc
host_os: windows-latest
- target: x86_64-unknown-linux-gnu
host_os: ubuntu-22.04
steps:
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: mk/install-build-tools.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
shell: sh
- if: ${{ contains(matrix.host_os, 'windows') }}
run: ./mk/install-build-tools.ps1
- if: ${{ matrix.target == 'aarch64-pc-windows-msvc' }}
run: |
echo "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Tools\Llvm\x64\bin" >> $GITHUB_PATH
shell: bash
- if: ${{ !contains(matrix.host_os, 'windows') }}
run: |
mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
- if: ${{ contains(matrix.host_os, 'windows') }}
run: |
cargo +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
# --all-targets doesn't run doctests: https://github.com/rust-lang/cargo/issues/6669
# Run doctests only on x86_64 to avoid cross-compilation hassles with `--no-run`.
- if: ${{ !contains(matrix.host_os, 'windows') && contains(matrix.target, 'x86_64') }}
run: |
mk/cargo.sh +${{ matrix.rust_channel }} test -vv --doc --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
# Check that all the needed symbol renaming was done.
# TODO: Do this check on Windows too.
- if: ${{ (matrix.target != 'aarch64-apple-ios' || matrix.rust_channel != '1.63.0') &&
!contains(matrix.host_os, 'windows') }}
run: rustup toolchain install --component=llvm-tools-preview ${{ matrix.rust_channel }}
- if: ${{ (matrix.target != 'aarch64-apple-ios' || matrix.rust_channel != '1.63.0') &&
!contains(matrix.host_os, 'windows') }}
run: mk/check-symbol-prefixes.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
# The wasm32-unknown-unknown targets have a different set of feature sets and
# an additional `webdriver` dimension.
test-wasm32-browser:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ${{ matrix.host_os }}
env:
CC_ENABLE_DEBUG_OUTPUT: 1
strategy:
matrix:
features:
- --features=wasm32_unknown_unknown_js
- --no-default-features --features=wasm32_unknown_unknown_js
host_os:
- ubuntu-22.04
mode:
- # debug
- --release
rust_channel:
- stable
- beta
- nightly
target:
- wasm32-unknown-unknown
webdriver:
# TODO: Firefox is not in Ubuntu 22.04 images according to
# https://github.com/actions/runner-images/issues/5490 and our
# testing.
# - GECKODRIVER=$GECKOWEBDRIVER/geckodriver
- CHROMEDRIVER=$CHROMEWEBDRIVER/chromedriver
steps:
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: mk/install-build-tools.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
shell: sh
- if: ${{ contains(matrix.host_os, 'windows') }}
run: ./mk/install-build-tools.ps1
- run: cargo +${{ matrix.rust_channel }} generate-lockfile
- run: |
${{ matrix.webdriver }} mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }}
# Check that all the needed symbol renaming was done.
# TODO: Do this check on Windows too.
- run: rustup toolchain install --component=llvm-tools-preview ${{ matrix.rust_channel }}
- run: mk/check-symbol-prefixes.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
coverage:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ${{ matrix.host_os }}
env:
CC_ENABLE_DEBUG_OUTPUT: 1
strategy:
fail-fast: false
matrix:
features:
# Enable all the library features so we can measure all the coverage.
# Don't enable `slow_tests` and other (test suite) features that are
# unuseful, or even counterproductive, for coverage testing.
# `slow_tests` is slow and it is running code that is already intended
# to be covered without it being enabled.
- --features=std
# TODO: targets
target:
- aarch64-apple-darwin # Has assembly
- aarch64-unknown-linux-gnu # Has assembly
- arm-unknown-linux-gnueabi # Has assembly
- armv7-unknown-linux-gnueabihf # Has assembly
# - i686-unknown-linux-gnu # Has assembly; handled specially below.
- powerpc-unknown-linux-gnu # No assembly 32-bit big-endian with flags
- powerpc64-unknown-linux-gnu # No assembly 64-bit big-endian with flags
- powerpc64le-unknown-linux-gnu # No assembly 64-bit little-endian with flags
- riscv64gc-unknown-linux-gnu # No assembly 64-bit little-endian without flags
- s390x-unknown-linux-gnu # No assembly 64-bit big-endian
- x86_64-apple-darwin # Has assembly
- x86_64-unknown-linux-musl # Has assembly
mode:
- # debug
# Coverage collection is Nightly-only
rust_channel:
- nightly
# TODO: targets
include:
# First because it is slowest; we hope being first will nudge it to
# start sooner.
- target: s390x-unknown-linux-gnu
host_os: ubuntu-24.04
- target: aarch64-apple-darwin
host_os: macos-14
# TODO: Use the -musl target after
# https://github.com/rust-lang/rust/issues/79556 and
# https://github.com/rust-lang/rust/issues/79555 are fixed.
- target: aarch64-unknown-linux-gnu
host_os: ubuntu-24.04
- features: --features=unstable-testing-arm-no-hw,std
target: aarch64-unknown-linux-gnu
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: arm-unknown-linux-gnueabi
host_os: ubuntu-24.04
- target: armv7-unknown-linux-gnueabihf
host_os: ubuntu-24.04
- features: --features=unstable-testing-arm-no-neon,std
target: armv7-unknown-linux-gnueabihf
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
# TODO: Use the -musl target after
# https://github.com/rust-lang/rust/issues/79556 and
# https://github.com/rust-lang/rust/issues/79555 are fixed.
- target: i686-unknown-linux-gnu
cpu_model: # default
features: --features=std
mode: # debug
rust_channel: nightly
host_os: ubuntu-24.04
- target: powerpc-unknown-linux-gnu
host_os: ubuntu-24.04
- target: powerpc64-unknown-linux-gnu
host_os: ubuntu-24.04
- target: powerpc64le-unknown-linux-gnu
host_os: ubuntu-24.04
- target: riscv64gc-unknown-linux-gnu
host_os: ubuntu-24.04
- target: x86_64-apple-darwin
host_os: macos-13
- target: i686-unknown-linux-gnu
cpu_model: Conroe-v1
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: x86_64-unknown-linux-gnu
cpu_model: Conroe-v1
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: i686-unknown-linux-gnu
cpu_model: Denverton-v2
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: x86_64-unknown-linux-gnu
cpu_model: Denverton-v2
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: i686-unknown-linux-gnu
cpu_model: Haswell
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: x86_64-unknown-linux-gnu
cpu_model: Haswell
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: i686-unknown-linux-gnu
cpu_model: Nehalem
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: x86_64-unknown-linux-gnu
cpu_model: Nehalem
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: i686-unknown-linux-gnu
cpu_model: SandyBridge
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: x86_64-unknown-linux-gnu
cpu_model: SandyBridge
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: i686-unknown-linux-gnu
cpu_model: Westmere
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: x86_64-unknown-linux-gnu
cpu_model: Westmere
features: --features=std
mode: --release
rust_channel: nightly
host_os: ubuntu-24.04
- target: x86_64-unknown-linux-musl
host_os: ubuntu-24.04
steps:
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v4
with:
persist-credentials: false
- run: RING_CPU_MODEL=${{ matrix.cpu_model }} RING_COVERAGE=1 mk/install-build-tools.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
shell: sh
- if: ${{ contains(matrix.host_os, 'windows') }}
run: ./mk/install-build-tools.ps1
- if: ${{ !contains(matrix.host_os, 'windows') }}
run: |
RING_CPU_MODEL=${{ matrix.cpu_model }} RING_COVERAGE=1 mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
- uses: briansmith/codecov-codecov-action@v4
with:
directory: ./target/${{ matrix.target }}/debug/coverage/reports
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true