[libvirt PATCH 6/6] ci: Enable address and undefined behavior sanitizers
Pavel Hrdina
phrdina at redhat.com
Mon May 3 12:16:16 UTC 2021
On Mon, May 03, 2021 at 12:01:46PM +0200, Tim Wiederhake wrote:
> meson supports the following sanitizers: "address" (e.g. out-of-bounds
> memory access, use-after-free, etc.), "thread" (data races), "undefined"
> (e.g. signed integer overflow), and "memory" (use of uninitialized
> memory). Note that not all sanitizers are supported by all compilers,
> and that more sanitizers exist.
>
> Not all sanitizers can be enabled at the same time, but "address" and
> "undefined" can. Both thread and memory sanitizers require an instrumented
> build of all dependencies, including libc.
>
> gcc and clang use different implementations of these sanitizers and
> have proven to find different issues. Create CI jobs for both.
>
> Signed-off-by: Tim Wiederhake <twiederh at redhat.com>
> ---
> .gitlab-ci.yml | 35 +++++++++++++++++++++++++++++++++++
> 1 file changed, 35 insertions(+)
>
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index 8b7df68f47..aa537e65fb 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -71,6 +71,26 @@ stages:
> rpmbuild --nodeps -ta build/meson-dist/libvirt-*.tar.xz;
> fi
>
> +.sanitizer_build_job:
> + stage: builds
> + image: $CI_REGISTRY_IMAGE/ci-ubuntu-2004:latest
> + needs:
> + - x64-ubuntu-2004-container
Any specific reason for using Ubuntu 20.04? I would guess that we want
to always use the latest compiler. It that's true I'm not sure which
distribution to pick:
- Fedora $LATEST - we would need to change it every 6 months
- Fedora rawhide - may be unstable and randomly fail if the
gcc/clang are broken
Pavel
> + rules:
> + - if: "$TEMPORARILY_DISABLED"
> + allow_failure: true
> + - when: on_success
> + cache:
> + paths:
> + - ccache/
> + key: "$CI_JOB_NAME"
> + before_script:
> + - *script_variables
> + script:
> + - meson build --werror -Db_lundef=false -Db_sanitize="$SANITIZER"
> + - ninja -C build;
> + - ninja -C build test;
> +
> # Jobs that we delegate to Cirrus CI because they require an operating
> # system other than Linux. These jobs will only run if the required
> # setup has been performed on the GitLab account (see ci/README.rst).
> @@ -517,6 +537,21 @@ mingw64-fedora-rawhide:
> NAME: fedora-rawhide
> CROSS: mingw64
>
> +# Sanitizers
> +
> +sanitize-gcc:
> + extends: .sanitizer_build_job
> + variables:
> + ASAN_OPTIONS: verify_asan_link_order=0
> + CC: gcc
> + SANITIZER: address,undefined
> +
> +sanitize-clang:
> + extends: .sanitizer_build_job
> + variables:
> + CC: clang
> + SANITIZER: address,undefined
> +
>
> # This artifact published by this job is downloaded by libvirt.org to
> # be deployed to the web root:
> --
> 2.26.3
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210503/cd15319e/attachment-0001.sig>
More information about the libvir-list
mailing list