Add bounded-stack CI, SMALL_FOOTPRINT, and updated minimal builds#38
Open
aidangarske wants to merge 7 commits into
Open
Add bounded-stack CI, SMALL_FOOTPRINT, and updated minimal builds#38aidangarske wants to merge 7 commits into
aidangarske wants to merge 7 commits into
Conversation
aidangarske
changed the title
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
aidangarske
added
enhancement
aidangarske
force-pushed
the
embedded-memory-and-minimal-build
branch
from
071227d to
6264753
Compare
…mal builds Address HN feedback (item 48340422) that the "zero allocation" framing hid stack usage. The library was already zero-heap; this makes that precise and enforced, and documents the genuinely-minimal wolfCrypt build. - Add WOLFCOSE_SMALL_FOOTPRINT profile that clamps the caller working set (MAX_SCRATCH_SZ/MAX_SIG_SZ/MAX_MAP_ITEMS/CBOR_MAX_DEPTH) to the ECC/EdDSA floor. Precedence is explicit -D, then the profile, then the algorithm default. Compile-time guards reject ML-DSA/RSA-PSS and any below-minimum override with a named error. - Enforce no dynamic stack growth: -Wvla -Werror=vla in the Makefile, plus scripts/check_stack_usage.sh and a Stack Bounds workflow that fails on a per-frame budget regression and verifies the SMALL_FOOTPRINT guard fires. - Compile objects with -ffunction-sections -fdata-sections so a consuming app can dead-strip unused COSE functions with --gc-sections. - README: separate the heap, caller working set, and call-stack claims; qualify the .text figures with compiler and arch; document the smallest wolfCrypt build (cryptonly + per-profile strips + sp-math-all + small AES tables + linker gc-sections). - minimal-build.yml: strip unused algorithms per profile and enable sp-math-all + lowresource for the ECC showcase. Correctness fixes surfaced by stripped builds: - wolfCose_IsAesCbcMacAlg now lives under HAVE_AES_CBC (was an unused-function warning on any no-AES-CBC build). - The interop AES-MAC tests compile out when AES-CBC is absent, so the suite builds clean against a stripped wolfCrypt. - Fix a macOS test build error (uint64_t passed to a size_t* parameter). No new dynamic allocation; the library remains zero-heap.
…e test - The uint64_t->size_t change in mutate_first_recipient_protected_alg was only needed for a local macOS gcc-14 build, where incompatible-pointer-types is a hard error. On Linux LP64 uint64_t and size_t are the same type, so the original code is correct and passed all CI on main. The change perturbed test_cose.o codegen enough to expose a gcc-11 -Os miscompilation (3 failures on gcc-11 only; gcc-12/13 and clang passed). Reverted to match main exactly. - The Stack Bounds negative test set CFLAGS on the make command line, which overrides the Makefile's "CFLAGS += $(EXTRA_CFLAGS)", so the -DWOLFCOSE_SMALL_FOOTPRINT define was dropped and the guard never fired. Put the define directly in CFLAGS.
…ame check, CPPFLAGS - SMALL_FOOTPRINT guards now fire only when the resolved WOLFCOSE_MAX_SIG_SZ / SCRATCH_SZ are actually below ML-DSA / RSA-PSS needs, so an explicit -D override that raises the limits is honored instead of always rejected. The error messages now name the required minimums. - check_stack_usage.sh flags frames whose .su qualifier is exactly "dynamic" (truly unbounded) regardless of the printed size, not only over-budget frames. "dynamic,bounded" and "static" still pass. - README: pass the wolfCrypt size defines through the CPPFLAGS environment variable on a complete configure command, instead of a fragment that could read as a positional argument.
Failures were emitted via the verbosity-gated TEST_LOG, so a failing COSE assertion produced no output in CI (only a non-zero exit and a count). Print the FAIL line unconditionally so failing tests are always identifiable; PASS lines stay behind WOLFCOSE_TEST_LOG_ENABLE.
aidangarske
force-pushed
the
embedded-memory-and-minimal-build
branch
from
6264753 to
7966566
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Hacker News feedback (item 48340422) that wolfCOSE's "zero
allocation" framing hid stack usage. The library was already zero-heap; this PR
makes that claim precise, enforces it in CI, adds a constrained-target profile,
and documents a genuinely-minimal wolfCrypt build. No new dynamic allocation is introduced; the library stays zero-heap.
WOLFCOSE_SMALL_FOOTPRINTmacro