Add FreeBSD package to release workflow #209
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sanitizers (ASAN/MSAN/UBSAN) | |
| on: | |
| push: | |
| branches: ["*"] | |
| pull_request: | |
| jobs: | |
| address-sanitizer: | |
| name: AddressSanitizer | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install dependencies | |
| run: | | |
| set -euo pipefail | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| build-essential autoconf automake libtool pkg-config \ | |
| libev-dev libpcre2-dev libc-ares-dev libssl-dev \ | |
| libbsd-dev clang | |
| - name: Generate build system | |
| run: | | |
| set -euo pipefail | |
| AUTOCONF_VERSION=2.71 AUTOMAKE_VERSION=1.16 ./autogen.sh | |
| - name: Configure with AddressSanitizer | |
| env: | |
| CC: clang | |
| run: | | |
| set -euo pipefail | |
| ./configure --disable-dependency-tracking --enable-asan | |
| - name: Build | |
| run: make -j$(nproc) | |
| - name: Run tests with ASAN | |
| env: | |
| ASAN_OPTIONS: detect_leaks=1:check_initialization_order=1:strict_init_order=1:detect_stack_use_after_return=1:detect_invalid_pointer_pairs=2:strict_string_checks=1 | |
| SKIP_BAD_REQUEST_TEST: 1 | |
| run: | | |
| set -euo pipefail | |
| make check | |
| - name: Upload test logs | |
| if: failure() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: asan-test-logs | |
| path: tests/*.log | |
| if-no-files-found: ignore | |
| memory-sanitizer: | |
| name: MemorySanitizer | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 120 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install build dependencies | |
| run: | | |
| set -euo pipefail | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| build-essential autoconf automake libtool pkg-config \ | |
| clang cmake ninja-build python3 | |
| - name: Cache MSAN instrumented libraries | |
| id: cache-msan-libs | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/msan-libs | |
| key: msan-libs-${{ runner.os }}-clang-${{ hashFiles('.github/workflows/sanitizers.yml') }}-v3 | |
| - name: Build instrumented libc++ and libc++abi | |
| if: steps.cache-msan-libs.outputs.cache-hit != 'true' | |
| run: | | |
| set -euo pipefail | |
| # Create installation directory | |
| mkdir -p ~/msan-libs | |
| export MSAN_PREFIX=~/msan-libs | |
| # Clone LLVM project for libc++ sources | |
| cd /tmp | |
| git clone --depth=1 --branch=release/17.x https://github.com/llvm/llvm-project.git | |
| cd llvm-project | |
| # Build non-sanitized llvm-tblgen to avoid MSAN aborts in TableGen | |
| mkdir build-tools | |
| cd build-tools | |
| cmake -GNinja \ | |
| -DCMAKE_BUILD_TYPE=Release \ | |
| -DLLVM_TARGETS_TO_BUILD="X86" \ | |
| -DLLVM_INCLUDE_TESTS=OFF \ | |
| -DLLVM_ENABLE_WERROR=OFF \ | |
| -DLIBCXX_ENABLE_WERROR=OFF \ | |
| -DLIBCXXABI_ENABLE_WERROR=OFF \ | |
| ../llvm | |
| ninja llvm-tblgen | |
| export HOST_LLVM_TABLEGEN="$(pwd)/bin/llvm-tblgen" | |
| cd .. | |
| # Build instrumented libc++ and libc++abi | |
| mkdir build-msan | |
| cd build-msan | |
| # Limit to X86 and skip utils/tests to avoid MSAN noise in TableGen and speed up | |
| cmake -GNinja \ | |
| -DCMAKE_BUILD_TYPE=Release \ | |
| -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi" \ | |
| -DLLVM_TARGETS_TO_BUILD="X86" \ | |
| -DLLVM_BUILD_UTILS=OFF \ | |
| -DLLVM_INCLUDE_UTILS=OFF \ | |
| -DLLVM_INCLUDE_TESTS=OFF \ | |
| -DLLVM_ENABLE_WERROR=OFF \ | |
| -DLIBCXX_ENABLE_WERROR=OFF \ | |
| -DLIBCXXABI_ENABLE_WERROR=OFF \ | |
| -DLLVM_TABLEGEN="$HOST_LLVM_TABLEGEN" \ | |
| -DCMAKE_C_COMPILER=clang \ | |
| -DCMAKE_CXX_COMPILER=clang++ \ | |
| -DCMAKE_INSTALL_PREFIX="$MSAN_PREFIX" \ | |
| -DLLVM_USE_SANITIZER=MemoryWithOrigins \ | |
| -DCMAKE_C_FLAGS="-fsanitize=memory -fsanitize-memory-track-origins -Wno-strict-overflow" \ | |
| -DCMAKE_CXX_FLAGS="-fsanitize=memory -fsanitize-memory-track-origins -Wno-deprecated-declarations -Wno-strict-overflow -Wno-user-defined-literals" \ | |
| -DRUNTIMES_CMAKE_ARGS="-DCMAKE_C_COMPILER=clang;-DCMAKE_CXX_COMPILER=clang++;-DCMAKE_LINKER=ld.lld;-DCMAKE_C_FLAGS=-fsanitize=memory -fsanitize-memory-track-origins -Wno-strict-overflow;-DCMAKE_CXX_FLAGS=-fsanitize=memory -fsanitize-memory-track-origins -Wno-deprecated-declarations -Wno-strict-overflow -Wno-user-defined-literals;-DCMAKE_EXE_LINKER_FLAGS=-fsanitize=memory -fuse-ld=lld -rtlib=compiler-rt -Wl,--warn-unresolved-symbols;-DCMAKE_SHARED_LINKER_FLAGS=-fsanitize=memory -fuse-ld=lld -rtlib=compiler-rt -Wl,--warn-unresolved-symbols" \ | |
| ../llvm | |
| # Disable MSAN error reporting during build (build tools use uninstrumented system libs) | |
| export MSAN_OPTIONS=halt_on_error=0:exitcode=0 | |
| ninja cxx cxxabi | |
| ninja install-cxx install-cxxabi | |
| unset MSAN_OPTIONS | |
| echo "✓ Instrumented libc++ built and installed to $MSAN_PREFIX" | |
| - name: Build instrumented libmd | |
| if: steps.cache-msan-libs.outputs.cache-hit != 'true' | |
| run: | | |
| set -euo pipefail | |
| export MSAN_PREFIX=~/msan-libs | |
| cd /tmp | |
| LIBMD_VERSION=1.1.0 | |
| if ! wget https://archive.hadrons.org/software/libmd/libmd-${LIBMD_VERSION}.tar.xz; then | |
| echo "ERROR: libmd ${LIBMD_VERSION} not found. Update version in workflow." | |
| exit 1 | |
| fi | |
| tar xf libmd-${LIBMD_VERSION}.tar.xz | |
| cd libmd-${LIBMD_VERSION} | |
| CC=clang \ | |
| CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer -g -O1" \ | |
| LDFLAGS="-fsanitize=memory" \ | |
| ./configure --prefix="$MSAN_PREFIX" | |
| make -j$(nproc) | |
| make install | |
| echo "✓ Instrumented libmd built" | |
| - name: Build instrumented libev | |
| if: steps.cache-msan-libs.outputs.cache-hit != 'true' | |
| run: | | |
| set -euo pipefail | |
| export MSAN_PREFIX=~/msan-libs | |
| cd /tmp | |
| git clone https://github.com/enki/libev.git | |
| cd libev | |
| # Use latest stable release tag | |
| git fetch --tags | |
| git checkout $(git tag | grep -E '^[0-9]+\.[0-9]+$' | sort -V | tail -n1 || echo master) | |
| sh autogen.sh | |
| # Point configure to our MSAN-instrumented libmd | |
| export PKG_CONFIG_PATH="$MSAN_PREFIX/lib/pkgconfig:${PKG_CONFIG_PATH:-}" | |
| CC=clang \ | |
| CPPFLAGS="-I$MSAN_PREFIX/include" \ | |
| CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer -g -O1" \ | |
| LDFLAGS="-L$MSAN_PREFIX/lib -fsanitize=memory" \ | |
| ./configure --prefix="$MSAN_PREFIX" | |
| make -j$(nproc) | |
| make install | |
| echo "✓ Instrumented libev built" | |
| - name: Build instrumented PCRE2 | |
| if: steps.cache-msan-libs.outputs.cache-hit != 'true' | |
| run: | | |
| set -euo pipefail | |
| export MSAN_PREFIX=~/msan-libs | |
| cd /tmp | |
| PCRE2_VERSION=10.42 | |
| if ! wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE2_VERSION}/pcre2-${PCRE2_VERSION}.tar.gz; then | |
| echo "ERROR: PCRE2 ${PCRE2_VERSION} not found. Update version in workflow." | |
| exit 1 | |
| fi | |
| tar xzf pcre2-${PCRE2_VERSION}.tar.gz | |
| cd pcre2-${PCRE2_VERSION} | |
| CC=clang \ | |
| CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer -g -O1" \ | |
| LDFLAGS="-fsanitize=memory" \ | |
| ./configure --prefix="$MSAN_PREFIX" | |
| make -j$(nproc) | |
| make install | |
| echo "✓ Instrumented PCRE2 built" | |
| - name: Build instrumented c-ares | |
| if: steps.cache-msan-libs.outputs.cache-hit != 'true' | |
| run: | | |
| set -euo pipefail | |
| export MSAN_PREFIX=~/msan-libs | |
| cd /tmp | |
| git clone https://github.com/c-ares/c-ares.git | |
| cd c-ares | |
| # Use latest stable release tag | |
| git fetch --tags | |
| git checkout $(git tag | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n1) | |
| mkdir build | |
| cd build | |
| cmake -GNinja \ | |
| -DCMAKE_BUILD_TYPE=Release \ | |
| -DCMAKE_C_COMPILER=clang \ | |
| -DCMAKE_CXX_COMPILER=clang++ \ | |
| -DCMAKE_INSTALL_PREFIX="$MSAN_PREFIX" \ | |
| -DCMAKE_C_FLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer -g -O1" \ | |
| -DCMAKE_CXX_FLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer -g -O1" \ | |
| -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=memory" \ | |
| -DCMAKE_SHARED_LINKER_FLAGS="-fsanitize=memory" \ | |
| .. | |
| ninja | |
| ninja install | |
| echo "✓ Instrumented c-ares built" | |
| - name: Build instrumented LibreSSL | |
| if: steps.cache-msan-libs.outputs.cache-hit != 'true' | |
| run: | | |
| set -euo pipefail | |
| export MSAN_PREFIX=~/msan-libs | |
| cd /tmp | |
| LIBRESSL_VERSION=4.2.1 | |
| if ! wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz; then | |
| echo "ERROR: LibreSSL ${LIBRESSL_VERSION} not found. Update version in workflow." | |
| exit 1 | |
| fi | |
| tar xzf libressl-${LIBRESSL_VERSION}.tar.gz | |
| cd libressl-${LIBRESSL_VERSION} | |
| CC=clang \ | |
| CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer -g -O1" \ | |
| LDFLAGS="-fsanitize=memory" \ | |
| ./configure --prefix="$MSAN_PREFIX" | |
| make -j$(nproc) | |
| make install | |
| echo "✓ Instrumented LibreSSL built" | |
| - name: Build instrumented libbsd | |
| if: steps.cache-msan-libs.outputs.cache-hit != 'true' | |
| run: | | |
| set -euo pipefail | |
| export MSAN_PREFIX=~/msan-libs | |
| cd /tmp | |
| LIBBSD_VERSION=0.11.7 | |
| if ! wget https://libbsd.freedesktop.org/releases/libbsd-${LIBBSD_VERSION}.tar.xz; then | |
| echo "ERROR: libbsd ${LIBBSD_VERSION} not found. Update version in workflow." | |
| exit 1 | |
| fi | |
| tar xf libbsd-${LIBBSD_VERSION}.tar.xz | |
| cd libbsd-${LIBBSD_VERSION} | |
| # Point configure to our MSAN-instrumented libmd | |
| export PKG_CONFIG_PATH="$MSAN_PREFIX/lib/pkgconfig:${PKG_CONFIG_PATH:-}" | |
| CC=clang \ | |
| CPPFLAGS="-I$MSAN_PREFIX/include" \ | |
| CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer -g -O1" \ | |
| LDFLAGS="-L$MSAN_PREFIX/lib -fsanitize=memory" \ | |
| ./configure --prefix="$MSAN_PREFIX" | |
| make -j$(nproc) | |
| make install | |
| echo "✓ Instrumented libbsd built" | |
| # Create summary | |
| echo "=== MSAN Instrumented Libraries Summary ===" | |
| ls -lh "$MSAN_PREFIX/lib" | head -20 | |
| - name: Generate build system | |
| run: | | |
| set -euo pipefail | |
| AUTOCONF_VERSION=2.71 AUTOMAKE_VERSION=1.16 ./autogen.sh | |
| - name: Configure with MemorySanitizer | |
| env: | |
| CC: clang | |
| CXX: clang++ | |
| run: | | |
| set -euo pipefail | |
| export MSAN_PREFIX=~/msan-libs | |
| # Configure with MSAN using instrumented libraries | |
| # Set MSAN flags explicitly so configure tests work correctly | |
| export PKG_CONFIG_PATH="$MSAN_PREFIX/lib/pkgconfig:${PKG_CONFIG_PATH:-}" | |
| export CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer -g -I$MSAN_PREFIX/include" | |
| export CXXFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer -g -I$MSAN_PREFIX/include -stdlib=libc++ -nostdinc++ -isystem $MSAN_PREFIX/include/c++/v1" | |
| export LDFLAGS="-fsanitize=memory -L$MSAN_PREFIX/lib -Wl,-rpath,$MSAN_PREFIX/lib -stdlib=libc++" | |
| ./configure --disable-dependency-tracking | |
| - name: Build | |
| run: | | |
| make -j$(nproc) | |
| - name: Run tests with MSAN | |
| env: | |
| MSAN_OPTIONS: halt_on_error=1:print_stats=1:exitcode=1 | |
| SKIP_BAD_REQUEST_TEST: 1 | |
| run: | | |
| set -euo pipefail | |
| make check | |
| - name: Upload test logs | |
| if: failure() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: msan-test-logs | |
| path: tests/*.log | |
| if-no-files-found: ignore | |
| undefined-behavior-sanitizer: | |
| name: UndefinedBehaviorSanitizer | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install dependencies | |
| run: | | |
| set -euo pipefail | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| build-essential autoconf automake libtool pkg-config \ | |
| libev-dev libpcre2-dev libc-ares-dev libssl-dev \ | |
| libbsd-dev clang | |
| - name: Generate build system | |
| run: | | |
| set -euo pipefail | |
| AUTOCONF_VERSION=2.71 AUTOMAKE_VERSION=1.16 ./autogen.sh | |
| - name: Configure with UBSan | |
| env: | |
| CC: clang | |
| run: | | |
| set -euo pipefail | |
| ./configure --disable-dependency-tracking --enable-ubsan | |
| - name: Build | |
| run: make -j$(nproc) | |
| - name: Run tests with UBSan | |
| env: | |
| UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1 | |
| SKIP_BAD_REQUEST_TEST: 1 | |
| run: | | |
| set -euo pipefail | |
| make check | |
| - name: Upload test logs | |
| if: failure() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: ubsan-test-logs | |
| path: tests/*.log | |
| if-no-files-found: ignore | |
| combined-sanitizers: | |
| name: ASAN+UBSAN Combined | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install dependencies | |
| run: | | |
| set -euo pipefail | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| build-essential autoconf automake libtool pkg-config \ | |
| libev-dev libpcre2-dev libc-ares-dev libssl-dev \ | |
| libbsd-dev clang | |
| - name: Generate build system | |
| run: | | |
| set -euo pipefail | |
| AUTOCONF_VERSION=2.71 AUTOMAKE_VERSION=1.16 ./autogen.sh | |
| - name: Configure with ASAN+UBSan | |
| env: | |
| CC: clang | |
| run: | | |
| set -euo pipefail | |
| ./configure --disable-dependency-tracking --enable-asan --enable-ubsan | |
| - name: Build | |
| run: make -j$(nproc) | |
| - name: Run tests with ASAN+UBSan | |
| env: | |
| ASAN_OPTIONS: detect_leaks=1:check_initialization_order=1:strict_init_order=1:detect_stack_use_after_return=1:detect_invalid_pointer_pairs=2:strict_string_checks=1 | |
| UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1 | |
| SKIP_BAD_REQUEST_TEST: 1 | |
| run: | | |
| set -euo pipefail | |
| make check | |
| - name: Upload test logs | |
| if: failure() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: combined-sanitizer-test-logs | |
| path: tests/*.log | |
| if-no-files-found: ignore |