StillHammer
ba42b6d9c7
- Add hybrid deployment modes: local_dev (MVP) and production_pwa (optional) - Integrate WarFactory engine reuse with hot-reload 0.4ms - Define multi-target compilation strategy (DLL/SO/WASM) - Detail both deployment modes with cost analysis - Add progressive roadmap: Phase 1 (local), Phase 2 (POC WASM), Phase 3 (cloud) - Budget clarified: $10-20/mois (local) vs $13-25/mois (cloud) - Document open questions for technical validation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
321 lines
8.6 KiB
Markdown
321 lines
8.6 KiB
Markdown
# 🛡️ Warfactory Advanced Testing & Verification System
|
|
|
|
Ce document décrit le système de test et vérification avancé intégré dans Warfactory, conçu pour détecter automatiquement les bugs, vulnerabilités et problèmes de performance sans intervention constante.
|
|
|
|
## 🎯 Vue d'ensemble
|
|
|
|
Le système combine **8 couches de défense** automatisées :
|
|
|
|
1. **Compilation stricte** - Flags "No Trust" avec zéro tolérance
|
|
2. **Static Analysis** - Détection de bugs avant exécution
|
|
3. **Fuzzing automatique** - Test d'inputs malformés
|
|
4. **Formal Verification** - Preuve mathématique de propriétés
|
|
5. **Concurrency Analysis** - Détection de race conditions
|
|
6. **Coverage-guided testing** - Feedback de couverture de code
|
|
7. **ABI/Interface validation** - Compatibilité entre versions
|
|
8. **Contract-based programming** - Assertions partout dans le code
|
|
|
|
## 🚀 Installation rapide
|
|
|
|
```bash
|
|
# 1. Installer tous les outils automatiquement
|
|
./scripts/setup_advanced_tools.sh
|
|
|
|
# 2. Configurer le projet avec tous les outils
|
|
mkdir build && cd build
|
|
cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_ADVANCED_TOOLS=ON ..
|
|
|
|
# 3. Compiler avec toutes les défenses
|
|
make all-engines
|
|
|
|
# 4. Lancer tous les tests avancés
|
|
make test-everything
|
|
```
|
|
|
|
## 🔧 Configuration par couches
|
|
|
|
### ⚙️ **Niveau 1 : Compilation "No Trust"**
|
|
|
|
Activé automatiquement sur tous les engines :
|
|
|
|
```cmake
|
|
# Erreurs critiques = compilation échoue
|
|
-Werror=null-dereference -Werror=array-bounds -Werror=use-after-free
|
|
-Werror=uninitialized -Werror=return-type -Werror=format-security
|
|
|
|
# Sanitizers complets (mode Debug)
|
|
-fsanitize=address,undefined,leak,memory,thread,cfi
|
|
|
|
# Protection runtime maximale
|
|
-fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=3
|
|
```
|
|
|
|
### 🔍 **Niveau 2 : Static Analysis**
|
|
|
|
```bash
|
|
# Cppcheck - analyse statique C++
|
|
make economy-engine_cppcheck
|
|
|
|
# Clang Static Analyzer
|
|
cmake -DENABLE_STATIC_ANALYSIS=ON ..
|
|
make economy-engine
|
|
|
|
# PVS-Studio (si installé)
|
|
make economy-engine_pvs
|
|
```
|
|
|
|
### 🎯 **Niveau 3 : Fuzzing automatique**
|
|
|
|
#### libFuzzer (Clang intégré)
|
|
```bash
|
|
make economy-engine_fuzz_run # 5 minutes de fuzzing
|
|
```
|
|
|
|
#### AFL++ (coverage-guided)
|
|
```bash
|
|
make economy-engine_afl_run # Fuzzing avec feedback
|
|
```
|
|
|
|
#### honggfuzz (feedback hardware)
|
|
```bash
|
|
make economy-engine_honggfuzz_run
|
|
```
|
|
|
|
#### Fuzzing de tous les engines
|
|
```bash
|
|
make fuzz-all-engines # Fuzzing massif parallèle
|
|
```
|
|
|
|
### 🔬 **Niveau 4 : Formal Verification**
|
|
|
|
#### CBMC - Model Checking
|
|
```bash
|
|
make economy-engine_cbmc # Vérification mathématique
|
|
```
|
|
|
|
#### KLEE - Symbolic Execution
|
|
```bash
|
|
make economy-engine_klee # Exploration symbolique
|
|
```
|
|
|
|
### 🧵 **Niveau 5 : Concurrency Analysis**
|
|
|
|
#### Valgrind Helgrind
|
|
```bash
|
|
make economy-engine_helgrind # Détection race conditions
|
|
```
|
|
|
|
#### Valgrind DRD
|
|
```bash
|
|
make economy-engine_drd # Détection data races
|
|
```
|
|
|
|
#### Intel Inspector (si disponible)
|
|
```bash
|
|
make economy-engine_inspector # Analyse threading avancée
|
|
```
|
|
|
|
### 📊 **Niveau 6 : Coverage Analysis**
|
|
|
|
```bash
|
|
# Génération rapport de couverture
|
|
make economy-engine_coverage_run
|
|
|
|
# Rapport HTML dans economy-engine_coverage_report/
|
|
open economy-engine_coverage_report/index.html
|
|
```
|
|
|
|
### 🔗 **Niveau 7 : ABI Validation**
|
|
|
|
```bash
|
|
# Créer baseline ABI
|
|
make economy-engine_abi_dump
|
|
cp economy-engine_current.abi.tar.gz ../abi_baselines/economy-engine_baseline.abi.tar.gz
|
|
|
|
# Vérifier compatibilité après changements
|
|
make economy-engine_abi_check
|
|
open economy-engine_abi_report.html
|
|
```
|
|
|
|
### 📋 **Niveau 8 : Contract Programming**
|
|
|
|
Utilisation dans le code C++ :
|
|
|
|
```cpp
|
|
#include <warfactory/contracts.hpp>
|
|
#include <warfactory/gsl_contracts.hpp>
|
|
|
|
void process_market_data(gsl::not_null<const double*> price, double volume) {
|
|
// Préconditions automatiques
|
|
WARFACTORY_REQUIRE(std::isfinite(*price));
|
|
WARFACTORY_REQUIRE(volume > 0.0);
|
|
|
|
double result = calculate_value(*price, volume);
|
|
|
|
// Postconditions automatiques
|
|
WARFACTORY_ENSURE(std::isfinite(result));
|
|
WARFACTORY_PROPERTY_FINITE_VALUES(result);
|
|
}
|
|
```
|
|
|
|
## 🎮 Modes d'utilisation
|
|
|
|
### 🚀 **Mode Développement**
|
|
```bash
|
|
cmake -DCMAKE_BUILD_TYPE=Debug ..
|
|
make economy-engine
|
|
# → Tous les sanitizers + assertions activés
|
|
```
|
|
|
|
### ⚡ **Mode Production**
|
|
```bash
|
|
cmake -DCMAKE_BUILD_TYPE=Release ..
|
|
make economy-engine
|
|
# → CFI uniquement, performance optimisée
|
|
```
|
|
|
|
### 🔬 **Mode Test Complet**
|
|
```bash
|
|
cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_ADVANCED_TOOLS=ON ..
|
|
make test-everything
|
|
# → Tous les outils activés, test marathon
|
|
```
|
|
|
|
### 🎯 **Mode Fuzzing Intensif**
|
|
```bash
|
|
cmake -DENABLE_FUZZING=ON ..
|
|
make fuzz-all-engines
|
|
# → Fuzzing 24/7 sur tous les engines
|
|
```
|
|
|
|
## 📈 Targets disponibles
|
|
|
|
### Par engine (exemple : economy-engine)
|
|
```bash
|
|
# Compilation
|
|
make economy-engine
|
|
|
|
# Static Analysis
|
|
make economy-engine_cppcheck
|
|
make economy-engine_pvs
|
|
|
|
# Fuzzing
|
|
make economy-engine_fuzz_run # libFuzzer
|
|
make economy-engine_afl_run # AFL++
|
|
make economy-engine_honggfuzz_run # honggfuzz
|
|
make economy-engine_fuzz_all # Tous les fuzzers
|
|
|
|
# Formal Verification
|
|
make economy-engine_cbmc # Model checking
|
|
make economy-engine_klee # Symbolic execution
|
|
|
|
# Concurrency
|
|
make economy-engine_helgrind # Race conditions
|
|
make economy-engine_drd # Data races
|
|
make economy-engine_inspector # Intel Inspector
|
|
|
|
# Coverage
|
|
make economy-engine_coverage_run # Rapport HTML
|
|
|
|
# ABI
|
|
make economy-engine_abi_dump # Créer baseline
|
|
make economy-engine_abi_check # Vérifier compatibilité
|
|
```
|
|
|
|
### Globaux (tous les engines)
|
|
```bash
|
|
make all-engines # Build tout
|
|
make fuzz-all-engines # Fuzzing massif
|
|
make analyze-all-engines # Static analysis
|
|
make coverage-all-engines # Coverage reports
|
|
make concurrency-all-engines # Concurrency analysis
|
|
make abi-all-engines # ABI validation
|
|
make test-everything # TOUT en parallèle
|
|
```
|
|
|
|
## 🔧 Configuration avancée
|
|
|
|
### Variables CMake importantes
|
|
```bash
|
|
-DENABLE_ADVANCED_TOOLS=ON # Active tous les outils
|
|
-DENABLE_STATIC_ANALYSIS=ON # Clang Static Analyzer
|
|
-DENABLE_FUZZING=ON # Support fuzzing
|
|
-DCMAKE_BUILD_TYPE=Debug # Tous les sanitizers
|
|
```
|
|
|
|
### Personnalisation par engine
|
|
```cmake
|
|
# Dans engines/Mon-Engine/CMakeLists.txt
|
|
warfactory_add_defenses(mon-engine) # Défenses de base
|
|
warfactory_add_fuzzing(mon-engine) # Fuzzing
|
|
warfactory_add_formal_verification(mon-engine) # Vérification formelle
|
|
warfactory_add_concurrency_analysis(mon-engine) # Concurrence
|
|
warfactory_add_coverage_analysis(mon-engine) # Coverage
|
|
warfactory_add_abi_validation(mon-engine) # ABI
|
|
warfactory_add_gsl_support(mon-engine) # Guidelines Support Library
|
|
```
|
|
|
|
## 🎯 Intégration CI/CD
|
|
|
|
### GitHub Actions exemple
|
|
```yaml
|
|
- name: Setup Advanced Tools
|
|
run: ./scripts/setup_advanced_tools.sh
|
|
|
|
- name: Build with all defenses
|
|
run: |
|
|
mkdir build && cd build
|
|
cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_ADVANCED_TOOLS=ON ..
|
|
make all-engines
|
|
|
|
- name: Run comprehensive testing
|
|
run: cd build && make test-everything
|
|
```
|
|
|
|
### Détection automatique de régressions
|
|
- **ABI changes** détectés automatiquement
|
|
- **Coverage regressions** bloquent les merges
|
|
- **Fuzzing crashes** remontés immédiatement
|
|
- **Contract violations** = build failure
|
|
|
|
## 🚨 Résolution de problèmes
|
|
|
|
### Si la compilation échoue
|
|
```bash
|
|
# 1. Vérifier les outils installés
|
|
./scripts/setup_advanced_tools.sh
|
|
|
|
# 2. Mode minimal pour débugger
|
|
cmake -DCMAKE_BUILD_TYPE=Release ..
|
|
|
|
# 3. Désactiver temporairement les défenses strictes
|
|
cmake -DENABLE_ADVANCED_TOOLS=OFF ..
|
|
```
|
|
|
|
### Si le fuzzing ne trouve rien
|
|
```bash
|
|
# Augmenter la durée
|
|
make economy-engine_fuzz_run ARGS="-max_total_time=3600"
|
|
|
|
# Vérifier les seeds d'entrée
|
|
ls build/fuzzing/economy-engine/input/
|
|
```
|
|
|
|
### Si les tests de concurrence échouent
|
|
```bash
|
|
# Analyser les rapports détaillés
|
|
cat economy-engine_helgrind.xml
|
|
cat economy-engine_drd.xml
|
|
```
|
|
|
|
## 📚 Références
|
|
|
|
- [AFL++ Documentation](https://aflplus.plus/)
|
|
- [CBMC User Manual](https://www.cprover.org/cbmc/)
|
|
- [KLEE Tutorials](https://klee.github.io/tutorials/)
|
|
- [Valgrind Manual](https://valgrind.org/docs/manual/)
|
|
- [Microsoft GSL](https://github.com/microsoft/GSL)
|
|
|
|
---
|
|
|
|
**💡 Philosophie Warfactory** : *"Zéro bug en production grâce à la détection automatique exhaustive en développement"* |