From cc893dfc11980799d3722c3a1b8a47a7c58ee7a8 Mon Sep 17 00:00:00 2001 From: "Markus F.X.J. Oberhumer" Date: Sun, 22 Jan 2023 22:07:35 +0100 Subject: [PATCH] CI: add zigcc and scan-build --- .github/workflows/ci.yml | 90 +++++++++++++++++++++++- .github/workflows/close-stale-issues.yml | 2 +- .github/workflows/codeql-analysis.yml | 28 ++++---- .github/workflows/minimal-ci.yml | 4 +- .github/workflows/nopr.yml | 2 +- .github/workflows/scan-build.yml | 22 ++++++ CMakeLists.txt | 4 +- src/check/dt_check.cpp | 2 + 8 files changed, 132 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/scan-build.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 40b461e2..bc3a4e7b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -226,7 +226,7 @@ jobs: job-windows-toolchains: needs: [ job-rebuild-and-verify-stubs ] - name: ${{ matrix.name }} + name: ${{ format('windows {0}', matrix.name) }} runs-on: ${{ matrix.os }} env: C: ${{ matrix.C }} @@ -289,7 +289,7 @@ jobs: - name: 'Make artifact' shell: bash run: | - N=upx-${GITHUB_REF_NAME}-${GITHUB_SHA:0:7}-${{ matrix.name }} + N=upx-${GITHUB_REF_NAME}-${GITHUB_SHA:0:7}-windows-${{ matrix.name }} mkdir -p "tmp/artifact/$N/$B" cp -ai build/$C/$B/upx/upx*.exe "tmp/artifact/$N/$B" # GitHub Actions magic: set "artifact_name" environment value for use in next step @@ -320,4 +320,90 @@ jobs: testsuite_1=$(readlink -en ./.github/travis_testsuite_1.sh) env -C build/$C/$B/upx upx_exe=./upx.exe bash "$testsuite_1" + job-linux-zigcc: + if: ${{ true }} + needs: [ job-rebuild-and-verify-stubs ] + name: ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - { zig_target: aarch64-macos.11-none } + - { zig_target: aarch64-macos.12-none } + - { zig_target: aarch64-macos.13-none } + - { zig_target: aarch64-windows-gnu } + - { zig_target: i386-windows-gnu } + - { zig_target: x86_64-linux-musl } + - { zig_target: x86_64-linux-musl, zig_pic: -fPIE } + - { zig_target: x86_64-macos.11-none } + - { zig_target: x86_64-macos.12-none } + - { zig_target: x86_64-macos.13-none } + - { zig_target: x86_64-windows-gnu } + env: + # 2023-01-22 + ZIG_DIST_VERSION: 0.11.0-dev.1413+a51c76541 + # for zig-cc wrapper scripts (see below): + ZIG_CPPFLAGS: -DUPX_DOCTEST_CONFIG_MULTITHREADING + ZIG_FLAGS: ${{ matrix.zig_flags }} + ZIG_PIC: ${{ matrix.zig_pic }} + ZIG_TARGET: ${{ matrix.zig_target }} + steps: + - name: 'Check out code' + uses: actions/checkout@v3 + with: { submodules: true } + - name: ${{ format('Install Zig {0}', env.ZIG_DIST_VERSION) }} + run: | + # GitHub Actions magic: set "UPX_GITREV_SHORT" environment value for use in steps below + rev=$(git rev-parse --short=7 HEAD) + echo "UPX_GITREV_SHORT=$rev" >> $GITHUB_ENV + # update ZIG_TARGET (i386 => x86) + ZIG_TARGET=${ZIG_TARGET/i386-/x86-} + echo "ZIG_TARGET=$ZIG_TARGET" >> $GITHUB_ENV + # install zig; note that ~/.local/bin is included in the default $PATH on Ubuntu + mkdir -p -v ~/.local/bin + cd ~/.local/bin + ZIG_DIST_NAME=zig-linux-x86_64-${ZIG_DIST_VERSION} + wget -q 'https://ziglang.org/builds/'${ZIG_DIST_NAME}.tar.xz + ls -l ${ZIG_DIST_NAME}.tar.xz + tar -xoJf ${ZIG_DIST_NAME}.tar.xz + rm ${ZIG_DIST_NAME}.tar.xz + ln -s -v ${ZIG_DIST_NAME}/zig zig + #echo "PATH=$PATH" && which zig + echo -n 'zig version: '; zig version + # create wrapper scripts (needed for CMake) + echo -e '#!/bin/sh\nexec zig ar "$@"' > zig-ar + echo -e '#!/bin/sh\nexec zig cc -target $ZIG_TARGET $ZIG_PIC $ZIG_FLAGS $ZIG_CPPFLAGS $ZIG_CFLAGS "$@"' > zig-cc + echo -e '#!/bin/sh\nexec zig c++ -target $ZIG_TARGET $ZIG_PIC $ZIG_FLAGS $ZIG_CPPFLAGS $ZIG_CXXFLAGS "$@"' > zig-cxx + echo -e '#!/bin/sh\nexec zig ranlib "$@"' > zig-ranlib + chmod +x zig-ar zig-cc zig-cxx zig-ranlib + ls -la; head zig-ar zig-cc zig-cxx zig-ranlib + - name: ${{ format('Build Release with zig-cc -target {0} {1}', env.ZIG_TARGET, env.ZIG_PIC) }} + run: | + mkdir -p build/zig/${ZIG_TARGET}${ZIG_PIC}/release + cd build/zig/${ZIG_TARGET}${ZIG_PIC}/release + cmake ../../../.. -DCMAKE_BUILD_TYPE=Release -DCMAKE_AR=$HOME/.local/bin/zig-ar -DCMAKE_C_COMPILER=zig-cc -DCMAKE_CXX_COMPILER=zig-cxx -DCMAKE_RANLIB=$HOME/.local/bin/zig-ranlib $EXTRA_CMAKE_CONFIG_FLAGS_RELEASE + cmake --build . --config Release --parallel --verbose + file ./upx* + - name: ${{ format('Build Debug with zig-cc -target {0} {1}', env.ZIG_TARGET, env.ZIG_PIC) }} + run: | + mkdir -p build/zig/${ZIG_TARGET}${ZIG_PIC}/debug + cd build/zig/${ZIG_TARGET}${ZIG_PIC}/debug + cmake ../../../.. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_AR=$HOME/.local/bin/zig-ar -DCMAKE_C_COMPILER=zig-cc -DCMAKE_CXX_COMPILER=zig-cxx -DCMAKE_RANLIB=$HOME/.local/bin/zig-ranlib $EXTRA_CMAKE_CONFIG_FLAGS_DEBUG + cmake --build . --config Debug --parallel --verbose + file ./upx* + - name: ${{ format('Make artifact from upx-{0}-{1}', env.GITHUB_REF_NAME, env.UPX_GITREV_SHORT) }} + run: | + N=upx-${GITHUB_REF_NAME}-${GITHUB_SHA:0:7}-zigcc-${{ matrix.zig_target }}${ZIG_PIC} + mkdir -p "tmp/artifact/$N" + (cd build && shopt -s nullglob && cp -ai --parents */upx* zig/*/*/upx* "../tmp/artifact/$N") + (cd tmp/artifact && tar --sort=name -czf "$N.tar.gz" "$N" && rm -rf "./$N") + # GitHub Actions magic: set "artifact_name" environment value for use in next step + echo "artifact_name=$N" >> $GITHUB_ENV + - name: ${{ format('Upload artifact {0}', env.artifact_name) }} + uses: actions/upload-artifact@v3 + with: + name: ${{ env.artifact_name }} + path: tmp/artifact + # vim:set ts=2 sw=2 et: diff --git a/.github/workflows/close-stale-issues.yml b/.github/workflows/close-stale-issues.yml index 352fcbd7..1cdb44f5 100644 --- a/.github/workflows/close-stale-issues.yml +++ b/.github/workflows/close-stale-issues.yml @@ -10,7 +10,7 @@ # Abandoned Issues and Pull Request". # https://igorwiese.com/images/papers/Paper_BotSE_19.pdf -name: 'Close inactive issues' +name: 'GitHub - Close inactive issues' on: schedule: - cron: "30 6 * * 4" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4658678b..580ed0c1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,11 +1,11 @@ -name: "CodeQL" +name: 'Static Analyzer - CodeQL' on: # push: -# branches: [ "devel", "devel4", "devel5", "master" ] +# branches: [ 'devel', 'devel4', 'devel5', 'master' ] # pull_request: # # The branches below must be a subset of the branches above -# branches: [ "devel", "devel4", "devel5" ] +# branches: [ 'devel', 'devel4', 'devel5' ] schedule: - cron: '20 1 * * 3' workflow_dispatch: @@ -25,14 +25,14 @@ jobs: language: [ 'cpp' ] steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: { submodules: true } - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + - name: Checkout repository + uses: actions/checkout@v3 + with: { submodules: true } + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/minimal-ci.yml b/.github/workflows/minimal-ci.yml index 5d65f29f..7e1855a2 100644 --- a/.github/workflows/minimal-ci.yml +++ b/.github/workflows/minimal-ci.yml @@ -1,6 +1,6 @@ # minimal GitHub CI building UPX with clang and gcc in an Alpine Linux container -name: 'Minimal CI with Alpine Linux' +name: 'CI - Minimal CI with Alpine Linux' on: { workflow_dispatch: } jobs: @@ -16,7 +16,7 @@ jobs: run: | git clone --branch devel --depth 1 https://github.com/upx/upx git -C upx submodule update --init - echo 'artifact_name=upx-minimal-ci-${{ matrix.container }}' | sed 's/:/-/g' >> $GITHUB_ENV + echo "artifact_name=upx-${GITHUB_REF_NAME}-${GITHUB_SHA:0:7}-minimal-ci-${{ matrix.container }}" | sed 's/:/-/g' >> $GITHUB_ENV - { name: 'Build clang', run: 'make -C upx build/extra/clang/release' } - { name: 'Build gcc', run: 'make -C upx build/extra/gcc/release' } - name: ${{ format('Upload artifact {0}', env.artifact_name) }} diff --git a/.github/workflows/nopr.yml b/.github/workflows/nopr.yml index eb4ab7f8..dd68947e 100644 --- a/.github/workflows/nopr.yml +++ b/.github/workflows/nopr.yml @@ -1,4 +1,4 @@ -name: 'Close pull requests' +name: 'GitHub - Close pull requests' on: #pull_request: workflow_dispatch: diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml new file mode 100644 index 00000000..fa93370c --- /dev/null +++ b/.github/workflows/scan-build.yml @@ -0,0 +1,22 @@ +name: 'Static Analyzer - scan-build' + +on: + schedule: + - cron: '40 1 * * 3' + workflow_dispatch: + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + container: 'alpine:edge' + steps: + - name: 'Install packages' + run: 'apk update && apk upgrade && apk add bash clang clang-analyzer cmake g++ git make' + - name: 'Check out code' + uses: actions/checkout@v3 + with: { submodules: true } + - name: 'Perform scan-build Analysis Debug' + run: 'make build/extra/scan-build/debug' + - name: 'Perform scan-build Analysis Release' + run: 'make build/extra/scan-build/release' diff --git a/CMakeLists.txt b/CMakeLists.txt index 0d1688f5..60d15aaa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -149,8 +149,8 @@ if(MSVC) add_definitions(-D_CRT_NONSTDC_NO_WARNINGS) add_definitions(-D_CRT_SECURE_NO_DEPRECATE) add_definitions(-D_CRT_SECURE_NO_WARNINGS) - # set __cplusplus according to selected C++ standard - add_definitions(-Zc:__cplusplus) + # set __cplusplus according to selected C++ standard; use new preprocessor + add_definitions(-Zc:__cplusplus -Zc:preprocessor) else() # protect against security threats caused by misguided compiler "optimizations" if (CMAKE_C_COMPILER_ID STREQUAL "GNU") diff --git a/src/check/dt_check.cpp b/src/check/dt_check.cpp index 4b6a2bec..099be609 100644 --- a/src/check/dt_check.cpp +++ b/src/check/dt_check.cpp @@ -123,6 +123,7 @@ ACC_COMPILE_TIME_ASSERT_HEADER(!compile_time::string_ge("abc", "abz")) ACC_COMPILE_TIME_ASSERT_HEADER(compile_time::string_le("abc", "abz")) ACC_COMPILE_TIME_ASSERT_HEADER(CHAR_BIT == 8) +#if 0 // does not work with MSVC #if '\0' - 1 < 0 ACC_COMPILE_TIME_ASSERT_HEADER(CHAR_MAX == 127) #else @@ -133,6 +134,7 @@ ACC_COMPILE_TIME_ASSERT_HEADER((wchar_t) -1 < 0) #else ACC_COMPILE_TIME_ASSERT_HEADER((wchar_t) -1 > 0) #endif +#endif /************************************************************************* // upx_compiler_sanity_check()