fish-shell/.github/workflows/main.yml
Mahmoud Al-Qudsi 91cf526d23
Enable rust address sanitizer for asan ci job (#9643)
Rust has multiple sanitizers available (with llvm integration).
-Zsanitizer=address catches the most likely culprits but we may want to set up a
separate job w/ -Zsanitizer=memory to catch uninitialized reads.

It might be necessary to execute `cargo build` as `cargo build -Zbuild-std` to
get full coverage.

When we're linking against the hybrid C++ codebase, the sanitizer library is
injected into the binary by also include `-fsanitize=address` in CXXFLAGS - we
do *not* want to manually opt-into `-lasan`. We also need to manually specify
the desired target triple as a CMake variable and then explicitly pass it to all
`cargo` invocations if building with ASAN.

Corrosion has been patched to make sure it follows these rules.

The `cargo-test` target is failing to link under ASAN. For some reason it has
autocxx/ffi dependencies even though only rust-native, ffi-free code should be
tested (and one would think the situation wouldn't change depending on the
presence of the sanitizer flag). It's been disabled under ASAN for now.
2023-03-06 18:15:36 -06:00

179 lines
5.1 KiB
YAML

name: make test
on: [push, pull_request]
env:
CTEST_PARALLEL_LEVEL: "1"
CMAKE_BUILD_PARALLEL_LEVEL: "4"
permissions:
contents: read
jobs:
ubuntu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: SetupRust
uses: ATiltedTree/setup-rust@v1
with:
rust-version: 1.67
- name: Install deps
run: |
sudo apt install gettext libncurses5-dev libpcre2-dev python3-pip tmux
sudo pip3 install pexpect
# Generate a locale that uses a comma as decimal separator.
sudo locale-gen fr_FR.UTF-8
- name: cmake
env:
# Some warnings upgraded to errors to match Open Build Service platforms
CXXFLAGS: "-Werror=address -Werror=return-type"
run: |
mkdir build && cd build
cmake ..
- name: make
run: |
make
- name: make test
run: |
make test
ubuntu-32bit-fetched-pcre2:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: SetupRust
uses: ATiltedTree/setup-rust@v1
with:
rust-version: 1.67
targets: "i686-unknown-linux-gnu" # setup-rust wants this space-separated
- name: Install deps
run: |
sudo apt update
sudo apt install gettext lib32ncurses5-dev python3-pip g++-multilib tmux
sudo pip3 install pexpect
- name: cmake
env:
CXXFLAGS: "-m32 -Werror=address -Werror=return-type"
CFLAGS: "-m32"
run: |
mkdir build && cd build
cmake -DFISH_USE_SYSTEM_PCRE2=OFF -DRust_CARGO_TARGET=i686-unknown-linux-gnu ..
- name: make
run: |
make VERBOSE=1
- name: make test
run: |
make test
ubuntu-asan:
runs-on: ubuntu-latest
env:
# Rust has two different memory sanitizers of interest; they can't be used at the same time:
# * AddressSanitizer detects out-of-bound access, use-after-free, use-after-return,
# use-after-scope, double-free, invalid-free, and memory leaks.
# * MemorySanitizer detects uninitialized reads.
#
RUSTFLAGS: "-Zsanitizer=address"
# RUSTFLAGS: "-Zsanitizer=memory -Zsanitizer-memory-track-origins"
steps:
- uses: actions/checkout@v3
- name: SetupRust
uses: ATiltedTree/setup-rust@v1
with:
# All -Z options require running nightly
rust-version: nightly
- name: Install deps
run: |
sudo apt install gettext libncurses5-dev libpcre2-dev python3-pip tmux
sudo pip3 install pexpect
- name: cmake
env:
CC: clang
CXX: clang++
CXXFLAGS: "-fno-omit-frame-pointer -fsanitize=undefined -fsanitize=address -DFISH_CI_SAN"
run: |
mkdir build && cd build
# Rust's ASAN requires the build system to explicitly pass a --target triple. We read that
# value from CMake variable Rust_CARGO_TARGET (shared with corrosion).
cmake .. -DASAN=1 -DRust_CARGO_TARGET=x86_64-unknown-linux-gnu
- name: make
run: |
make
- name: make test
env:
FISH_CI_SAN: 1
ASAN_OPTIONS: check_initialization_order=1:detect_stack_use_after_return=1:detect_leaks=1
UBSAN_OPTIONS: print_stacktrace=1:report_error_type=1
# use_tls=0 is a workaround for LSAN crashing with "Tracer caught signal 11" (SIGSEGV),
# which seems to be an issue with TLS support in newer glibc versions under virtualized
# environments. Follow https://github.com/google/sanitizers/issues/1342 and
# https://github.com/google/sanitizers/issues/1409 to track this issue.
LSAN_OPTIONS: verbosity=0:log_threads=0:use_tls=0
run: |
make test
# Our clang++ tsan builds are not recognizing safe rust patterns (such as the fact that Drop
# cannot be called while a thread is using the object in question). Rust has its own way of
# running TSAN, but for the duration of the port from C++ to Rust, we'll keep this disabled.
# ubuntu-threadsan:
#
# runs-on: ubuntu-latest
#
# steps:
# - uses: actions/checkout@v3
# - name: SetupRust
# uses: ATiltedTree/setup-rust@v1
# with:
# rust-version: 1.67
# - name: Install deps
# run: |
# sudo apt install gettext libncurses5-dev libpcre2-dev python3-pip tmux
# sudo pip3 install pexpect
# - name: cmake
# env:
# FISH_CI_SAN: 1
# CC: clang
# CXX: clang++
# CXXFLAGS: "-fsanitize=thread"
# run: |
# mkdir build && cd build
# cmake ..
# - name: make
# run: |
# make
# - name: make test
# run: |
# make test
macos:
runs-on: macos-latest
steps:
- uses: actions/checkout@v3
- name: SetupRust
uses: ATiltedTree/setup-rust@v1
with:
rust-version: 1.67
- name: Install deps
run: |
sudo pip3 install pexpect
brew install tmux
- name: cmake
run: |
mkdir build && cd build
cmake -DWITH_GETTEXT=NO ..
- name: make
run: |
make
- name: make test
run: |
make test