From 4db3ec72159dbf4235cfbda30274503d688bcec8 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 12:04:12 +0300 Subject: [PATCH 01/21] ci: Run the sanitizers in parallel --- .github/workflows/check.yml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 0aa2d20f4..218baba1f 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -38,6 +38,11 @@ jobs: - os: ubuntu-latest rust-toolchain: stable type: release + - os: [ubuntu-latest, macos-latest] + rust-toolchain: nightly + type: debug + sanitizer: [address thread leak] + env: BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }} runs-on: ${{ matrix.os }} @@ -63,11 +68,13 @@ jobs: minimum-version: ${{ steps.nss-version.outputs.minimum }} - name: Check + if: matrix.sanitizer == null run: | # shellcheck disable=SC2086 cargo +${{ matrix.rust-toolchain }} check $BUILD_TYPE --all-targets --features ci - name: Run tests and determine coverage + if: matrix.sanitizer == null run: | # shellcheck disable=SC2086 if [ "${{ matrix.rust-toolchain }}" == "stable" ]; then @@ -77,6 +84,7 @@ jobs: fi - name: Run client/server transfer + if: matrix.sanitizer == null run: | # shellcheck disable=SC2086 cargo +${{ matrix.rust-toolchain }} build $BUILD_TYPE --bin neqo-client --bin neqo-server @@ -101,25 +109,20 @@ jobs: verbose: true env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: matrix.type == 'debug' && matrix.rust-toolchain == 'stable' + if: matrix.sanitizer == null && matrix.type == 'debug' && matrix.rust-toolchain == 'stable' - name: Run tests with sanitizers - if: (matrix.os == 'ubuntu-latest' || matrix.os == 'macos-latest') && matrix.rust-toolchain == 'nightly' + if: matrix.sanitizer != null env: RUST_LOG: trace run: | if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then TARGET="x86_64-unknown-linux-gnu" - SANITIZERS="address thread leak" elif [ "${{ matrix.os }}" = "macos-latest" ]; then TARGET="aarch64-apple-darwin" - # no leak sanitizer support yet - SANITIZERS="address thread" fi - for sanitizer in $SANITIZERS; do - echo "Running tests with $sanitizer sanitizer..." - RUSTFLAGS="-Z sanitizer=$sanitizer" RUSTDOCFLAGS="-Z sanitizer=$sanitizer" cargo +nightly nextest run -Z build-std --features ci --target "$TARGET" - done + echo "Running tests with $sanitizer sanitizer..." + RUSTFLAGS="-Z sanitizer=$sanitizer" RUSTDOCFLAGS="-Z sanitizer=$sanitizer" cargo +nightly nextest run -Z build-std --features ci --target "$TARGET" bench: needs: [check] From 2a500d564b95b7dabb3efdae1087c7778b4e8662 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 12:33:46 +0300 Subject: [PATCH 02/21] Fixes --- .github/workflows/check.yml | 56 +++++++++++++++++++++++++------------ 1 file changed, 38 insertions(+), 18 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 218baba1f..6ab540eea 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -25,39 +25,59 @@ concurrency: permissions: contents: read +defaults: + run: + shell: bash + jobs: + toolchains: + runs-on: ubuntu-latest + outputs: + toolchains: ${{ steps.toolchains.outputs.toolchains }} + steps: + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + with: + sparse-checkout: Cargo.toml + - id: toolchains + run: | + msrv="$(grep rust-version Cargo.toml | tr -d '"' | cut -f3 -d\ )" + echo "toolchains=[\"$msrv\", \"stable\", \"nightly\"]" >> "$GITHUB_OUTPUT" + check: + needs: toolchains strategy: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] - # Keep in sync with Cargo.toml - rust-toolchain: [1.76.0, stable, nightly] + toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }} type: [debug] include: - os: ubuntu-latest - rust-toolchain: stable + toolchain: stable type: release - - os: [ubuntu-latest, macos-latest] - rust-toolchain: nightly + + - toolchain: nightly + type: debug + sanitizer: address + - toolchain: nightly + type: debug + sanitizer: thread + - toolchain: nightly type: debug - sanitizer: [address thread leak] + sanitizer: leak env: BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }} runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: ./.github/actions/rust with: - version: ${{ matrix.rust-toolchain }} - components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools-preview' || matrix.rust-toolchain == 'nightly' && 'rust-src' || '' }} - tools: ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov, ' || '' }} cargo-nextest + version: ${{ matrix.toolchain }} + components: ${{ matrix.toolchain == 'stable' && 'llvm-tools-preview' || matrix.toolchain == 'nightly' && 'rust-src' || '' }} + tools: ${{ matrix.toolchain == 'stable' && 'cargo-llvm-cov, ' || '' }} cargo-nextest token: ${{ secrets.GITHUB_TOKEN }} - id: nss-version @@ -71,23 +91,23 @@ jobs: if: matrix.sanitizer == null run: | # shellcheck disable=SC2086 - cargo +${{ matrix.rust-toolchain }} check $BUILD_TYPE --all-targets --features ci + cargo +${{ matrix.toolchain }} check $BUILD_TYPE --all-targets --features ci - name: Run tests and determine coverage if: matrix.sanitizer == null run: | # shellcheck disable=SC2086 - if [ "${{ matrix.rust-toolchain }}" == "stable" ]; then - RUST_LOG=trace cargo +${{ matrix.rust-toolchain }} llvm-cov nextest $BUILD_TYPE --features ci --no-fail-fast --lcov --output-path lcov.info + if [ "${{ matrix.toolchain }}" == "stable" ]; then + RUST_LOG=trace cargo +${{ matrix.toolchain }} llvm-cov nextest $BUILD_TYPE --features ci --no-fail-fast --lcov --output-path lcov.info else - RUST_LOG=trace cargo +${{ matrix.rust-toolchain }} nextest run $BUILD_TYPE --features ci --no-fail-fast + RUST_LOG=trace cargo +${{ matrix.toolchain }} nextest run $BUILD_TYPE --features ci --no-fail-fast fi - name: Run client/server transfer if: matrix.sanitizer == null run: | # shellcheck disable=SC2086 - cargo +${{ matrix.rust-toolchain }} build $BUILD_TYPE --bin neqo-client --bin neqo-server + cargo +${{ matrix.toolchain }} build $BUILD_TYPE --bin neqo-client --bin neqo-server "target/$BUILD_DIR/neqo-server" "$HOST:4433" & PID=$! # Give the server time to start. @@ -109,7 +129,7 @@ jobs: verbose: true env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: matrix.sanitizer == null && matrix.type == 'debug' && matrix.rust-toolchain == 'stable' + if: matrix.sanitizer == null && matrix.type == 'debug' && matrix.toolchain == 'stable' - name: Run tests with sanitizers if: matrix.sanitizer != null From f81f7187b0182eb5a9abcf448bf6c45cfd3691d2 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 12:44:56 +0300 Subject: [PATCH 03/21] Again --- .github/workflows/check.yml | 9 ++------- Cargo.toml | 1 - 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 6ab540eea..de8afd0bf 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -56,15 +56,10 @@ jobs: toolchain: stable type: release - - toolchain: nightly + - os: ubuntu-latest + toolchain: nightly type: debug sanitizer: address - - toolchain: nightly - type: debug - sanitizer: thread - - toolchain: nightly - type: debug - sanitizer: leak env: BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }} diff --git a/Cargo.toml b/Cargo.toml index 5a0a3d1aa..5b7d52158 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,7 +26,6 @@ edition = "2021" license = "MIT OR Apache-2.0" # Don't increase beyond what Firefox is currently using: # https://searchfox.org/mozilla-central/search?q=MINIMUM_RUST_VERSION&path=python/mozboot/mozboot/util.py -# Keep in sync with .github/workflows/check.yml rust-version = "1.76.0" [workspace.dependencies] From 2a59c89f6c9ffab93d92e3d7241c8aabf245b6bd Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 12:48:01 +0300 Subject: [PATCH 04/21] Again --- .github/workflows/check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index de8afd0bf..e1849e196 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -51,6 +51,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }} type: [debug] + sanitizer: [] include: - os: ubuntu-latest toolchain: stable From 99559ff866b05a214dd32d065b3e75d7b19d0596 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 12:49:32 +0300 Subject: [PATCH 05/21] Again --- .github/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index e1849e196..c358f88e0 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -51,7 +51,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }} type: [debug] - sanitizer: [] + sanitizer: [null] include: - os: ubuntu-latest toolchain: stable From 23c61510ea6d567e17a9f0c348208d218e8f270d Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 12:55:44 +0300 Subject: [PATCH 06/21] Again --- .github/workflows/check.yml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index c358f88e0..143e96992 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -61,6 +61,26 @@ jobs: toolchain: nightly type: debug sanitizer: address + - os: ubuntu-latest + toolchain: nightly + type: debug + sanitizer: thread + - os: ubuntu-latest + toolchain: nightly + type: debug + sanitizer: leak + - os: macos-latest + toolchain: nightly + type: debug + sanitizer: address + - os: macos-latest + toolchain: nightly + type: debug + sanitizer: thread + # - os: macos-latest + # toolchain: nightly + # type: debug + # sanitizer: leak env: BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }} @@ -137,8 +157,8 @@ jobs: elif [ "${{ matrix.os }}" = "macos-latest" ]; then TARGET="aarch64-apple-darwin" fi - echo "Running tests with $sanitizer sanitizer..." - RUSTFLAGS="-Z sanitizer=$sanitizer" RUSTDOCFLAGS="-Z sanitizer=$sanitizer" cargo +nightly nextest run -Z build-std --features ci --target "$TARGET" + echo "Running tests with ${{ matrix.sanitizer }} sanitizer..." + RUSTFLAGS="-Z sanitizer=${{ matrix.sanitizer }}" RUSTDOCFLAGS="-Z sanitizer=${{ matrix.sanitizer }}" cargo +nightly nextest run -Z build-std --features ci --target "$TARGET" bench: needs: [check] From 7d5672a7ed5cdcaca6965545ecf8f064ea855172 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 13:03:11 +0300 Subject: [PATCH 07/21] Finalize --- .github/workflows/check.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 143e96992..0fe971859 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -53,10 +53,11 @@ jobs: type: [debug] sanitizer: [null] include: + # Do one release build on stable, just to check that it works. - os: ubuntu-latest toolchain: stable type: release - + # Add sanitizer builds. - os: ubuntu-latest toolchain: nightly type: debug @@ -77,6 +78,7 @@ jobs: toolchain: nightly type: debug sanitizer: thread + # macOS doesn't support the leak checker yet. # - os: macos-latest # toolchain: nightly # type: debug @@ -145,7 +147,7 @@ jobs: verbose: true env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: matrix.sanitizer == null && matrix.type == 'debug' && matrix.toolchain == 'stable' + if: matrix.type == 'debug' && matrix.toolchain == 'stable' - name: Run tests with sanitizers if: matrix.sanitizer != null From a239c7dd02686c36233c063c7600a09943aac0dc Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 15:01:07 +0300 Subject: [PATCH 08/21] Update .github/workflows/check.yml Co-authored-by: Max Inden Signed-off-by: Lars Eggert --- .github/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 0fe971859..3a31356ea 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -94,7 +94,7 @@ jobs: - uses: ./.github/actions/rust with: version: ${{ matrix.toolchain }} - components: ${{ matrix.toolchain == 'stable' && 'llvm-tools-preview' || matrix.toolchain == 'nightly' && 'rust-src' || '' }} + components: ${{ matrix.toolchain == 'stable' && 'llvm-tools-preview' || matrix.sanitizer != null && 'rust-src' || '' }} tools: ${{ matrix.toolchain == 'stable' && 'cargo-llvm-cov, ' || '' }} cargo-nextest token: ${{ secrets.GITHUB_TOKEN }} From 527bd116f0cf76e46e44e9627cb084e414e450da Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 15:16:06 +0300 Subject: [PATCH 09/21] Refactor into separate workflow --- .github/workflows/check.yml | 67 ++++++---------------------------- .github/workflows/sanitize.yml | 65 +++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 56 deletions(-) create mode 100644 .github/workflows/sanitize.yml diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 0fe971859..03bc94333 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -49,41 +49,12 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] - toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }} + rust-toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }} type: [debug] - sanitizer: [null] include: - # Do one release build on stable, just to check that it works. - os: ubuntu-latest - toolchain: stable + rust-toolchain: stable type: release - # Add sanitizer builds. - - os: ubuntu-latest - toolchain: nightly - type: debug - sanitizer: address - - os: ubuntu-latest - toolchain: nightly - type: debug - sanitizer: thread - - os: ubuntu-latest - toolchain: nightly - type: debug - sanitizer: leak - - os: macos-latest - toolchain: nightly - type: debug - sanitizer: address - - os: macos-latest - toolchain: nightly - type: debug - sanitizer: thread - # macOS doesn't support the leak checker yet. - # - os: macos-latest - # toolchain: nightly - # type: debug - # sanitizer: leak - env: BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }} runs-on: ${{ matrix.os }} @@ -93,9 +64,9 @@ jobs: - uses: ./.github/actions/rust with: - version: ${{ matrix.toolchain }} - components: ${{ matrix.toolchain == 'stable' && 'llvm-tools-preview' || matrix.toolchain == 'nightly' && 'rust-src' || '' }} - tools: ${{ matrix.toolchain == 'stable' && 'cargo-llvm-cov, ' || '' }} cargo-nextest + version: ${{ matrix.rust-toolchain }} + components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools-preview' || '' }} + tools: ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov, ' || '' }} cargo-nextest token: ${{ secrets.GITHUB_TOKEN }} - id: nss-version @@ -106,26 +77,23 @@ jobs: minimum-version: ${{ steps.nss-version.outputs.minimum }} - name: Check - if: matrix.sanitizer == null run: | # shellcheck disable=SC2086 - cargo +${{ matrix.toolchain }} check $BUILD_TYPE --all-targets --features ci + cargo +${{ matrix.rust-toolchain }} check $BUILD_TYPE --all-targets --features ci - name: Run tests and determine coverage - if: matrix.sanitizer == null run: | # shellcheck disable=SC2086 - if [ "${{ matrix.toolchain }}" == "stable" ]; then - RUST_LOG=trace cargo +${{ matrix.toolchain }} llvm-cov nextest $BUILD_TYPE --features ci --no-fail-fast --lcov --output-path lcov.info + if [ "${{ matrix.rust-toolchain }}" == "stable" ]; then + RUST_LOG=trace cargo +${{ matrix.rust-toolchain }} llvm-cov nextest $BUILD_TYPE --features ci --no-fail-fast --lcov --output-path lcov.info else - RUST_LOG=trace cargo +${{ matrix.toolchain }} nextest run $BUILD_TYPE --features ci --no-fail-fast + RUST_LOG=trace cargo +${{ matrix.rust-toolchain }} nextest run $BUILD_TYPE --features ci --no-fail-fast fi - name: Run client/server transfer - if: matrix.sanitizer == null run: | # shellcheck disable=SC2086 - cargo +${{ matrix.toolchain }} build $BUILD_TYPE --bin neqo-client --bin neqo-server + cargo +${{ matrix.rust-toolchain }} build $BUILD_TYPE --bin neqo-client --bin neqo-server "target/$BUILD_DIR/neqo-server" "$HOST:4433" & PID=$! # Give the server time to start. @@ -147,20 +115,7 @@ jobs: verbose: true env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: matrix.type == 'debug' && matrix.toolchain == 'stable' - - - name: Run tests with sanitizers - if: matrix.sanitizer != null - env: - RUST_LOG: trace - run: | - if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then - TARGET="x86_64-unknown-linux-gnu" - elif [ "${{ matrix.os }}" = "macos-latest" ]; then - TARGET="aarch64-apple-darwin" - fi - echo "Running tests with ${{ matrix.sanitizer }} sanitizer..." - RUSTFLAGS="-Z sanitizer=${{ matrix.sanitizer }}" RUSTDOCFLAGS="-Z sanitizer=${{ matrix.sanitizer }}" cargo +nightly nextest run -Z build-std --features ci --target "$TARGET" + if: matrix.type == 'debug' && matrix.rust-toolchain == 'stable' bench: needs: [check] diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml new file mode 100644 index 000000000..140003ddd --- /dev/null +++ b/.github/workflows/sanitize.yml @@ -0,0 +1,65 @@ +name: Sanitize +on: + push: + branches: ["main"] + paths-ignore: ["*.md", "*.png", "*.svg", "LICENSE-*"] + pull_request: + branches: ["main"] + paths-ignore: ["*.md", "*.png", "*.svg", "LICENSE-*"] + merge_group: + workflow_dispatch: +env: + CARGO_TERM_COLOR: always + RUST_BACKTRACE: 1 + +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: true + +permissions: + contents: read + +defaults: + run: + shell: bash + +jobs: + sanitize: + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, macos-latest] + sanitizer: [address, thread, leak] + exclude: + # Leak sanitizer is not supported on macOS. + - os: macos-latest + sanitizer: leak + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: ./.github/actions/rust + with: + version: nightly + # components: llvm-tools-preview + token: ${{ secrets.GITHUB_TOKEN }} + + - id: nss-version + run: echo "minimum=$(cat neqo-crypto/min_version.txt)" >> "$GITHUB_OUTPUT" + + - uses: ./.github/actions/nss + with: + minimum-version: ${{ steps.nss-version.outputs.minimum }} + + - name: Run tests with sanitizers + env: + RUST_LOG: trace + RUSTFLAGS: "-Z sanitizer=${{ matrix.sanitizer }}" + RUSTDOCFLAGS: "-Z sanitizer=${{ matrix.sanitizer }}" + run: | + if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then + TARGET="x86_64-unknown-linux-gnu" + elif [ "${{ matrix.os }}" = "macos-latest" ]; then + TARGET="aarch64-apple-darwin" + fi + cargo nextest run -Z build-std --features ci --target "$TARGET" From b201901537d070891fded21e09747c8edbae0cad Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 15:20:02 +0300 Subject: [PATCH 10/21] Again --- .github/workflows/sanitize.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index 140003ddd..3dba7b42f 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -28,7 +28,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, macos-latest] + os: [ubuntu-latest, macos-latest] # No Windows support for sanitizers. sanitizer: [address, thread, leak] exclude: # Leak sanitizer is not supported on macOS. @@ -42,6 +42,7 @@ jobs: with: version: nightly # components: llvm-tools-preview + tools: cargo-nextest token: ${{ secrets.GITHUB_TOKEN }} - id: nss-version From af0974ce06d301889d817aed183a0501ac7e1fa1 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 15:21:57 +0300 Subject: [PATCH 11/21] Again --- .github/workflows/sanitize.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index 3dba7b42f..e6aa437bc 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -42,6 +42,7 @@ jobs: with: version: nightly # components: llvm-tools-preview + components: rust-src tools: cargo-nextest token: ${{ secrets.GITHUB_TOKEN }} From eab1bc595851ab368c93b4da5e885dd52d3df601 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 15:36:02 +0300 Subject: [PATCH 12/21] llvm --- .github/workflows/sanitize.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index e6aa437bc..2c6fe4888 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -60,8 +60,11 @@ jobs: RUSTDOCFLAGS: "-Z sanitizer=${{ matrix.sanitizer }}" run: | if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then + sudo apt-get update + sudo apt-get install -y --no-install-recommends llvm TARGET="x86_64-unknown-linux-gnu" elif [ "${{ matrix.os }}" = "macos-latest" ]; then + # llvm-symbolizer (as part of llvm) is installed by default on macOS runners TARGET="aarch64-apple-darwin" fi cargo nextest run -Z build-std --features ci --target "$TARGET" From 4c22304456d33b1798ecfcf8fe548b97aaa810e4 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 15:42:37 +0300 Subject: [PATCH 13/21] memory --- .github/workflows/sanitize.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index 2c6fe4888..ca2033b89 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -29,11 +29,14 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest] # No Windows support for sanitizers. - sanitizer: [address, thread, leak] + sanitizer: [address, thread, leak, memory] exclude: # Leak sanitizer is not supported on macOS. - os: macos-latest sanitizer: leak + # Memory sanitizer is not supported on macOS. + - os: macos-latest + sanitizer: memory runs-on: ${{ matrix.os }} steps: @@ -58,6 +61,7 @@ jobs: RUST_LOG: trace RUSTFLAGS: "-Z sanitizer=${{ matrix.sanitizer }}" RUSTDOCFLAGS: "-Z sanitizer=${{ matrix.sanitizer }}" + ASAN_OPTIONS: detect_leaks=1 run: | if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then sudo apt-get update From fc6aaad2552f5a31dc043b7693655435a2e82002 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 16:08:32 +0300 Subject: [PATCH 14/21] No memory --- .github/workflows/sanitize.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index ca2033b89..f12f5141c 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -29,12 +29,11 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest] # No Windows support for sanitizers. - sanitizer: [address, thread, leak, memory] + sanitizer: [address, thread, leak] # TODO: memory exclude: - # Leak sanitizer is not supported on macOS. + # Memory and leak sanitizers are not supported on macOS. - os: macos-latest sanitizer: leak - # Memory sanitizer is not supported on macOS. - os: macos-latest sanitizer: memory runs-on: ${{ matrix.os }} From c4bf46fbdd6d952ba5af03dd47cfadc250f4be94 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 16:19:19 +0300 Subject: [PATCH 15/21] ASAN_OPTIONS: detect_leaks=1:detect_stack_use_after_return=1 --- .github/workflows/sanitize.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index f12f5141c..52d3c189d 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -60,7 +60,7 @@ jobs: RUST_LOG: trace RUSTFLAGS: "-Z sanitizer=${{ matrix.sanitizer }}" RUSTDOCFLAGS: "-Z sanitizer=${{ matrix.sanitizer }}" - ASAN_OPTIONS: detect_leaks=1 + ASAN_OPTIONS: detect_leaks=1:detect_stack_use_after_return=1 run: | if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then sudo apt-get update From fcf9b1b68a684fbb599d9c531108ed1292df4ce2 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 16:20:15 +0300 Subject: [PATCH 16/21] actionlint --- .github/workflows/sanitize.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index 52d3c189d..dd8bcf8ec 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -34,8 +34,8 @@ jobs: # Memory and leak sanitizers are not supported on macOS. - os: macos-latest sanitizer: leak - - os: macos-latest - sanitizer: memory + # - os: macos-latest + # sanitizer: memory runs-on: ${{ matrix.os }} steps: From 30ccc98fb72ad072576aef2b868d4726d97e003b Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 16:35:57 +0300 Subject: [PATCH 17/21] Suppress --- .github/workflows/sanitize.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index dd8bcf8ec..b1426e962 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -69,5 +69,8 @@ jobs: elif [ "${{ matrix.os }}" = "macos-latest" ]; then # llvm-symbolizer (as part of llvm) is installed by default on macOS runners TARGET="aarch64-apple-darwin" + # Suppress leaks from dyld4::RuntimeState on macOS + echo "leak:dyld4::RuntimeState" > suppressions.txt + export ASAN_OPTIONS="$ASAN_OPTIONS:suppressions=suppressions.txt" fi cargo nextest run -Z build-std --features ci --target "$TARGET" From 318ab52295bb7a2a82b1b9f3f02cec69e8f1c858 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 16:39:53 +0300 Subject: [PATCH 18/21] LSAN_OPTIONS --- .github/workflows/sanitize.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index b1426e962..9e4a35ed1 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -71,6 +71,6 @@ jobs: TARGET="aarch64-apple-darwin" # Suppress leaks from dyld4::RuntimeState on macOS echo "leak:dyld4::RuntimeState" > suppressions.txt - export ASAN_OPTIONS="$ASAN_OPTIONS:suppressions=suppressions.txt" + export LSAN_OPTIONS="suppressions=suppressions.txt" fi cargo nextest run -Z build-std --features ci --target "$TARGET" From b27bd25786a060274901e5ab7bae8be041a88d39 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 16:41:09 +0300 Subject: [PATCH 19/21] Remove comment --- .github/workflows/sanitize.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index 9e4a35ed1..2f3b55da3 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -43,7 +43,6 @@ jobs: - uses: ./.github/actions/rust with: version: nightly - # components: llvm-tools-preview components: rust-src tools: cargo-nextest token: ${{ secrets.GITHUB_TOKEN }} From 863cb8a83f8dcc6ae17c4c93e558e92a06be387b Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 18:20:46 +0300 Subject: [PATCH 20/21] Again --- .github/workflows/sanitize.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index 2f3b55da3..ec023f994 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -62,14 +62,16 @@ jobs: ASAN_OPTIONS: detect_leaks=1:detect_stack_use_after_return=1 run: | if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then - sudo apt-get update sudo apt-get install -y --no-install-recommends llvm TARGET="x86_64-unknown-linux-gnu" elif [ "${{ matrix.os }}" = "macos-latest" ]; then # llvm-symbolizer (as part of llvm) is installed by default on macOS runners TARGET="aarch64-apple-darwin" - # Suppress leaks from dyld4::RuntimeState on macOS - echo "leak:dyld4::RuntimeState" > suppressions.txt + # Suppress leaks on macOS. TODO: Check occasionally if these are still needed. + { + echo "leak:dyld4::RuntimeState" + echo "leak:fetchInitializingClassList" + } > suppressions.txt export LSAN_OPTIONS="suppressions=suppressions.txt" fi cargo nextest run -Z build-std --features ci --target "$TARGET" From 6cc61f0d10c4ec024fce15b154d3b9140b0d5302 Mon Sep 17 00:00:00 2001 From: Lars Eggert Date: Thu, 10 Oct 2024 18:26:58 +0300 Subject: [PATCH 21/21] pwd --- .github/workflows/sanitize.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml index ec023f994..0752c7e30 100644 --- a/.github/workflows/sanitize.yml +++ b/.github/workflows/sanitize.yml @@ -67,11 +67,12 @@ jobs: elif [ "${{ matrix.os }}" = "macos-latest" ]; then # llvm-symbolizer (as part of llvm) is installed by default on macOS runners TARGET="aarch64-apple-darwin" - # Suppress leaks on macOS. TODO: Check occasionally if these are still needed. + # Suppress non-neqo leaks on macOS. TODO: Check occasionally if these are still needed. { echo "leak:dyld4::RuntimeState" echo "leak:fetchInitializingClassList" } > suppressions.txt - export LSAN_OPTIONS="suppressions=suppressions.txt" + PWD=$(pwd) + export LSAN_OPTIONS="suppressions=$PWD/suppressions.txt" fi cargo nextest run -Z build-std --features ci --target "$TARGET"