Improve outcome-analysis.sh script

[valeriosetti]

outcome-analysis.sh scripts should be run on the same Docker instance that is used by the CI in order to have also tests included by ssl-opt script to be executed with the proper OpenSSL/GnuTLS versions.
Unfortunately that Docker instance have an old version of Git (2.7.4) which does not support a command used in this script:

git branch --show-current

This was added only in Git version 2.22.

As a consequence this PR:

• proposes a "fall back" solution when an old Git version is used
• speeds up the build time by parallelizing the work (not related to the issue above, but beneficial for testing purposes)

PR checklist

• changelog not required as nothing changes from end user point of view
• backport not required since this is a test enhancement
• tests not required the PR itself modifies a test

[gilles-peskine-arm]

Please don't impose make -j.

[gilles-peskine-arm]

Please don't use make -j in CI scripts. That does unbridled parallelism which creates load spikes and seems to decrease CI performance overall. Even where load isn't a problem and the sole goal is processing time for this single build, increasing parallelism has diminishing returns: -j2 is significantly faster than single threading, -jNUMBER_OF_PROCESSORS is a little faster than -j2, going beyond that is pretty much no win.

We set MAKEFLAGS to a reasonable -j in our CI environments, so it's best to call make without an explicit -j in scripts.

[valeriosetti]

Ok, understood. Thanks for the explanation ;)

[gilles-peskine-arm]

Why not always use this command? Is there a case where git branch --show-current is better in some non-critical way?

We're planning to move most of our CI from Ubuntu 16.04 to 22.04 in the next quarter. We can move outcome analysis sooner if there's a strong benefit.

[tom-daubney-arm]

I think it makes for slightly more understandable code if you can see that git rev-parse --abbrev-ref HEAD is equivalent to git branch --show-current for older versions of git. I did not personally know that before reviewing this PR for example. I think it is ok to leave it as is.

[gilles-peskine-arm]

A comment explaining what the command do would serve the same purpose and would reduce the complexity of the code.

The version check has added a dependency on dpkg, so it will fail for developers who work on non-Debian-based systems (e.g. Fedora, macOS, ...). Also, it's wrong if someone has installed a more recent git in their PATH.

[valeriosetti]

The version check has added a dependency on dpkg, so it will fail for developers who work on non-Debian-based systems (e.g. Fedora, macOS, ...). Also, it's wrong if someone has installed a more recent git in their PATH

Ops, sorry, I didn't thought about these limitations. I will modify it as suggested

[tom-daubney-arm]

A comment explaining what the command do would serve the same purpose and would reduce the complexity of the code.

The version check has added a dependency on dpkg, so it will fail for developers who work on non-Debian-based systems (e.g. Fedora, macOS, ...). Also, it's wrong if someone has installed a more recent git in their PATH.

Yep, fair enough on the dpkg part, I agree.

[tom-daubney-arm]

I agree about the make -j comment so once that is changed I will approve. Thanks

[tom-daubney-arm]

LGTM - Pending CI. Will approve now but mark with "needs-ci" until CI completes just in case of an unforeseen issue.

[gilles-peskine-arm]

LGTM

[gilles-peskine-arm]

Incidentally, I don't understand why you need this patch. (But it's a good patch anyway, it makes the script a bit more robust in case we turn out to want it.) We currently don't run outcome-analysis.sh on the CI. If we start running it, we can pick Ubuntu 22.04 as the platform to run it, with git 2.34.

[valeriosetti]

We currently don't run outcome-analysis.sh on the CI

Yes, correct, but when working on the ECC/BIGNUM EPICs I used 2 scripts:

• analyze_outcomes.py
  • which verifies driver coverage between a reference component (without driver) and its accelerated counterpart
  • this is part of the CI
• outcome_analysis.sh
  • which verifies that the current PR does not skip tests that were previously done in the past
  • this is not part of the CI

I don't know if it's worth to add also the 2nd script to the CI since:

• it takes a lot of time to execute (especially when ssl-opt tests are included)
• maybe it's more specific for my activity. Perhaps most of the PRs of the mbedTLS library don't need this kind of test

However the combination of the 2 scripts was/is useful for my activity in order to ensure that I don't break some support from the past.

[mpg]

To add to what Valerio said, I'm not sure outcome_analysis.sh (sorry for the name, way too similar to analyze_outcomes.py, I didn't realise) is a good fit for running in the CI:

• it would have false positives every time we modify the name of an existing test;
• it has little value for most PRs - we mainly find it useful for PRs that change a lot of dependency declarations in tests, but that's not the case of a lot of PRs. And IMO it will have even less value once Check that all test cases are executed at least once #2691 will be done - which is IMO so much more desirable to have in the CI.