Sanitize #6415
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sanitize | |
| on: | |
| pull_request: | |
| merge_group: | |
| workflow_dispatch: | |
| env: | |
| DUMP_SIMULATION_SEEDS: /tmp/simulation-seeds | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| sanitize: | |
| name: Sanitize | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-24.04, macos-15] # No Windows support for sanitizers. | |
| sanitizer: [address, thread, leak] # TODO: memory | |
| exclude: | |
| # Memory and leak sanitizers are not supported on macOS. | |
| - os: macos-15 | |
| sanitizer: leak | |
| # - os: macos-15 | |
| # sanitizer: memory | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/rust | |
| with: | |
| version: nightly | |
| components: rust-src | |
| tools: cargo-hack | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: ./.github/actions/nss | |
| - name: Run tests with sanitizers | |
| env: | |
| RUST_LOG: trace | |
| RUSTDOCFLAGS: "-Z sanitizer=${{ matrix.sanitizer }} -Cunsafe-allow-abi-mismatch=sanitizer" | |
| ASAN_OPTIONS: detect_leaks=1:detect_stack_use_after_return=1 | |
| RUST_BACKTRACE: 1 | |
| OS: ${{ matrix.os }} | |
| SANITIZER: ${{ matrix.sanitizer }} | |
| run: | | |
| # Append to RUSTFLAGS, which may already be set by the Rust action. | |
| export RUSTFLAGS="-Z sanitizer=$SANITIZER $RUSTFLAGS" | |
| if [ "$OS" = "ubuntu-24.04" ]; then | |
| sudo apt-get install -y --no-install-recommends llvm | |
| TARGET="x86_64-unknown-linux-gnu" | |
| elif [ "$OS" = "macos-15" ]; then | |
| # llvm-symbolizer (as part of llvm) is installed by default on macOS runners | |
| TARGET="aarch64-apple-darwin" | |
| # Suppress non-neqo leaks on macOS. TODO: Check occasionally if these are still needed. | |
| { | |
| echo "leak:dyld4::RuntimeState" | |
| echo "leak:fetchInitializingClassList" | |
| echo "leak:lang_start_internal" | |
| } > suppressions.txt | |
| PWD=$(pwd) | |
| export LSAN_OPTIONS="suppressions=$PWD/suppressions.txt" | |
| fi | |
| cargo test --locked -Z build-std --features ci --target "$TARGET" | |
| cargo hack --workspace test --locked -Z build-std --target "$TARGET" | |
| - name: Save simulation seeds artifact | |
| if: ${{ env.DUMP_SIMULATION_SEEDS }} | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: simulation-seeds-${{ matrix.os }}-sanitizer-${{ matrix.sanitizer }} | |
| path: ${{ env.DUMP_SIMULATION_SEEDS }} | |
| compression-level: 9 |