diff --git a/.bazelrc b/.bazelrc index 9c36d24f4..468efa2ce 100644 --- a/.bazelrc +++ b/.bazelrc @@ -93,3 +93,39 @@ build:build_qnx8 --config=arm64-qnx ## default is a stdout logger which looks like dlt logs ## uncomment below to use score::mw::log instead of the stdout logger # build --cxxopt=-DLC_LOG_SCORE_MW_LOG + +# ============================================================================== +# Sanitizer configurations — powered by score_cpp_policies runtime infrastructure +# (wrapper, suppression files, env templates) +# ============================================================================== + +# Minimal debug info (-g1) for sanitizer stack traces; stripping disabled +build:with_debug_symbols --copt=-g1 +build:with_debug_symbols --strip=never + +# AddressSanitizer + UndefinedBehaviorSanitizer + LeakSanitizer (recommended) +build:asan_ubsan_lsan --config=with_debug_symbols +build:asan_ubsan_lsan --copt=-fsanitize=undefined,address,leak +build:asan_ubsan_lsan --linkopt=-fsanitize=undefined,address,leak +build:asan_ubsan_lsan --platform_suffix=asan_ubsan_lsan +build:asan_ubsan_lsan --@score_cpp_policies//sanitizers/flags:sanitizer=asan_ubsan_lsan +test:asan_ubsan_lsan --run_under=@score_cpp_policies//sanitizers:wrapper +test:asan_ubsan_lsan --test_tag_filters=-no-asan,-no-lsan,-no-ubsan + +# Convenience aliases (all resolve to asan_ubsan_lsan) +build:asan --config=asan_ubsan_lsan +build:ubsan --config=asan_ubsan_lsan +build:lsan --config=asan_ubsan_lsan + +# ThreadSanitizer (cannot be combined with ASan/LSan) +build:tsan --config=with_debug_symbols +build:tsan --copt=-fsanitize=thread +build:tsan --copt=-O1 +build:tsan --linkopt=-fsanitize=thread +# GCC TSan doesn't instrument atomic_thread_fence; suppress the resulting -Wtsan +# warning so it doesn't become a build error in external deps that use -Werror. +build:tsan --cxxopt=-Wno-tsan +build:tsan --platform_suffix=tsan +build:tsan --@score_cpp_policies//sanitizers/flags:sanitizer=tsan +test:tsan --run_under=@score_cpp_policies//sanitizers:wrapper +test:tsan --test_tag_filters=-no-tsan diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml new file mode 100644 index 000000000..3b4c5e185 --- /dev/null +++ b/.github/workflows/sanitizers.yml @@ -0,0 +1,60 @@ +# ******************************************************************************* +# Copyright (c) 2026 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# ******************************************************************************* +name: Sanitizers + +permissions: + contents: read + +on: + pull_request: + types: [opened, reopened, synchronize] + merge_group: + types: [checks_requested] + push: + branches: + - main + +jobs: + sanitizers: + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + config: [asan_ubsan_lsan, tsan] + steps: + - name: Checkout code + uses: actions/checkout@v4.2.2 + + - name: Setup Bazel + uses: bazel-contrib/setup-bazel@0.18.0 + with: + bazelisk-cache: true + disk-cache: ${{ github.workflow }}-${{ matrix.config }} + repository-cache: true + cache-save: ${{ github.event_name == 'push' }} + + - name: Configure kernel for TSan (ASLR breaks TSan shadow memory layout) + if: matrix.config == 'tsan' + run: sudo sysctl -w kernel.randomize_va_space=0 + + - name: Run tests with sanitizers + run: | + bazel test --lockfile_mode=error --config=${{ matrix.config }} --config=x86_64-linux //src/... //tests/... --verbose_failures + + - name: Upload test logs on failure + if: failure() + uses: actions/upload-artifact@v4 + with: + name: bazel-testlogs-${{ matrix.config }}-${{ github.run_id }} + path: bazel-testlogs/ + retention-days: 7 diff --git a/MODULE.bazel b/MODULE.bazel index b6cd10238..aad853c03 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -134,6 +134,15 @@ use_repo(oci, "debian-test-runtime", "debian-test-runtime_linux_amd64") bazel_dep(name = "score_baselibs_rust", version = "0.1.2") bazel_dep(name = "score_baselibs", version = "0.2.6") +# Centralized C++ quality tool policies (sanitizers, etc.) +# https://github.com/eclipse-score/score_cpp_policies +bazel_dep(name = "score_cpp_policies", dev_dependency = True) +git_override( + module_name = "score_cpp_policies", + commit = "6348b27a04d64936d7e828c9dd3d04667109104a", + remote = "https://github.com/eclipse-score/score_cpp_policies.git", +) + # Hedron's Compile Commands Extractor for Bazel # https://github.com/hedronvision/bazel-compile-commands-extractor bazel_dep(name = "hedron_compile_commands", dev_dependency = True) diff --git a/src/launch_manager_daemon/common/concurrency/BUILD b/src/launch_manager_daemon/common/concurrency/BUILD index 35d84d8e6..57b45719f 100644 --- a/src/launch_manager_daemon/common/concurrency/BUILD +++ b/src/launch_manager_daemon/common/concurrency/BUILD @@ -67,24 +67,3 @@ cc_test( "@googletest//:gtest_main", ], ) - -cc_test( - name = "mpmc_concurrent_queue_tsan_test", - srcs = ["mpmc_concurrent_queue_test.cpp"], - copts = [ - "-fsanitize=thread", - "-O0", - "-g", - ], - linkopts = ["-fsanitize=thread"], - tags = [ - "no-coverage", # coverage + tsan might cause problems - "tsan", - ], - target_compatible_with = ["@platforms//os:linux"], # no tsan on qnx - visibility = ["//tests:__subpackages__"], - deps = [ - ":mpmc_concurrent_queue", - "@googletest//:gtest_main", - ], -)