[libvirt PATCH 6/6] ci: Enable address and undefined behavior sanitizers

Pavel Hrdina phrdina at redhat.com
Mon May 3 12:16:16 UTC 2021 

On Mon, May 03, 2021 at 12:01:46PM +0200, Tim Wiederhake wrote:
> meson supports the following sanitizers: "address" (e.g. out-of-bounds
> memory access, use-after-free, etc.), "thread" (data races), "undefined"
> (e.g. signed integer overflow), and "memory" (use of uninitialized
> memory). Note that not all sanitizers are supported by all compilers,
> and that more sanitizers exist.
> 
> Not all sanitizers can be enabled at the same time, but "address" and
> "undefined" can. Both thread and memory sanitizers require an instrumented
> build of all dependencies, including libc.
> 
> gcc and clang use different implementations of these sanitizers and
> have proven to find different issues. Create CI jobs for both.
> 
> Signed-off-by: Tim Wiederhake <twiederh at redhat.com>
> ---
>  .gitlab-ci.yml | 35 +++++++++++++++++++++++++++++++++++
>  1 file changed, 35 insertions(+)
> 
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index 8b7df68f47..aa537e65fb 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -71,6 +71,26 @@ stages:
>          rpmbuild --nodeps -ta build/meson-dist/libvirt-*.tar.xz;
>        fi
>  
> +.sanitizer_build_job:
> +  stage: builds
> +  image: $CI_REGISTRY_IMAGE/ci-ubuntu-2004:latest
> +  needs:
> +    - x64-ubuntu-2004-container

Any specific reason for using Ubuntu 20.04? I would guess that we want
to always use the latest compiler. It that's true I'm not sure which
distribution to pick:

    - Fedora $LATEST - we would need to change it every 6 months

    - Fedora rawhide - may be unstable and randomly fail if the
      gcc/clang are broken

Pavel

> +  rules:
> +    - if: "$TEMPORARILY_DISABLED"
> +      allow_failure: true
> +    - when: on_success
> +  cache:
> +    paths:
> +      - ccache/
> +    key: "$CI_JOB_NAME"
> +  before_script:
> +    - *script_variables
> +  script:
> +    - meson build --werror -Db_lundef=false -Db_sanitize="$SANITIZER"
> +    - ninja -C build;
> +    - ninja -C build test;
> +
>  # Jobs that we delegate to Cirrus CI because they require an operating
>  # system other than Linux. These jobs will only run if the required
>  # setup has been performed on the GitLab account (see ci/README.rst).
> @@ -517,6 +537,21 @@ mingw64-fedora-rawhide:
>      NAME: fedora-rawhide
>      CROSS: mingw64
>  
> +# Sanitizers
> +
> +sanitize-gcc:
> +  extends: .sanitizer_build_job
> +  variables:
> +    ASAN_OPTIONS: verify_asan_link_order=0
> +    CC: gcc
> +    SANITIZER: address,undefined
> +
> +sanitize-clang:
> +  extends: .sanitizer_build_job
> +  variables:
> +    CC: clang
> +    SANITIZER: address,undefined
> +
>  
>  # This artifact published by this job is downloaded by libvirt.org to
>  # be deployed to the web root:
> -- 
> 2.26.3
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210503/cd15319e/attachment-0001.sig>

More information about the libvir-list mailing list