Add outcome analysis to TF-PSA-Crypto: framework support by gilles-peskine-arm · Pull Request #292 · Mbed-TLS/mbedtls-framework

gilles-peskine-arm · 2026-03-26T13:46:14Z

In coverage analysis, distinguish between uncovered tests (which must not be executed) and ignored tests (which may or may not be executed).
During a transition period, consuming branches can keep defining IGNORED_TESTS in the coverage task. These tests were formerly enforced not-executed, but are now ignored.
Once consuming branches update their framework pointer, they will rename their IGNORED_TESTS definition to UNCOVERED_TESTS. This will restore the old semantics. The consuming PR in the checklist below do this.

PR checklist

development PR Let TF-PSA-Crypto define test cases that Mbed TLS does not need to cover mbedtls#10676
TF-PSA-Crypto development PR Add outcome analysis to TF-PSA-Crypto TF-PSA-Crypto#729
TF-PSA-Crypto 1.1 PR TODO
framework PR provided Add outcome analysis to TF-PSA-Crypto: framework support #292
4.1 PR TODO
3.6 PR Outcome analysis: rename IGNORED_TESTS to UNCOVERED_TESTS mbedtls#10677

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

Outcome analysis tasks can have "ignored" tests. Both coverage and driver tasks actually don't ignore "ignored" tests: an "ignored" test must fail the verification if it wasn't ignored. In preparation for distinguishing between truly ignored tests and tests that must be uncovered, generalize the test case lookup mechanism. No intended behavior change for `CoverageTask` and `DriverVSReference`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

For historical reasons, the "ignored" tests in outcome analysis are not actually ignored: they must not be covered, otherwise the script complains about an unnecessary exception. In coverage analysis, rename this behavior to "uncovered", and have "ignored" tests be actually ignored. In driver test parity analysis, which is now only done in the 3.6 LTS branch, keep the historical behavior Consuming branches are currently defining `IGNORED_TESTS` with the expectation that the test cases must be uncovered. They will need to rename their definition to `UNCOVERED_TESTS`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

ronald-cron-arm

This looks almost good to me. I only have a few comments. While IGNORED_TESTS is not renamed to UNCOVERED_TESTS in consuming branches, we lose the ability to detect spurious uncovered tests, which seems acceptable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

ronald-cron-arm

LGTM, thanks.

valeriosetti

I only have one minor suggestion, but overall LGTM. I will let you decide it it's worth to address it or just merge the PR as is.

valeriosetti · 2026-04-08T10:44:32Z

+            ignored = self.ignored_tests.contains(test_suite, test_description)
+            if ignored:
+                self.note_ignored_test(results, test_suite, test_description)
+                continue


I would have preferred to add the if ignored condition to the if case below instead of continue here, but that's a minor thing.

gilles-peskine-arm added this to Roadmap pull requests (new board) Mar 26, 2026

gilles-peskine-arm added priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most) labels Mar 26, 2026

github-project-automation bot moved this to In Development in Roadmap pull requests (new board) Mar 26, 2026

Move _has_word_re from Mbed TLS's analyze_outcomes.py

812aada

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

gilles-peskine-arm force-pushed the analyze_outcomes-add_to_crypto-framework branch from 19e32bc to 25c15df Compare April 6, 2026 20:24

This was referenced Apr 6, 2026

Let TF-PSA-Crypto define test cases that Mbed TLS does not need to cover Mbed-TLS/mbedtls#10676

Merged

Make mldsa-native call the PSA SHAKE Mbed-TLS/TF-PSA-Crypto#704

Merged

gilles-peskine-arm added 3 commits April 7, 2026 10:49

Support extending a TestCaseSet

80a0ea9

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

ronald-cron-arm mentioned this pull request Apr 7, 2026

Add outcome analysis to TF-PSA-Crypto Mbed-TLS/TF-PSA-Crypto#729

Merged

7 tasks

ronald-cron-arm self-requested a review April 7, 2026 09:30

gilles-peskine-arm force-pushed the analyze_outcomes-add_to_crypto-framework branch from 25c15df to 80a0ea9 Compare April 7, 2026 09:48

ronald-cron-arm requested changes Apr 7, 2026

View reviewed changes

Comment thread scripts/mbedtls_framework/outcome_analysis.py Outdated

Comment thread scripts/mbedtls_framework/outcome_analysis.py Outdated

Comment thread scripts/mbedtls_framework/outcome_analysis.py

Comment thread scripts/mbedtls_framework/outcome_analysis.py

gilles-peskine-arm mentioned this pull request Apr 7, 2026

Outcome analysis: rename IGNORED_TESTS to UNCOVERED_TESTS Mbed-TLS/mbedtls#10677

Merged

7 tasks

gilles-peskine-arm added 2 commits April 7, 2026 16:19

Copyediting

541289c

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

Minor clarification

8e06778

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members. needs-reviewer This PR needs someone to pick it up for review size-s Estimated task size: small (~2d) and removed size-xs Estimated task size: extra small (a few hours at most) labels Apr 7, 2026

gilles-peskine-arm requested a review from ronald-cron-arm April 7, 2026 14:30

ronald-cron-arm approved these changes Apr 7, 2026

View reviewed changes

valeriosetti self-requested a review April 8, 2026 08:23

valeriosetti removed the needs-reviewer This PR needs someone to pick it up for review label Apr 8, 2026

valeriosetti approved these changes Apr 8, 2026

View reviewed changes

github-project-automation bot moved this from In Development to Has Approval in Roadmap pull requests (new board) Apr 8, 2026

valeriosetti added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members. labels Apr 8, 2026

gilles-peskine-arm merged commit b80f4d5 into Mbed-TLS:main Apr 8, 2026
2 checks passed

github-project-automation bot moved this from Has Approval to Done in Roadmap pull requests (new board) Apr 8, 2026

This was referenced Apr 9, 2026

Backport 1.1: Add outcome analysis to TF-PSA-Crypto Mbed-TLS/TF-PSA-Crypto#748

Merged

Backport 4.1: Let TF-PSA-Crypto define test cases that Mbed TLS does not need to cover Mbed-TLS/mbedtls#10688

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add outcome analysis to TF-PSA-Crypto: framework support#292

Add outcome analysis to TF-PSA-Crypto: framework support#292
gilles-peskine-arm merged 6 commits intoMbed-TLS:mainfrom
gilles-peskine-arm:analyze_outcomes-add_to_crypto-framework

gilles-peskine-arm commented Mar 26, 2026 •

edited

Loading

Uh oh!

ronald-cron-arm left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

ronald-cron-arm left a comment

Uh oh!

valeriosetti left a comment •

edited

Loading

Uh oh!

valeriosetti Apr 8, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

gilles-peskine-arm commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

PR checklist

Uh oh!

ronald-cron-arm left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

ronald-cron-arm left a comment

Choose a reason for hiding this comment

Uh oh!

valeriosetti left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

valeriosetti Apr 8, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

gilles-peskine-arm commented Mar 26, 2026 •

edited

Loading

valeriosetti left a comment •

edited

Loading