The linux-amd64 release build was intermittently failing with:
'asm' operand has impossible constraints
in secp256k1's hand-written x86_64 assembly (scalar_4x64_impl.h,
USE_ASM_X86_64 path). Root cause, confirmed against upstream
(bitcoin-core/secp256k1#1623): on GCC 11 (Ubuntu 22.04's default),
-march=native's CPU autodetection misidentifies early AMD Zen4 chips
as znver3 while still enabling -mavx512f via CPUID feature probing.
-march=znver3 -mavx512f is an invalid combination matching no real
CPU -- GCC 11 predates Zen4 entirely -- and its register allocator
cannot satisfy the asm's constraints under it. Upstream confirmed
this is fixed by a GCC version that knows about znver4 (13+), and
closed the report as a GCC autodetection bug, not a secp256k1 defect.
This explains the apparent intermittency: it only reproduces on
whichever physical Zen4 host GitHub's runner fleet happens to assign
to a given job.
Two independent changes address this:
- Bump the linux-amd64 and linux-arm64 release builders from
ubuntu-22.04(-arm) to ubuntu-24.04(-arm), kept on the same Ubuntu
version across both architectures. Ubuntu 24.04 ships GCC 13 by
default (GCC isn't installed separately in this workflow -- the
runner image's preinstalled toolchain comes from its Ubuntu base),
which correctly recognizes znver4 and produces a valid -march=native
expansion.
- Also pass -d:disableMarchNative on the linux-amd64 build (matrix-
scoped; arm64/macOS don't compile the affected x86_64 asm path).
This is kept even after the GCC bump because -march=native is
independently unsound for a publicly distributed binary: it bakes
in whatever instruction set extensions the build runner's CPU
happens to have (e.g. AVX-512) into the shipped binary, which would
crash with an illegal instruction on end-user machines lacking that
extension -- a separate, permanent concern from the GCC 11 bug.
* chore: bump Nim to 2.2.4
* fix: resolve symbol ambiguity and drop auto type
* fix: use reference to task instead of pointer or the compiler will deallocate `task` before the encoding/decoding is done
* fix: convention that maxCollateralPerByte equals totalRemainingCollateral when freeSize is 0 to avoid DivByZeroDefect
* fix: bump compiler version in CI pipeline as well
* ci: add compatible contracts image for nim-codex docker image
* ci: with submodules
* ci: with submodules on correct place
* ci: remove double dash
* ci: avoiding artifact conflicts
* ci: add labels to arch images
* ci: correct way to add label to arch images
* ci: correct contract label
* ci: avoid building contracts image and use contracts commit hash
* refactor: better way to get the hash
* ci: use ubuntu-latest for coverage (#1141)
* ci: pass --keep-going to lcov and genhtml (#1141)
* ci: use ubuntu-22.04 for release workflow (#1141)
* ci: install gcc-14 on linux (#1141)
* chore: bump nim-leveldbstatic to 0.2.1
* add ccache and sccache to speed up CI
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* include testname and nim version in cache separation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* Make sure ccache has precedence over custom clang/llvm
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* enable ccache for windows
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* ccache: evict old files
Make sure old unused cache files are not lingering around for long
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
---------
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
