Add support for Docker. New targets: docker,dockerbuild,dockerrun,dockerpoc and dockerclean.
Add the poc target as well.
This commit is contained in:
Samuel Aubertin
parent
141173d252
commit
781faf53e5
2
.dockerignore
Normal file
2
.dockerignore
Normal file
@ -0,0 +1,2 @@
|
||||
spectre-v1-*
|
||||
spectre-v2-*
|
||||
13
Dockerfile
Normal file
13
Dockerfile
Normal file
@ -0,0 +1,13 @@
|
||||
FROM alpine
|
||||
RUN apk update
|
||||
# Copy everything, except executables listed in .dockerignore
|
||||
COPY . /octopus
|
||||
WORKDIR /octopus
|
||||
# Install runtime dependencies
|
||||
RUN apk add --no-cache make git openssh-client-default util-linux-misc util-linux-dev
|
||||
# Install build dependencies, compile and uninstall dependencies
|
||||
RUN apk add --no-cache --virtual build-dependencies gcc clang musl-dev lld coreutils \
|
||||
&& make -j$(nproc) build \
|
||||
&& apk del build-dependencies
|
||||
# Run all experiment per default
|
||||
CMD make all
|
||||
84
Makefile
84
Makefile
@ -13,25 +13,26 @@
|
||||
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.PHONY: clean build upload findfalses
|
||||
.PHONY: clean dockerclean dockerprune build dockerbuild upload findfalses docker run dockerrun dockerupload help poc
|
||||
.DEFAULT_GOAL:= help
|
||||
.SILENT:
|
||||
|
||||
MAKEFLAGS:= -j4
|
||||
ifeq ($(shell uname),OpenBSD)
|
||||
GCC:=
|
||||
DEPS:= clang ./uuid
|
||||
DEPENDENCIES:= clang ./uuid
|
||||
ifndef MKUUID
|
||||
MKUUID!= $(shell stat uuid > /dev/null 2>&1 || (make -C uuid_obsd && ln -s uuid_obsd/uuid uuid))
|
||||
endif
|
||||
else
|
||||
GCC:= gcc
|
||||
DEPS:= $(GCC) clang uuid lld
|
||||
DEPENDENCIES:= $(GCC) clang uuid lld
|
||||
LDFLAGS+= -fuse-ld=lld
|
||||
endif
|
||||
|
||||
ifdef MKUUID
|
||||
EXECUTABLES= $(DEPS)
|
||||
XXXX:= $(foreach exec,$(EXECUTABLES), $(if $(shell which $(exec) 2> /dev/null),X,$(error "No '$(exec)' in PATH, please install it and restart octopus !")))
|
||||
EXECUTABLES= $(DEPENDENCIES)
|
||||
XXXX:= $(foreach exec,$(EXECUTABLES), $(if $(shell which $(exec) 2> /dev/null),X,$(error "No '$(exec)' in PATH, please install it and restart octopus !\nThe full dependencies are : $(DEPENDENCIES)")))
|
||||
endif
|
||||
|
||||
### Generic flags
|
||||
@ -68,11 +69,20 @@ endif
|
||||
CPU:= $(shell LC_ALL=en_US.UTF-8 lscpu | grep "Model name" | cut -d":" -f 2 | sort | uniq | awk '{$$1=$$1;print}')
|
||||
UCODE:= $(shell (grep microcode /proc/cpuinfo 2> /dev/null || printf unknown) | sort | uniq | awk '{print $$NF}' || printf unknown)
|
||||
KERN:= $(shell uname -svm)
|
||||
CLANGV:= $(shell clang -v 2>&1 | head -n 1)
|
||||
GCCV:= $(shell (gcc -v 2>&1 | grep 'gcc version') || printf unknown)
|
||||
CLANGV:= $(shell (clang -v 2>&1 | head -n 1)) || apk info -a clang | head -n1 | awk '{print $$1}' || printf unknown)
|
||||
GCCV:= $(shell (gcc -v 2>&1 | grep 'gcc version') || apk info -a gcc | head -n1 | awk '{print $$1}' || printf unknown)
|
||||
VULN1:= $(shell (cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 2> /dev/null || printf unknown))
|
||||
VULN2:= $(shell (cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 2> /dev/null || printf unknown))
|
||||
|
||||
REVISION:= $(shell git rev-parse --short HEAD)
|
||||
define BANNER
|
||||
printf '\033[1m\033[94m________ __\n'
|
||||
printf '\\_____ \\ _____/ |_ ____ ______ __ __ ______\n'
|
||||
printf ' / | \\_/ ___\\ __\\/ \033[31m_\033[94m \\\\____ \\| | \\/ ___/\n'
|
||||
printf '/ | \\ \\___| | ( \033[31m<_> \033[94m) |_> > | /\\___ \\ \n'
|
||||
printf '\\_______ /\\___ >__| \\____/| __/|____//____ >\n'
|
||||
printf ' \\/ \\/ |__| \033[0mrev $(REVISION)\033[1m\033[94m \\/\033[0m\n'
|
||||
printf ' Samuel AUBERTIN - EURECOM\n'
|
||||
endef
|
||||
|
||||
ifneq ($(shell uname),OpenBSD)
|
||||
ifndef PROGRESS
|
||||
@ -103,7 +113,7 @@ MASKING_STATIC_PROGRAMS= $(addsuffix -mask, $(filter spectre_v1%, $(STATIC_PROGR
|
||||
|
||||
### Lfence mitigation
|
||||
LFENCE_PROGRAMS= $(addsuffix -fence, $(filter spectre_v1%, $(OPTIMIZED_PROGRAMS)))
|
||||
LFENCE_STATIC_PROGRAMS= $(addsuffix -fence, $(filter spectre_v1%, $(STATIC_PROGRAMS)))
|
||||
LFENCE_STATIC_PROGRAMS= $(addsuffix -fence, $(filter spectre_v1%, $(STATIC_PROGRAMS)))
|
||||
|
||||
###### V2
|
||||
### Retpoline
|
||||
@ -111,15 +121,15 @@ LFENCE_STATIC_PROGRAMS= $(addsuffix -fence, $(filter spectre_v1%, $(STATIC_PROGR
|
||||
# dynamic
|
||||
RETPOLINE_CLANG_PROGRAMS= $(addsuffix -retpoline, $(filter spectre_v2-clang%, $(OPTIMIZED_PROGRAMS)))
|
||||
# static
|
||||
RETPOLINE_STATIC_CLANG_PROGRAMS= $(addsuffix -retpoline, $(filter spectre_v2-clang%, $(STATIC_PROGRAMS)))
|
||||
RETPOLINE_STATIC_CLANG_PROGRAMS=$(addsuffix -retpoline, $(filter spectre_v2-clang%, $(STATIC_PROGRAMS)))
|
||||
## gcc
|
||||
# dynamic
|
||||
RETPOLINE_GCC_PROGRAMS= $(addsuffix -retpoline, $(filter spectre_v2-gcc%, $(OPTIMIZED_PROGRAMS)))
|
||||
RETPOLINE_GCC_PROGRAMS= $(addsuffix -retpoline, $(filter spectre_v2-gcc%, $(OPTIMIZED_PROGRAMS)))
|
||||
# static
|
||||
RETPOLINE_STATIC_GCC_PROGRAMS= $(addsuffix -retpoline, $(filter spectre_v2-gcc%, $(STATIC_PROGRAMS)))
|
||||
|
||||
# Add GCC's specific flag
|
||||
V2_GCC_PROGRAMS= $(filter spectre_v2-gcc%, $(STATIC_PROGRAMS)) $(filter spectre_v2-gcc%, $(OPTIMIZED_PROGRAMS)) $(RETPOLINE_GCC_PROGRAMS) $(RETPOLINE_STATIC_GCC_PROGRAMS)
|
||||
V2_GCC_PROGRAMS= $(filter spectre_v2-gcc%, $(STATIC_PROGRAMS)) $(filter spectre_v2-gcc%, $(OPTIMIZED_PROGRAMS)) $(RETPOLINE_GCC_PROGRAMS) $(RETPOLINE_STATIC_GCC_PROGRAMS)
|
||||
$(V2_GCC_PROGRAMS): CFLAGS+=-fno-inline-small-functions
|
||||
|
||||
PROGS= $(OPTIMIZED_PROGRAMS)
|
||||
@ -147,14 +157,50 @@ findfalses: $(RESULTS_FILE)
|
||||
|
||||
build: $(PROGS)
|
||||
|
||||
run: $(RESULTS_FILE)
|
||||
printf "\033[1mResults file: $(RESULTS_FILE)\033[0m\n"
|
||||
|
||||
help:
|
||||
$(BANNER)
|
||||
printf '\nmake [all|poc|dockerpoc|build|dockerbuild|run|dockerrun]\n\n'
|
||||
printf '\tall\t\tbuilds, runs and uploads the experiment results\n'
|
||||
printf '\tpoc\t\tbuilds and runs a v1/v2 PoC\n'
|
||||
printf '\tdockerpoc\t\tbuilds and runs a v1/v2 PoC\n'
|
||||
printf '\tbuild\t\tbuilds the experiment programs\n'
|
||||
printf '\tdockerbuild\tbuilds the experiment programs within a container\n'
|
||||
printf '\trun\t\texecute the experiment\n'
|
||||
printf '\tdockerrun\texecute the experiment within a container\n'
|
||||
printf '\n\tFurther CFLAGS can be declared using `CFLAGS=XYZ make`\n'
|
||||
|
||||
dockerbuild:
|
||||
docker build -t "octopus:$(REVISION)" .
|
||||
|
||||
dockerrun: dockerbuild
|
||||
docker run --rm "octopus:$(REVISION)" make run
|
||||
|
||||
dockerupload: dockerbuild
|
||||
docker run --rm "octopus:$(REVISION)" make upload
|
||||
|
||||
dockerpoc: dockerbuild
|
||||
docker run --rm "octopus:$(REVISION)" make poc
|
||||
|
||||
docker: dockerupload
|
||||
|
||||
dockerclean:
|
||||
-docker image rm -f octopus
|
||||
|
||||
dockerprune:
|
||||
-docker image prune -af
|
||||
|
||||
poc: spectre_v1-clang-O0 spectre_v2-clang-O0
|
||||
$(BANNER)
|
||||
printf 'SPECTRE V1\n'
|
||||
./spectre_v1-clang-O0
|
||||
printf 'SPECTRE V2\n'
|
||||
./spectre_v2-clang-O0
|
||||
|
||||
$(RESULTS_FILE): build
|
||||
printf '\033[1m\033[94m________ __\n'
|
||||
printf '\\_____ \\ _____/ |_ ____ ______ __ __ ______\n'
|
||||
printf ' / | \\_/ ___\\ __\\/ _ \\\\____ \\| | \\/ ___/\n'
|
||||
printf '/ | \\ \\___| | ( <_> ) |_> > | /\\___ \\ \n'
|
||||
printf '\\_______ /\\___ >__| \\____/| __/|____//____ >\n'
|
||||
printf ' \\/ \\/ |__| \\/\033[0m\n'
|
||||
printf ' Samuel AUBERTIN - EURECOM\n'
|
||||
$(BANNER)
|
||||
printf "\033[4mUUID\033[0m\t\t$(UUID)\n"
|
||||
printf "\033[4mCPU\033[0m\t\t$(CPU)\n"
|
||||
printf "\033[4mMicrocode\033[0m\t$(UCODE)\n"
|
||||
|
||||
65
testflags.sh
65
testflags.sh
@ -1,65 +0,0 @@
|
||||
O2FLAGS="-fno-align-functions
|
||||
-fno-align-jumps
|
||||
-fno-align-labels
|
||||
-fno-align-loops
|
||||
-fno-caller-saves
|
||||
-fno-code-hoisting
|
||||
-fno-crossjumping
|
||||
-fno-cse-follow-jumps
|
||||
-fno-cse-skip-blocks
|
||||
-fno-delete-null-pointer-checks
|
||||
-fno-devirtualize
|
||||
-fno-devirtualize-speculatively
|
||||
-fno-expensive-optimizations
|
||||
-fno-finite-loops
|
||||
-fno-gcse -fno-gcse-lm
|
||||
-fno-hoist-adjacent-loads
|
||||
-fno-inline-functions
|
||||
-fno-inline-small-functions
|
||||
-fno-indirect-inlining
|
||||
-fno-ipa-bit-cp -fno-ipa-cp -fno-ipa-icf
|
||||
-fno-ipa-ra -fno-ipa-sra -fno-ipa-vrp
|
||||
-fno-isolate-erroneous-paths-dereference
|
||||
-fno-lra-remat
|
||||
-fno-optimize-sibling-calls
|
||||
-fno-optimize-strlen
|
||||
-fno-partial-inlining
|
||||
-fno-peephole2
|
||||
-fno-reorder-blocks-and-partition
|
||||
-fno-reorder-functions
|
||||
-fno-rerun-cse-after-loop
|
||||
-fno-schedule-insns -fno-schedule-insns2
|
||||
-fno-sched-interblock -fno-sched-spec
|
||||
-fno-store-merging
|
||||
-fno-strict-aliasing
|
||||
-fno-thread-jumps
|
||||
-fno-tree-builtin-call-dce
|
||||
-fno-tree-loop-vectorize
|
||||
-fno-tree-pre
|
||||
-fno-tree-slp-vectorize
|
||||
-fno-tree-switch-conversion
|
||||
-fno-tree-tail-merge
|
||||
-fno-tree-vrp"
|
||||
#-fno-reorder-blocks-algorithm=stc
|
||||
#-fno-vect-cost-model=very-cheap"
|
||||
|
||||
O3FLAGS="-fno-gcse-after-reload
|
||||
-fno-ipa-cp-clone
|
||||
-fno-loop-interchange
|
||||
-fno-loop-unroll-and-jam
|
||||
-fno-peel-loops
|
||||
-fno-predictive-commoning
|
||||
-fno-split-loops
|
||||
-fno-split-paths
|
||||
-fno-tree-loop-distribution
|
||||
-fno-tree-partial-pre
|
||||
-fno-unswitch-loops
|
||||
-fno-version-loops-for-strides"
|
||||
#-fno-vect-cost-model=dynamic
|
||||
|
||||
for i in $O2FLAGS; do
|
||||
rm spectre_v2-gcc-O2 > /dev/null; CFLAGS="$i" make spectre_v2-gcc-O2; ./spectre_v2-gcc-O2 2> /dev/null > /dev/null && echo -e "\033[32m ok $i\033[0m"
|
||||
done
|
||||
for i in $O3FLAGS; do
|
||||
rm spectre_v2-gcc-O3 > /dev/null; CFLAGS="$i" make spectre_v2-gcc-O3; ./spectre_v2-gcc-O3 2> /dev/null > /dev/null && echo -e "\033[32m ok $i\033[0m"
|
||||
done
|
||||
Loading…
Reference in New Issue
Block a user