Merge pull request #276 from cconlon/ghActionASAN

Testing: add GitHub Action for -fsanitize=address
2025-06-12 12:07:03 -07:00 · 2025-06-12 12:07:03 -07:00 · 3ee581da6b
parent 1dc7d5a741 9d2524aa66
commit 3ee581da6b
4 changed files with 118 additions and 1 deletions
--- a/.github/workflows/address-sanitizer.yml
+++ b/.github/workflows/address-sanitizer.yml
@ -0,0 +1,83 @@
+name: AddressSanitizer Build and Test
+
+on:
+  workflow_call:
+    inputs:
+      os:
+        required: true
+        type: string
+      jdk_distro:
+        required: true
+        type: string
+      jdk_version:
+        required: true
+        type: string
+      wolfssl_configure:
+        required: true
+        type: string
+
+jobs:
+  build_wolfssljni_asan:
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Cache JUnit dependencies
+        uses: actions/cache@v4
+        id: cache-junit
+        with:
+          path: junit
+          key: junit-jars-v1
+
+      - name: Download junit-4.13.2.jar
+        if: steps.cache-junit.outputs.cache-hit != 'true'
+        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
+      - name: Download hamcrest-all-1.3.jar
+        if: steps.cache-junit.outputs.cache-hit != 'true'
+        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar
+
+      - name: Build native wolfSSL with AddressSanitizer
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: wolfSSL/wolfssl
+          ref: master
+          path: wolfssl
+          configure: ${{ inputs.wolfssl_configure }} CFLAGS="-fsanitize=address -fno-omit-frame-pointer" LDFLAGS="-fsanitize=address"
+          check: false
+          install: true
+
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: ${{ inputs.jdk_distro }}
+          java-version: ${{ inputs.jdk_version }}
+
+      # Set environment variables
+      # Use detect_leaks=0 to avoid leak sanitizer going wild when run via
+      # Java, since it can have issues tracking internal JNI/JVM memory.
+      # This will let us catch all non-leak issues.
+      - name: Set environment variables
+        run: |
+          echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV"
+          echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV"
+          echo "ASAN_OPTIONS=detect_leaks=0:abort_on_error=1:halt_on_error=1:print_stats=1" >> "$GITHUB_ENV"
+
+      - name: Build JNI library with AddressSanitizer
+        run: CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g" LDFLAGS="-fsanitize=address" ./java.sh $GITHUB_WORKSPACE/build-dir
+
+      - name: Build JAR (ant)
+        run: ant
+
+      - name: Find AddressSanitizer library
+        run: |
+          ASAN_LIB=$(gcc -print-file-name=libasan.so)
+          echo "ASAN_LIB=$ASAN_LIB" >> "$GITHUB_ENV"
+          echo "LD_PRELOAD=$ASAN_LIB" >> "$GITHUB_ENV"
+
+      - name: Run Java tests with AddressSanitizer (ant test)
+        run: ant test
+
+      - name: Show logs on failure
+        if: failure() || cancelled()
+        run: |
+          cat build/reports/*.txt
--- a/.github/workflows/infer.yml
+++ b/.github/workflows/infer.yml
@ -32,10 +32,19 @@ jobs:
      - name: Test Infer get version
        run: infer --version

-      # Download Junit JARs
+      # Cache and Download Junit JARs
+      - name: Cache JUnit dependencies
+        uses: actions/cache@v4
+        id: cache-junit
+        with:
+          path: junit
+          key: junit-jars-v1
+
      - name: Download junit-4.13.2.jar
+        if: steps.cache-junit.outputs.cache-hit != 'true'
        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
      - name: Download hamcrest-all-1.3.jar
+        if: steps.cache-junit.outputs.cache-hit != 'true'
        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar

      # Build native wolfSSL
--- a/.github/workflows/linux-common.yml
+++ b/.github/workflows/linux-common.yml
@ -25,9 +25,18 @@ jobs:
    steps:
      - uses: actions/checkout@v4

+      - name: Cache JUnit dependencies
+        uses: actions/cache@v4
+        id: cache-junit
+        with:
+          path: junit
+          key: junit-jars-v1
+
      - name: Download junit-4.13.2.jar
+        if: steps.cache-junit.outputs.cache-hit != 'true'
        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
      - name: Download hamcrest-all-1.3.jar
+        if: steps.cache-junit.outputs.cache-hit != 'true'
        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar

      - name: Build native wolfSSL
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -205,3 +205,19 @@ jobs:
      jdk_version: ${{ matrix.jdk_version }}
      wolfssl_configure: ${{ matrix.wolfssl_configure }}

+  # --------------- AddressSanitizer build and test ------------------
+  # Run AddressSanitizer build and test on Linux only for memory error detection
+  address-sanitizer:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest' ]
+        jdk_version: [ '21' ]
+        wolfssl_configure: [ '--enable-jni' ]
+    name: AddressSanitizer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }})
+    uses: ./.github/workflows/address-sanitizer.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "zulu"
+      jdk_version: ${{ matrix.jdk_version }}
+      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+