Develop #182
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Memory Safety - Sanitizers | |
| on: | |
| push: | |
| branches: [ "main", "dev_peer_discovery" ] | |
| pull_request: | |
| branches: [ "main", "dev_peer_discovery" ] | |
| schedule: | |
| # Run nightly at 2 AM UTC | |
| - cron: '0 2 * * *' | |
| workflow_dispatch: | |
| jobs: | |
| # AddressSanitizer + UndefinedBehaviorSanitizer | |
| asan-ubsan: | |
| name: ASan + UBSan (${{ matrix.os }}, ${{ matrix.compiler }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest] | |
| compiler: [gcc, clang] | |
| include: | |
| - os: ubuntu-latest | |
| compiler: gcc | |
| c_compiler: gcc | |
| cpp_compiler: g++ | |
| - os: ubuntu-latest | |
| compiler: clang | |
| c_compiler: clang | |
| cpp_compiler: clang++ | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y cmake ninja-build curl | |
| - name: Configure CMake with ASan + UBSan | |
| run: | | |
| cmake -B build/Linux/asan \ | |
| -G Ninja \ | |
| -DCMAKE_CXX_COMPILER=${{ matrix.cpp_compiler }} \ | |
| -DCMAKE_C_COMPILER=${{ matrix.c_compiler }} \ | |
| -DCMAKE_BUILD_TYPE=Release \ | |
| -DENABLE_ASAN=ON \ | |
| -DENABLE_UBSAN=ON \ | |
| -S build/Linux | |
| - name: Build | |
| run: cmake --build build/Linux/asan | |
| - name: Run tests with ASan + UBSan | |
| working-directory: build/Linux/asan | |
| env: | |
| ASAN_OPTIONS: detect_leaks=1:check_initialization_order=1:strict_init_order=1:print_stats=1 | |
| UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1 | |
| run: ctest --output-on-failure --timeout 300 | |
| - name: Upload ASan logs on failure | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: asan-ubsan-logs-${{ matrix.compiler }} | |
| path: | | |
| build/Linux/asan/Testing/Temporary/LastTest.log | |
| build/Linux/asan/**/*.log | |
| # ThreadSanitizer (separate job as it conflicts with ASan) | |
| tsan: | |
| name: ThreadSanitizer (${{ matrix.os }}, ${{ matrix.compiler }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest] | |
| compiler: [gcc, clang] | |
| include: | |
| - os: ubuntu-latest | |
| compiler: gcc | |
| c_compiler: gcc | |
| cpp_compiler: g++ | |
| - os: ubuntu-latest | |
| compiler: clang | |
| c_compiler: clang | |
| cpp_compiler: clang++ | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y cmake ninja-build curl | |
| - name: Configure CMake with TSan | |
| run: | | |
| cmake -B build/Linux/tsan \ | |
| -G Ninja \ | |
| -DCMAKE_CXX_COMPILER=${{ matrix.cpp_compiler }} \ | |
| -DCMAKE_C_COMPILER=${{ matrix.c_compiler }} \ | |
| -DCMAKE_BUILD_TYPE=Release \ | |
| -DENABLE_TSAN=ON \ | |
| -S build/Linux | |
| - name: Build | |
| run: cmake --build build/Linux/tsan | |
| - name: Run tests with TSan | |
| working-directory: build/Linux/tsan | |
| env: | |
| TSAN_OPTIONS: second_deadlock_stack=1:halt_on_error=1 | |
| run: ctest --output-on-failure --timeout 300 | |
| - name: Upload TSan logs on failure | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: tsan-logs-${{ matrix.compiler }} | |
| path: | | |
| build/Linux/tsan/Testing/Temporary/LastTest.log | |
| build/Linux/tsan/**/*.log | |
| # Windows ASan (MSVC has limited sanitizer support) | |
| # Temporarily disabled due to zkLLVM dependency issues on Windows CI | |
| # TODO: Re-enable once dependency setup is fixed | |
| # windows-asan: | |
| # name: ASan (Windows, MSVC) | |
| # runs-on: windows-latest | |
| # | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # with: | |
| # submodules: recursive | |
| # | |
| # - name: Configure CMake with ASan | |
| # run: | | |
| # cmake -B build/Windows/asan ` | |
| # -G "Visual Studio 17 2022" -A x64 ` | |
| # -DCMAKE_BUILD_TYPE=Debug ` | |
| # -DENABLE_ASAN=ON ` | |
| # -S build/Windows | |
| # | |
| # - name: Build | |
| # run: cmake --build build/Windows/asan --config Debug | |
| # | |
| # - name: Run tests with ASan | |
| # working-directory: build/Windows/asan | |
| # run: ctest -C Debug --output-on-failure --timeout 300 | |
| # | |
| # - name: Upload ASan logs on failure | |
| # if: failure() | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: windows-asan-logs | |
| # path: | | |
| # build/Windows/asan/Testing/Temporary/LastTest.log | |
| # build/Windows/asan/**/*.log | |
| # Summary job to check if all sanitizer tests passed | |
| sanitizers-summary: | |
| name: Sanitizers Summary | |
| runs-on: ubuntu-latest | |
| needs: [asan-ubsan, tsan] # windows-asan temporarily disabled | |
| if: always() | |
| steps: | |
| - name: Check sanitizer results | |
| run: | | |
| echo "ASan + UBSan: ${{ needs.asan-ubsan.result }}" | |
| echo "ThreadSanitizer: ${{ needs.tsan.result }}" | |
| echo "Windows ASan: Temporarily disabled (dependency issues)" | |
| if [ "${{ needs.asan-ubsan.result }}" != "success" ] || \ | |
| [ "${{ needs.tsan.result }}" != "success" ]; then | |
| echo "❌ One or more sanitizer tests failed" | |
| exit 1 | |
| else | |
| echo "✅ All sanitizer tests passed" | |
| fi |