ci: add a asan+ubsan test run on x86_64-linux

This should at least catch out blatantly bad patches that don't pass the
test suite with ASan. We don't do this to the integration tests since
they run on relatively limited-memory VMs and so it may not be super
safe to run an evaluator with leak driven garbage collection for them.

Fixes: #403
Fixes: #319
Change-Id: I5267b02626866fd33e8b4d8794344531af679f78
This commit is contained in:
jade 2024-07-23 22:43:38 +02:00
parent 19ae87e5ce
commit e51263057f
2 changed files with 21 additions and 1 deletions

View file

@ -275,6 +275,15 @@
# System tests. # System tests.
tests = import ./tests/nixos { inherit lib nixpkgs nixpkgsFor; } // { tests = import ./tests/nixos { inherit lib nixpkgs nixpkgsFor; } // {
# This is x86_64-linux only, just because we have significantly
# cheaper x86_64-linux compute in CI.
# It is clangStdenv because clang's sanitizers are nicer.
asanBuild = self.packages.x86_64-linux.nix-clangStdenv.override {
sanitize = [
"address"
"undefined"
];
};
# Make sure that nix-env still produces the exact same result # Make sure that nix-env still produces the exact same result
# on a particular version of Nixpkgs. # on a particular version of Nixpkgs.

View file

@ -57,6 +57,10 @@
buildUnreleasedNotes ? true, buildUnreleasedNotes ? true,
internalApiDocs ? false, internalApiDocs ? false,
# List of Meson sanitize options. Accepts values of b_sanitize, e.g.
# "address", "undefined", "thread".
sanitize ? null,
# Not a real argument, just the only way to approximate let-binding some # Not a real argument, just the only way to approximate let-binding some
# stuff for argument defaults. # stuff for argument defaults.
__forDefaults ? { __forDefaults ? {
@ -166,6 +170,12 @@ stdenv.mkDerivation (finalAttrs: {
dontBuild = false; dontBuild = false;
mesonFlags = mesonFlags =
let
sanitizeOpts = lib.optionals (sanitize != null) (
[ "-Db_sanitize=${builtins.concatStringsSep "," sanitize}" ]
++ lib.optional (builtins.elem "address" sanitize) "-Dgc=disabled"
);
in
lib.optionals hostPlatform.isLinux [ lib.optionals hostPlatform.isLinux [
# You'd think meson could just find this in PATH, but busybox is in buildInputs, # You'd think meson could just find this in PATH, but busybox is in buildInputs,
# which don't actually get added to PATH. And buildInputs is correct over # which don't actually get added to PATH. And buildInputs is correct over
@ -182,7 +192,8 @@ stdenv.mkDerivation (finalAttrs: {
(lib.mesonBool "enable-tests" finalAttrs.finalPackage.doCheck) (lib.mesonBool "enable-tests" finalAttrs.finalPackage.doCheck)
(lib.mesonBool "enable-docs" canRunInstalled) (lib.mesonBool "enable-docs" canRunInstalled)
] ]
++ lib.optional (hostPlatform != buildPlatform) "--cross-file=${mesonCrossFile}"; ++ lib.optional (hostPlatform != buildPlatform) "--cross-file=${mesonCrossFile}"
++ sanitizeOpts;
# We only include CMake so that Meson can locate toml11, which only ships CMake dependency metadata. # We only include CMake so that Meson can locate toml11, which only ships CMake dependency metadata.
dontUseCmakeConfigure = true; dontUseCmakeConfigure = true;