@@ -18,212 +18,164 @@ extract_exe() {
1818 $IS_WIN || chmod +x " $2 /$name "
1919}
2020
21- retry () {
22- echo " Attempting with retry:" " $@ "
23- local n=1
24- while true ; do
25- if " $@ " ; then
26- break
27- else
28- if [[ $n -lt 3 ]]; then
29- sleep $n # don't retry immediately
30- (( n++ ))
31- echo " Command failed. Attempt $n /3:"
32- else
33- echo " The command has failed after $n attempts."
34- return 1
35- fi
36- fi
37- done
38- }
39-
4021setup_dist_bins () {
4122 if $IS_WIN ; then
42- is_exe " dist/bin" " saw" && is_exe " dist/bin " " saw-remote-api " && return
23+ is_exe " dist/bin" " saw" && return
4324 else
44- is_exe " dist/bin" " saw" && is_exe " dist/bin" " saw-remote-api" && is_exe " dist/bin " " jss " && return
45- extract_exe " jss " " dist/bin"
25+ is_exe " dist/bin" " saw" && is_exe " dist/bin" " saw-remote-api" && return
26+ extract_exe " saw-remote-api " " dist/bin"
4627 fi
4728 extract_exe " saw" " dist/bin"
48- extract_exe " saw-remote-api " " dist/bin"
29+ extract_exe " cryptol " " dist/bin"
4930 export PATH=$PWD /dist/bin:$PATH
5031 echo " $PWD /dist/bin" >> " $GITHUB_PATH "
5132 strip dist/bin/saw* || echo " Strip failed: Ignoring harmless error"
52- strip dist/bin/jss* || echo " Strip failed: Ignoring harmless error"
53- }
54-
55- install_z3 () {
56- is_exe " $BIN " " z3" && return
57-
58- case " $RUNNER_OS " in
59- Linux) file=" ubuntu-16.04.zip"
60- macOS) file=" osx-10.14.6.zip"
61- Windows) file=" win.zip"
62- esac
63- curl -o z3.zip -sL " https://github.com/Z3Prover/z3/releases/download/z3-$Z3_VERSION /z3-$Z3_VERSION -x64-$file "
64-
65- if $IS_WIN ; then 7z x -bd z3.zip; else unzip z3.zip; fi
66- cp z3-* /bin/z3$EXT $BIN /z3$EXT
67- $IS_WIN || chmod +x $BIN /z3
68- rm z3.zip
69- }
70-
71- install_cvc4 () {
72- is_exe " $BIN " " cvc4" && return
73- version=" ${CVC4_VERSION# 4.} " # 4.y.z -> y.z
74-
75- case " $RUNNER_OS " in
76- Linux) file=" x86_64-linux-opt"
77- Windows) file=" win64-opt.exe"
78- macOS) file=" macos-opt"
79- esac
80- # Temporary workaround
81- if [[ " $RUNNER_OS " == " Linux" ; then
82- curl -o cvc4$EXT -sL " https://cvc4.cs.stanford.edu/downloads/builds/x86_64-linux-opt/unstable/cvc4-2020-08-18-x86_64-linux-opt"
83- else
84- curl -o cvc4$EXT -sL " https://github.com/CVC4/CVC4/releases/download/$version /cvc4-$version -$file "
85- fi
86- $IS_WIN || chmod +x cvc4$EXT
87- mv cvc4$EXT " $BIN /cvc4$EXT "
88- }
89-
90- install_yices () {
91- is_exe " $BIN " " yices" && return
92- ext=" .tar.gz"
93- case " $RUNNER_OS " in
94- Linux) file=" pc-linux-gnu-static-gmp.tar.gz"
95- macOS) file=" apple-darwin18.7.0-static-gmp.tar.gz"
96- Windows) file=" pc-mingw32-static-gmp.zip" && ext=" .zip"
97- esac
98- curl -o " yices$ext " " https://yices.csl.sri.com/releases/$YICES_VERSION /yices-$YICES_VERSION -x86_64-$file "
99-
100- if $IS_WIN ; then
101- 7z x -bd " yices$ext "
102- mv " yices-$YICES_VERSION " * .exe " $BIN "
103- else
104- tar -xzf " yices$ext "
105- pushd " yices-$YICES_VERSION " || exit
106- sudo ./install-yices
107- popd || exit
108- fi
109- rm -rf " yices$ext " " yices-$YICES_VERSION "
110- }
111-
112- install_yasm () {
113- is_exe " $BIN " " yasm" && return
114- case " $RUNNER_OS " in
115- Linux) sudo apt-get update -q && sudo apt-get install -y yasm ;;
116- macOS) brew install yasm ;;
117- Windows) choco install yasm ;;
118- esac
11933}
12034
12135build () {
12236 ghc_ver=" $( ghc --numeric-version) "
12337 cp cabal.GHC-" $ghc_ver "
12438 cabal v2-update
125- echo " allow-newer: all" >> cabal.project.local
126- pkgs=(saw saw-remote-api)
39+ # Configure with --disable-documentation and --haddock-internal so
40+ # that the haddock run later, if enabled, doesn't recompile the
41+ # world by using those flags. (See haddock() below for discussion of
42+ # why those flags are used.) We could do this only for builds where
43+ # we're intending to do the haddock run, but it should have no
44+ # effect otherwise and unconditional is simpler.
45+ cabal v2-configure -j --enable-tests --disable-documentation --haddock-internal
46+ git status --porcelain
12747 if $IS_WIN ; then
128- echo " flags: -builtin-abc" >> cabal.project.local
129- echo " constraints: jvm-verifier -builtin-abc, cryptol-saw-core -build-css" >> cabal.project.local
48+ pkgs=(saw crux-mir-comp)
13049 else
131- pkgs+=(jss )
50+ pkgs=(saw crux-mir-comp saw-remote-api )
13251 fi
133- echo " allow-newer: all" >> cabal.project.local
134- tee -a cabal.project > /dev/null < cabal.project.ci
135- if ! retry cabal v2-build " $@ " " ${pkgs[@]} " ; then
136- if [[ " $RUNNER_OS " == " macOS" ; then
137- echo " Working around a dylib issue on macos by removing the cache and trying again"
138- cabal v2-clean
139- retry cabal v2-build " $@ " " ${pkgs[@]} "
140- else
141- return 1
142- fi
52+ cat cabal.project.ci >> cabal.project.local
53+ if [[ " $ENABLE_HPC " == " true" ; then
54+ cat cabal.project.ci-hpc >> cabal.project.local
14355 fi
144- }
145-
146- build_abc () {
147- arch=X86_64
148- case " $RUNNER_OS " in
149- Linux) os=" Linux"
150- macOS) os=" OSX"
151- Windows) return ;;
152- esac
153- pushd deps/abcBridge
154- $IS_WIN || scripts/build-abc.sh $arch $os
155- cp abc-build/abc $BIN /abc
156- popd
56+ # In the distant past, we had to retry the `cabal build` command to work
57+ # around issues with caching dylib files on macOS. These issues appear to
58+ # be less likely with modern GitHub Actions caching, so we have removed the
59+ # retry logic.
60+ cabal v2-build " $@ " " ${pkgs[@]} "
61+ }
62+
63+ haddock () {
64+ # It seems that the secret sauce for getting cabal to _not_ go
65+ # through building docs for every single sublibrary is to pass
66+ # --disable-documentation, counterintuitive though that is.
67+ #
68+ # Note: there's a v2-haddock-project that runs haddock on all
69+ # packages in the project, which would avoid needing to list them
70+ # out. However, it doesn't support the --disable-documentation
71+ # option, so it won't currently serve. (Also for some reason it
72+ # currently demands --internal in place of --haddock-internal.)
73+ #
74+ # We use --haddock-internal because the point of generating the
75+ # haddocks for SAW (which doesn't have an external-facing library
76+ # interface) is to serve as an internals reference.
77+ local PACKAGES='
78+ rme
79+ saw-core
80+ cryptol-saw-core
81+ saw-core-what4
82+ saw-core-sbv
83+ saw-core-aig
84+ saw-core-coq
85+ heapster-saw
86+ saw-script
87+ saw-remote-api
88+ crucible-mir-comp
89+ crux-mir-comp
90+ verif-viewer
91+ '
92+ cabal v2-haddock --haddock-internal --disable-documentation $PACKAGES
93+ }
94+
95+ # Gather and tar up all HPC coverage files and binaries
96+ collect_hpc_files () {
97+ local MIX_FILES=$( find dist-newstyle -name " *.mix" )
98+ local GENERATED_HS_FILES=$( find dist-newstyle/build -name " *.hs" )
99+ local BINS=" dist/bin"
100+ tar cvf hpc.tar.gz ${MIX_FILES} ${GENERATED_HS_FILES} ${BINS}
101+ }
102+
103+ # Download HTML coverage reports and generate an index file linking to them
104+ collect_all_html () {
105+ local HTML_DIR=all-html
106+ mkdir -p ${HTML_DIR}
107+ (cd ${HTML_DIR} && gh run download -p " coverage-html-*" && python3 ../.github/generate_index.py)
157108}
158109
159110install_system_deps () {
160- install_z3 &
161- install_cvc4 &
162- install_yices &
163- install_yasm &
164- wait
165- export PATH=$PWD /$BIN :$PATH
111+ (cd $BIN && curl -o bins.zip -sL " https://github.com/GaloisInc/what4-solvers/releases/download/$SOLVER_PKG_VERSION /$BUILD_TARGET_OS -$BUILD_TARGET_ARCH -bin.zip" && unzip -o bins.zip && rm bins.zip)
112+ chmod +x $BIN /*
113+ cp $BIN /yices_smt2$EXT $BIN /yices-smt2$EXT
114+ export PATH=" $BIN :$PATH "
166115 echo " $BIN " >> " $GITHUB_PATH "
167- is_exe " $BIN " && is_exe " $BIN " && is_exe " $BIN " && is_exe " $BIN "
168- }
169-
170- test_dist () {
171- find_java
172- pushd intTests
173- for t in test0001 test0019_jss_switch_statement test_crucible_jvm test_ecdsa test_examples test_issue108 test_tutorial1 test_tutorial2 test_tutorial_w4; do echo $t >> disabled_tests.txt; done
174- env
175- LOUD=true ./runtests.sh
176- sh -c " ! grep '<failure>' results.xml"
116+ is_exe " $BIN " && is_exe " $BIN " && is_exe " $BIN " && is_exe " $BIN " && is_exe " $BIN " && is_exe " $BIN "
177117}
178118
179119build_cryptol () {
180- is_exe " dist/bin" " cryptol" && return
181- pushd deps/cryptol
182- git submodule update --init
183- .github/ci.sh build
184- popd
120+ cabal build exe:cryptol
185121}
186122
187123bundle_files () {
188- mkdir -p dist dist/{bin,doc,examples,include,lib}
124+ mkdir -p dist dist/{bin,deps,doc,examples,include,lib}
125+ mkdir -p dist/doc/{llvm-java-verification-with-saw,rust-verification-with-saw,saw-user-manual}
189126
190- cp deps/abcBridge/abc-build/copyright.txt dist/ABC_LICENSE
191127 cp LICENSE README.md dist/
192128 $IS_WIN || chmod +x dist/bin/*
193129
194- cp doc/extcore.md dist/doc
195- cp doc/tutorial/sawScriptTutorial.pdf dist/doc/tutorial.pdf
196- cp doc/manual/manual.pdf dist/doc/manual.pdf
197- cp -r doc/tutorial/code dist/doc
198- cp deps/jvm-verifier/support/galois.jar dist/lib
130+ (cd deps/cryptol-specs && git archive --prefix=cryptol-specs/ --format=tar HEAD) | (cd dist/deps && tar x)
131+ cp doc/pdfs/llvm-java-verification-with-saw.pdf dist/doc/llvm-java-verification-with-saw
132+ cp doc/pdfs/rust-verification-with-saw.pdf dist/doc/rust-verification-with-saw
133+ cp doc/pdfs/saw-user-manual.pdf dist/doc/saw-user-manual
134+ cp -r doc/llvm-java-verification-with-saw/code dist/doc/llvm-java-verification-with-saw
135+ cp -r doc/rust-verification-with-saw/code dist/doc/rust-verification-with-saw
136+ cp intTests/jars/galois.jar dist/lib
199137 cp -r deps/cryptol/lib/* dist/lib
200138 cp -r examples/* dist/examples
201139}
202140
203- find_java () {
204- pushd .github
205- javac PropertiesTest.java
206- RT_JAR=" $( java PropertiesTest | tr : ' \n' | grep rt.jar | head -n 1) "
207- export RT_JAR
208- echo " RT_JAR=$RT_JAR " >> " $GITHUB_ENV "
209- rm PropertiesTest.class
210- popd
211- }
212-
213141sign () {
142+ # This is surrounded with `set +x; ...; set -x` to disable printing out
143+ # statements that could leak GPG-related secrets.
144+ set +x
214145 gpg --batch --import <( echo " $SIGNING_KEY " )
215- fingerprint=" $( gpg --list-keys | grep galois -a1 | head -n1 | awk ' {$1=$1};1' ) "
146+ fingerprint=" $( gpg --list-keys | grep Galois -a1 | head -n1 | awk ' {$1=$1};1' ) "
216147 echo " $fingerprint :6" | gpg --import-ownertrust
217148 gpg --yes --no-tty --batch --pinentry-mode loopback --default-key " $fingerprint " " $1 " <( echo " $SIGNING_PASSPHRASE " ) " $1 "
149+ set -x
218150}
219151
220152zip_dist () {
221- : " ${VERSION?VERSION is required as an environment variable} "
222- name=" ${name:- " saw-$VERSION -$RUNNER_OS -x86_64" "
223- mv dist " $name "
153+ name=" $1 "
154+ cp -r dist " $name "
224155 tar -czf " $name " " $name "
225- sign " $name "
226- [[ -f " $name " && [[ -f " $name "
156+ }
157+
158+ zip_dist_with_solvers () {
159+ sname=" ${1} "
160+ # Because these binaries come from the what4-solvers repository, they
161+ # should be at least as portable (in terms of dynamic library
162+ # dependencies) as the SAW binaries.
163+ cp " $BIN /abc"
164+ cp " $BIN /bitwuzla"
165+ cp " $BIN /boolector"
166+ cp " $BIN /cvc4"
167+ cp " $BIN /cvc5"
168+ cp " $BIN /yices"
169+ cp " $BIN /yices-smt2"
170+ # Z3 4.8.14 has been known to nondeterministically time out with the AWSLC
171+ # and BLST proofs, so we include both 4.8.8 and 4.8.14 so that we can fall
172+ # back to 4.8.8 (a version known to work with the AWSLC and BLST proofs)
173+ # where necessary. See #1772.
174+ cp " $BIN /z3"
175+ cp " $BIN /z3-4.8.8"
176+ cp " $BIN /z3-4.8.14"
177+ cp -r dist " $sname "
178+ tar -cvzf " $sname " " $sname "
227179}
228180
229181output () { echo " ::set-output name=$1 ::$2 " ; }
0 commit comments