[libvirt PATCH 6/6] ci: Enable address and undefined behavior sanitizers

[Tim Wiederhake]

meson supports the following sanitizers: "address" (e.g. out-of-bounds
memory access, use-after-free, etc.), "thread" (data races), "undefined"
(e.g. signed integer overflow), and "memory" (use of uninitialized
memory). Note that not all sanitizers are supported by all compilers,
and that more sanitizers exist.

Not all sanitizers can be enabled at the same time, but "address" and
"undefined" can. Both thread and memory sanitizers require an instrumented
build of all dependencies, including libc.

gcc and clang use different implementations of these sanitizers and
have proven to find different issues. Create CI jobs for both.

Signed-off-by: Tim Wiederhake <twiederh at redhat.com>
---
 .gitlab-ci.yml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8b7df68f47..aa537e65fb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -71,6 +71,26 @@ stages:
         rpmbuild --nodeps -ta build/meson-dist/libvirt-*.tar.xz;
       fi
 
+.sanitizer_build_job:
+  stage: builds
+  image: $CI_REGISTRY_IMAGE/ci-ubuntu-2004:latest
+  needs:
+    - x64-ubuntu-2004-container
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - when: on_success
+  cache:
+    paths:
+      - ccache/
+    key: "$CI_JOB_NAME"
+  before_script:
+    - *script_variables
+  script:
+    - meson build --werror -Db_lundef=false -Db_sanitize="$SANITIZER"
+    - ninja -C build;
+    - ninja -C build test;
+
 # Jobs that we delegate to Cirrus CI because they require an operating
 # system other than Linux. These jobs will only run if the required
 # setup has been performed on the GitLab account (see ci/README.rst).
@@ -517,6 +537,21 @@ mingw64-fedora-rawhide:
     NAME: fedora-rawhide
     CROSS: mingw64
 
+# Sanitizers
+
+sanitize-gcc:
+  extends: .sanitizer_build_job
+  variables:
+    ASAN_OPTIONS: verify_asan_link_order=0
+    CC: gcc
+    SANITIZER: address,undefined
+
+sanitize-clang:
+  extends: .sanitizer_build_job
+  variables:
+    CC: clang
+    SANITIZER: address,undefined
+
 
 # This artifact published by this job is downloaded by libvirt.org to
 # be deployed to the web root:
-- 
2.26.3