Continuous scan of the archive for ISA (in)compatibility
Every architecture we ship has instruction supersets that cause incompatibilities with our baseline targets, for example:
NEON on armhf
altivec on powerpc
cmov on i386
sse, 3dnow, etc on amd64
We need to both define a base ISA for each architecture, and sort out ways to continually scan for violations of same.
Blueprint information
- Status:
- Not started
- Approver:
- Steve Langasek
- Priority:
- Medium
- Drafter:
- Adam Conrad
- Direction:
- Approved
- Assignee:
- Adam Conrad
- Definition:
- Approved
- Series goal:
- Accepted for raring
- Implementation:
-
Not started
- Milestone target:
- None
- Started by
- Completed by
Whiteboard
Evan Broder's lintian-lab is available.
i386: i686 (ppro), possibly including cmov
amd64: x86_64 (no extensions)
powerpc: 740/750 (no freescale or IBM extension on top)
armel: armv5t
armhf: armv7-a vfpv3-d16 hard-float, no NEON!
arm64: baseline aarch64
Al Stone has a python scanner that currently does <= armv6 scanning.
Stack-protection can present interesting "issues", given the curious implementation, and this needs to be detected in vaguely sane ways.
Packages that have inline routines that are only run based on runtime detection need to be whitelisted on a case-by-case.
Work Items
Work items:
[adconrad] First cut, defining every arch in the arch tables of the current scanner: TODO
[adconrad] Second cut, transliterate into perl and make it a lintian check: TODO
[adconrad] follow up with kees on scanning tricks (based on the hardening-check experience): TODO
[adconrad] investigate post-build scanning in lp-buildd as warnings, and eventually maybe hard failures?: TODO
[ahs3] Look into other curious ways we can use this data once collects (things setting r7 stupidly and/or maliciously): TODO
Dependency tree
* Blueprints in grey have been implemented.
