Docker™ image

This directory contains different utilities to build/test the TOSA Checker.

How to build the TOSA Checker manylinux wheel with a Docker™ image

To create a Docker™ image for the TOSA Checker to build it for Python® 3.9 on various Linux® distributions, please run the following command:

docker build . -t tc-cp39-manylinux --build-arg PYTHON_VERSION=3.9 -f Dockerfile

The TensorFlow™ source code is automatically downloaded and is located in the /tensorflow_src directory.

The command to run the container is:

docker run -it -v <tosa_checker source code on your machine>:/tosa_checker tc-cp39-manylinux

Now call the following command to build a tosa_checker Python® wheel inside of the container:

cd tosa_checker
python3 setup.py --tensorflow_src_dir /tensorflow_src bdist_wheel

The tosa_checker wheel can be found in the /dist directory.

Generate the new manylinux wheel from the tosa_checker wheel:

auditwheel repair dist/<tosa_checker>.whl -w dist/

The tosa_checker manylinux wheel can now be found in the dist/ directory.

Install the tosa_checker manylinux wheel:

pip install dist/<tosa_checker-manyliux>.whl

How to use the TOSA Checker Docker™ image with security countermeasures

A Docker™ image is provided for builds of the TOSA Checker with security countermeasures that are used in the project's continuous integration system. The following countermeasures are provided in this image:

• Address Sanitizer (ASAN)
• Undefined Behavior Sanitizer (UBSAN)
• Bandit

This section will explain how to use this Docker™ image to build the TOSA checker with sanitizers and lint the Python source code with Bandit.

Building the TOSA Checker with sanitizers

To build the Docker™ image run the command below:

docker build . -t tc-cp39-countermeasures --build-arg PYTHON_VERSION=3.9 -f CI.Dockerfile

Note: In this example, the image is built with Python 3.9. This can be changed using the PYTHON_VERSION argument.

After this, run the container as follows, mounting the source code to the container:

docker run -it -v <tosa_checker source code on your machine>:/tosa_checker tc-cp39-countermeasures

Following this, build the TOSA checker using the following command:

cd tosa_checker
python3.9 setup.py --tensorflow_src_dir /tensorflow_src --sanitizer <sanitizer option> bdist_wheel

Choose between asan or ubsan as the sanitizer option. The tosa_checker wheel can be found in the dist/ directory.

The TOSA Checker wheel can then be installed as follows:

python3.9 -m pip install dist/<tosa_checker>.whl

To then run the unit test of the TOSA Checker, the requirements for this must be installed:

cd tests
python3.9 -m pip install -r requirements.txt

Then, if you're using the ASAN option:

export LD_PRELOAD=$(clang -print-file-name=libclang_rt.asan-x86_64.so)
ASAN_OPTIONS=detect_leaks=0 python3.9 -m pytest --capture=no .

For the UBSAN option, run the following command:

UBSAN_OPTIONS=print_stacktrace=1 python3.9 -m pytest --capture=no .

Running the Bandit linter

Firstly build and run the Docker™ image:

docker build . -t tc-cp39-countermeasures --build-arg PYTHON_VERSION=3.9 -f CI.Dockerfile
docker run -it -v <tosa_checker source code on your machine>:/tosa_checker tc-cp39-countermeasures

After this, a HTML report can be generated with Bandit as follows:

cd tosa_checker
python3.9 -m bandit --configfile .bandit.yaml -r . -f html -o report.html

Trademarks and Copyrights

• Python® is a registered trademark of the PSF.
• Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
• Ubuntu® is a registered trademark of Canonical.
• TensorFlow™ is a trademark of Google® LLC.
• Docker™ is a trademark of Docker, Inc.