Use pre-built cross-compiled aarch64 gcc for x86-64 linux machine (#45)

* add arm gnu gcc nix spec for x86_64 Signed-off-by: Thing-han, Lim <[email protected]> * use the pre-built cross-compiled gcc for x86_64 machines in ci Signed-off-by: Thing-han, Lim <[email protected]> * add skipped parameter Signed-off-by: Thing-han, Lim <[email protected]> * add prefix for some dependencies version summary Signed-off-by: Thing-han, Lim <[email protected]> * make ci job name more readable Signed-off-by: Thing-han, Lim <[email protected]> * fail ci job immediately if the architecture is not as expected Signed-off-by: Thing-han, Lim <[email protected]> * fix ci expect_arch for pqcp-arm64 Signed-off-by: Thing-han, Lim <[email protected]> * set matrix strategy fail-fast to false Signed-off-by: Thing-han, Lim <[email protected]> --------- Signed-off-by: Thing-han, Lim <[email protected]>
pq-code-package · Jun 12, 2024 · 7ecd006 · 7ecd006
1 parent c1d65ef
commit 7ecd006
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 26 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,50 +9,73 @@ on:
 jobs:
   build_kat:
     strategy:
+      fail-fast: false
       matrix:
-        system: [macos-latest, pqcp-arm64]
+        include:
+        - system: macos-latest
+          skipped: false
+          expect_arch: arm64
+        - system: pqcp-arm64
+          skipped: false
+          expect_arch: aarch64
+        - system: ubuntu-latest
+          cross_prefix: aarch64-none-linux-gnu-
+          skipped: true
+          expect_arch: x86_64
+    name: build_kat (${{ matrix.system }})
     runs-on: ${{ matrix.system }}
     steps:
       - uses: actions/checkout@v4
       - name: Setup nix
         uses: ./.github/actions/setup-nix
         with:
           script: |
-            cat >> $GITHUB_STEP_SUMMARY << EOF
+            ARCH=$(uname -m)
+            cat >> $GITHUB_STEP_SUMMARY <<-EOF
               ## Setup
-              Architecture: $(uname -m)
+              Architecture: $ARCH
               - $(uname -a)
               - $(nix --version)
               - $(astyle --version)
               - $(${{ matrix.cross_prefix }}gcc --version | grep -m1 "")
               - $(bash --version | grep -m1 "")
             EOF
+
+            if [[ "$ARCH" != ${{ matrix.expect_arch }} ]]; then
+              echo ":x: Expecting to run on ${{ matrix.expect_arch }}, but instead running on $ARCH" >> $GITHUB_STEP_SUMMARY
+              exit 1
+            fi
       - name: Build targets
         shell: nix develop .#ci -c bash -e {0}
         run: |
-          make mlkem
-          ./test/test_kyber512
-          ./test/test_kyber768
-          ./test/test_kyber1024
+          make CROSS_PREFIX=${{ matrix.cross_prefix }} mlkem
+
+          if [ ${{ matrix.skipped }} != true ]; then
+            ./test/test_kyber512
+            ./test/test_kyber768
+            ./test/test_kyber1024
+          fi
       - name: Compare gen_KAT with known hash
         shell: nix develop .#ci -c bash -e {0}
         run: |
-          make kat;
-          cat >> $GITHUB_STEP_SUMMARY << EOF
+          cat >> $GITHUB_STEP_SUMMARY <<-EOF
             ## KAT tests
-            $(checksum ./test/gen_KAT512  ec4ac397e595ac7457cb7d8830921faf3290898a10d7dd3864aab89ea61fe9a3)
-            $(checksum ./test/gen_KAT768  9a0826ad3c5232dfd3b21bc4801408655c565a491b760f509b2ee2cd7180babe)
-            $(checksum ./test/gen_KAT1024 6dafb867599b750a6a831b03e494cf41dea748c78a0e275e7b268bbb893cf37d)
           EOF
+
+          make CROSS_PREFIX=${{ matrix.cross_prefix }} kat
+
+          if [ ${{ matrix.skipped }} != true ]; then
+            cat >> $GITHUB_STEP_SUMMARY <<-EOF
+              $(checksum ./test/gen_KAT512  ec4ac397e595ac7457cb7d8830921faf3290898a10d7dd3864aab89ea61fe9a3)
+              $(checksum ./test/gen_KAT768  9a0826ad3c5232dfd3b21bc4801408655c565a491b760f509b2ee2cd7180babe)
+              $(checksum ./test/gen_KAT1024 6dafb867599b750a6a831b03e494cf41dea748c78a0e275e7b268bbb893cf37d)
+          EOF
+          fi
       - name: Compare gen_NISTKAT with known hash
         shell: nix develop .#ci -c bash -e {0}
         run: |
-          make nistkat;
-          cat >> $GITHUB_STEP_SUMMARY << EOF
+          cat >> $GITHUB_STEP_SUMMARY <<-EOF
             ## NISTKAT tests
-            $(checksum ./test/gen_NISTKAT512  4b88ac7643ff60209af1175e025f354272e88df827a0ce1c056e403629b88e04)
-            $(checksum ./test/gen_NISTKAT768  21b4a1e1ea34a13c26a9da5eeb9325afb5ca11596ca6f3704c3f2637e3ea7524)
-            $(checksum ./test/gen_NISTKAT1024 6471398b0a728ee1ef39e93bb89b526fbf59587a3662edadbcfc6c88a512cd71)
           EOF
   lint:
     strategy:
@@ -97,8 +120,8 @@ jobs:
               Architecture: $(uname -m)
               - $(nix --version)
               - $(cbmc --version)
-              - $(litani --version)
-              - $(cadical --version)
+              - litani Version $(litani --version)
+              - Cadical Version $(cadical --version)
               - $(${{ matrix.cross_prefix }}gcc --version | grep -m1 "")
               - $(bash --version | grep -m1 "")
             EOF

diff --git a/Makefile b/Makefile
@@ -1,6 +1,9 @@
 # SPDX-License-Identifier: Apache-2.0
 
-CC ?= gcc
+Q ?= @
+CROSS_PREFIX ?=
+CC := $(CROSS_PREFIX)gcc
+
 INCLUDE_FIPS202 = -I fips202
 INCLUDE_MLKEM = -I mlkem
 INCLUDE_RANDOM = -I randombytes

diff --git a/arm-gnu-gcc.nix b/arm-gnu-gcc.nix
@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: Apache-2.0
+
+{ stdenvNoCC
+, fetchurl
+}:
+
+stdenvNoCC.mkDerivation rec {
+  pname = "gcc-arm";
+  version = "13.2.rel1";
+
+  platform = {
+    x86_64-linux = "x86_64";
+  }.${stdenvNoCC.hostPlatform.system} or (throw "Unsupported system: ${stdenvNoCC.hostPlatform.system}");
+
+  platform_suffix = {
+    x86_64-linux = "linux-gnu";
+  }.${stdenvNoCC.hostPlatform.system} or (throw "Unsupported system: ${stdenvNoCC.hostPlatform.system}");
+
+  src = fetchurl {
+    url = "https://developer.arm.com/-/media/Files/downloads/gnu/${version}/binrel/arm-gnu-toolchain-${version}-${platform}-aarch64-none-${platform_suffix}.tar.xz";
+    sha256 = {
+      x86_64-linux = "sha256-EvzfE6dDBlUimyBDiknoVm4mVRugh1mSLNr0aVsNTiM=";
+    }.${stdenvNoCC.hostPlatform.system} or (throw "Unsupported system: ${stdenvNoCC.hostPlatform.system}");
+  };
+
+  dontConfigure = true;
+  dontBuild = true;
+  dontPatchELF = true;
+  dontStrip = true;
+
+  installPhase = ''
+    mkdir -p $out
+    cp -r * $out
+  '';
+}
diff --git a/flake.nix b/flake.nix
@@ -16,7 +16,7 @@
     flake-parts.lib.mkFlake { inherit inputs; } {
       imports = [ ];
       systems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin" ];
-      perSystem = { pkgs, ... }:
+      perSystem = { pkgs, system, ... }:
         let
           core = builtins.attrValues
             {
@@ -27,11 +27,12 @@
                 nixpkgs-fmt
                 shfmt;
             }
-          # ignore gcc for x86_64 machines, and arch64-darwin should just use the native clang
-          ++ (if !pkgs.stdenv.isDarwin && pkgs.stdenv.isAarch64
-          then [ (pkgs.gcc13.override { propagateDoc = true; isGNU = true; }) ]
-          else [ ]
-          );
+          ++ {
+            "x86_64-linux" = [ (pkgs.callPackage ./arm-gnu-gcc.nix { }) ];
+            "aarch64-linux" = [ (pkgs.gcc13.override { propagateDoc = true; isGNU = true; }) ];
+            "aarch64-darwin" = [ ];
+            "x86_64-darwin" = [ ];
+          }.${system};
 
         in
         {