From e51263057f21e77602481d6a6d826ff8cc0c1db0 Mon Sep 17 00:00:00 2001
From: Jade Lovelace <lix@jade.fyi>
Date: Tue, 23 Jul 2024 22:43:38 +0200
Subject: [PATCH] ci: add a asan+ubsan test run on x86_64-linux

This should at least catch out blatantly bad patches that don't pass the
test suite with ASan. We don't do this to the integration tests since
they run on relatively limited-memory VMs and so it may not be super
safe to run an evaluator with leak driven garbage collection for them.

Fixes: https://git.lix.systems/lix-project/lix/issues/403
Fixes: https://git.lix.systems/lix-project/lix/issues/319
Change-Id: I5267b02626866fd33e8b4d8794344531af679f78
---
 flake.nix   |  9 +++++++++
 package.nix | 13 ++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index cec970974..9a3087c4b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -275,6 +275,15 @@
 
         # System tests.
         tests = import ./tests/nixos { inherit lib nixpkgs nixpkgsFor; } // {
+          # This is x86_64-linux only, just because we have significantly
+          # cheaper x86_64-linux compute in CI.
+          # It is clangStdenv because clang's sanitizers are nicer.
+          asanBuild = self.packages.x86_64-linux.nix-clangStdenv.override {
+            sanitize = [
+              "address"
+              "undefined"
+            ];
+          };
 
           # Make sure that nix-env still produces the exact same result
           # on a particular version of Nixpkgs.
diff --git a/package.nix b/package.nix
index 61015bac9..0807ec1de 100644
--- a/package.nix
+++ b/package.nix
@@ -57,6 +57,10 @@
   buildUnreleasedNotes ? true,
   internalApiDocs ? false,
 
+  # List of Meson sanitize options. Accepts values of b_sanitize, e.g.
+  # "address", "undefined", "thread".
+  sanitize ? null,
+
   # Not a real argument, just the only way to approximate let-binding some
   # stuff for argument defaults.
   __forDefaults ? {
@@ -166,6 +170,12 @@ stdenv.mkDerivation (finalAttrs: {
   dontBuild = false;
 
   mesonFlags =
+    let
+      sanitizeOpts = lib.optionals (sanitize != null) (
+        [ "-Db_sanitize=${builtins.concatStringsSep "," sanitize}" ]
+        ++ lib.optional (builtins.elem "address" sanitize) "-Dgc=disabled"
+      );
+    in
     lib.optionals hostPlatform.isLinux [
       # You'd think meson could just find this in PATH, but busybox is in buildInputs,
       # which don't actually get added to PATH. And buildInputs is correct over
@@ -182,7 +192,8 @@ stdenv.mkDerivation (finalAttrs: {
       (lib.mesonBool "enable-tests" finalAttrs.finalPackage.doCheck)
       (lib.mesonBool "enable-docs" canRunInstalled)
     ]
-    ++ lib.optional (hostPlatform != buildPlatform) "--cross-file=${mesonCrossFile}";
+    ++ lib.optional (hostPlatform != buildPlatform) "--cross-file=${mesonCrossFile}"
+    ++ sanitizeOpts;
 
   # We only include CMake so that Meson can locate toml11, which only ships CMake dependency metadata.
   dontUseCmakeConfigure = true;