neqo/.github/workflows/sanitize.yml at 6e9cb0bcde5a1bed7a2d2730a9aa3479ebae0aa8 · mozilla/neqo · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
name: Sanitize
on:
  pull_request:
  merge_group:
  workflow_dispatch:
env:
  DUMP_SIMULATION_SEEDS: /tmp/simulation-seeds

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

defaults:
  run:
    shell: bash

jobs:
  sanitize:
    name: Sanitize
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu-24.04, macos-15] # No Windows support for sanitizers.
        sanitizer: [address, thread, leak] # TODO: memory
        exclude:
          # Memory and leak sanitizers are not supported on macOS.
          - os: macos-15
            sanitizer: leak
          # - os: macos-15
          #   sanitizer: memory
    runs-on: ${{ matrix.os }}

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - uses: mozilla/actions/rust@25cb84d060946c0ad6d2c3f79da479b16d180d71 # v1.1.0
        with:
          version: nightly
          components: rust-src
          tools: cargo-hack
          token: ${{ secrets.GITHUB_TOKEN }}

      - id: nss-version
        uses: ./.github/actions/minimum-version
        with:
          directory: .
      - uses: mozilla/actions/nss@25cb84d060946c0ad6d2c3f79da479b16d180d71 # v1.1.0
        with:
          minimum-version: ${{ steps.nss-version.outputs.minimum }}
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Run tests with sanitizers
        env:
          RUST_LOG: trace
          RUSTDOCFLAGS: "-Z sanitizer=${{ matrix.sanitizer }} -Cunsafe-allow-abi-mismatch=sanitizer"
          ASAN_OPTIONS: detect_leaks=1:detect_stack_use_after_return=1
          RUST_BACKTRACE: 1
          OS: ${{ matrix.os }}
          SANITIZER: ${{ matrix.sanitizer }}
        run: |
          # Append to RUSTFLAGS, which may already be set by the Rust action.
          export RUSTFLAGS="-Z sanitizer=$SANITIZER $RUSTFLAGS"
          if [ "$OS" = "ubuntu-24.04" ]; then
            sudo apt-get install -y --no-install-recommends llvm
            TARGET="x86_64-unknown-linux-gnu"
          elif [ "$OS" = "macos-15" ]; then
            # llvm-symbolizer (as part of llvm) is installed by default on macOS runners
            TARGET="aarch64-apple-darwin"
            # Suppress non-neqo leaks on macOS. TODO: Check occasionally if these are still needed.
            {
              echo "leak:dyld4::RuntimeState"
              echo "leak:fetchInitializingClassList"
              echo "leak:lang_start_internal"
            } > suppressions.txt
            PWD=$(pwd)
            export LSAN_OPTIONS="suppressions=$PWD/suppressions.txt"
          fi
          cargo test --locked -Z build-std --features ci --target "$TARGET"
          cargo hack --workspace test --locked -Z build-std --target "$TARGET"

      - name: Save simulation seeds artifact
        if: ${{ env.DUMP_SIMULATION_SEEDS }}
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: simulation-seeds-${{ matrix.os }}-sanitizer-${{ matrix.sanitizer }}
          path: ${{ env.DUMP_SIMULATION_SEEDS }}
          compression-level: 9