nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-08 19:46:02 +01:00
Code Activity

Merge pull request #14016 from xokdvium/asan

Browse source 
treewide: Support builds with ASAN, enable in CI
This commit is contained in:
John Ericson 2025-09-18 23:48:23 -04:00 committed by GitHub
commit 8719c2e6b7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
40 changed files with 101 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

15
ci/gha/tests/default.nix
View file

@ -24,16 +24,7 @@ let
enableSanitizersLayer = finalAttrs: prevAttrs: {
mesonFlags =
(prevAttrs.mesonFlags or [ ])
++ [
# Run all tests with UBSAN enabled. Running both with ubsan and
# without doesn't seem to have much immediate benefit for doubling
# the GHA CI workaround.
#
# TODO: Work toward enabling "address,undefined" if it seems feasible.
# This would maybe require dropping Boost coroutines and ignoring intentional
# memory leaks with detect_leaks=0.
(lib.mesonOption "b_sanitize" "undefined")
]
++ [ (lib.mesonOption "b_sanitize" "address,undefined") ]
++ (lib.optionals stdenv.cc.isClang [
# https://www.github.com/mesonbuild/meson/issues/764
(lib.mesonBool "b_lundef" false)
@ -71,8 +62,12 @@ rec {
nixComponentsInstrumented = nixComponents.overrideScope (
final: prev: {
nix-store-tests = prev.nix-store-tests.override { withBenchmarks = true; };
# Boehm is incompatible with ASAN.
nix-expr = prev.nix-expr.override { enableGC = !withSanitizers; };
mesonComponentOverrides = lib.composeManyExtensions componentOverrides;
# Unclear how to make Perl bindings work with a dynamically linked ASAN.
nix-perl-bindings = if withSanitizers then null else prev.nix-perl-bindings;
}
);

1
doc/manual/meson.build
View file

@ -15,6 +15,7 @@ pymod = import('python')
python = pymod.find_installation('python3')
nix_env_for_docs = {
'ASAN_OPTIONS' : 'abort_on_error=1:print_summary=1:detect_leaks=0',
'HOME' : '/dummy',
'NIX_CONF_DIR' : '/dummy',
'NIX_SSL_CERT_FILE' : '/dummy/no-ca-bundle.crt',

1
doc/manual/source/command-ref/meson.build
View file

@ -2,6 +2,7 @@ xp_features_json = custom_target(
command : [ nix, '__dump-xp-features' ],
capture : true,
output : 'xp-features.json',
env : nix_env_for_docs,
)
experimental_features_shortlist_md = custom_target(

13
doc/manual/source/development/debugging.md
View file

@ -24,6 +24,19 @@ It is also possible to build without debugging for faster build:
(The first line is needed because `fortify` hardening requires at least some optimization.)
## Building Nix with sanitizers
Nix can be built with [Address](https://clang.llvm.org/docs/AddressSanitizer.html) and
[UB](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html) sanitizers using LLVM
or GCC. This is useful when debugging memory corruption issues.
```console
[nix-shell]$ export mesonBuildType=debugoptimized
[nix-shell]$ appendToVar mesonFlags "-Dlibexpr:gc=disabled" # Disable Boehm
[nix-shell]$ appendToVar mesonFlags "-Dbindings=false" # Disable nix-perl
[nix-shell]$ appendToVar mesonFlags "-Db_sanitize=address,undefined"
```
## Debugging the Nix Binary
Obtain your preferred debugger within the development shell:

1
doc/manual/source/development/meson.build
View file

@ -7,5 +7,6 @@ experimental_feature_descriptions_md = custom_target(
xp_features_json,
],
capture : true,
env : nix_env_for_docs,
output : 'experimental-feature-descriptions.md',
)

4
meson.build
View file

@ -41,8 +41,10 @@ subproject('libexpr-c')
subproject('libflake-c')
subproject('libmain-c')
asan_enabled = 'address' in get_option('b_sanitize')
# Language Bindings
if get_option('bindings') and not meson.is_cross_build()
if get_option('bindings') and not meson.is_cross_build() and not asan_enabled
subproject('perl')
endif

12
nix-meson-build-support/asan-options/meson.build Normal file
View file

@ -0,0 +1,12 @@
asan_test_options_env = {
'ASAN_OPTIONS' : 'abort_on_error=1:print_summary=1:detect_leaks=0',
}
# Clang gets grumpy about missing libasan symbols if -shared-libasan is not
# passed when building shared libs, at least on Linux
if cxx.get_id() == 'clang' and ('address' in get_option('b_sanitize') or 'undefined' in get_option(
'b_sanitize',
))
add_project_link_arguments('-shared-libasan', language : 'cpp')
endif

8
nix-meson-build-support/common/meson.build
View file

@ -33,13 +33,5 @@ if cxx.get_id() == 'clang'
add_project_arguments('-fpch-instantiate-templates', language : 'cpp')
endif
# Clang gets grumpy about missing libasan symbols if -shared-libasan is not
# passed when building shared libs, at least on Linux
if cxx.get_id() == 'clang' and ('address' in get_option('b_sanitize') or 'undefined' in get_option(
'b_sanitize',
))
add_project_link_arguments('-shared-libasan', language : 'cpp')
endif
# Darwin ld doesn't like "X.Y.Zpre"
nix_soversion = meson.project_version().replace('pre', '')

1
src/libcmd/meson.build
View file

@ -67,6 +67,7 @@ config_priv_h = configure_file(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'built-path.cc',

1
src/libexpr-c/meson.build
View file

@ -28,6 +28,7 @@ deps_public_maybe_subproject = [
subdir('nix-meson-build-support/subprojects')
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'nix_api_expr.cc',

1
src/libexpr-test-support/meson.build
View file

@ -31,6 +31,7 @@ rapidcheck = dependency('rapidcheck')
deps_public += rapidcheck
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'tests/value/context.cc',

3
src/libexpr-tests/meson.build
View file

@ -45,6 +45,7 @@ config_priv_h = configure_file(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'derived-path.cc',
@ -82,7 +83,7 @@ this_exe = executable(
test(
meson.project_name(),
this_exe,
env : {
env : asan_test_options_env + {
'_NIX_TEST_UNIT_DATA' : meson.current_source_dir() / 'data',
},
protocol : 'gtest',

1
src/libexpr-tests/package.nix
View file

@ -62,6 +62,7 @@ mkMesonExecutable (finalAttrs: {
mkdir -p "$HOME"
''
+ ''
export ASAN_OPTIONS=abort_on_error=1:print_summary=1:detect_leaks=0
export _NIX_TEST_UNIT_DATA=${resolvePath ./data}
${stdenv.hostPlatform.emulator buildPackages} ${lib.getExe finalAttrs.finalPackage}
touch $out

8
src/libexpr/meson.build
View file

@ -53,7 +53,12 @@ deps_other += boost
nlohmann_json = dependency('nlohmann_json', version : '>= 3.9')
deps_public += nlohmann_json
bdw_gc = dependency('bdw-gc', required : get_option('gc'))
bdw_gc_required = get_option('gc').disable_if(
'address' in get_option('b_sanitize'),
error_message : 'Building with Boehm GC and ASAN is not supported',
)
bdw_gc = dependency('bdw-gc', required : bdw_gc_required)
if bdw_gc.found()
deps_public += bdw_gc
foreach funcspec : [
@ -88,6 +93,7 @@ config_priv_h = configure_file(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
parser_tab = custom_target(
input : 'parser.y',

1
src/libfetchers-c/meson.build
View file

@ -32,6 +32,7 @@ add_project_arguments(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'nix_api_fetchers.cc',

3
src/libfetchers-tests/meson.build
View file

@ -37,6 +37,7 @@ libgit2 = dependency('libgit2')
deps_private += libgit2
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'access-tokens.cc',
@ -63,7 +64,7 @@ this_exe = executable(
test(
meson.project_name(),
this_exe,
env : {
env : asan_test_options_env + {
'_NIX_TEST_UNIT_DATA' : meson.current_source_dir() / 'data',
},
protocol : 'gtest',

1
src/libfetchers-tests/package.nix
View file

@ -61,6 +61,7 @@ mkMesonExecutable (finalAttrs: {
buildInputs = [ writableTmpDirAsHomeHook ];
}
''
export ASAN_OPTIONS=abort_on_error=1:print_summary=1:detect_leaks=0
export _NIX_TEST_UNIT_DATA=${resolvePath ./data}
${stdenv.hostPlatform.emulator buildPackages} ${lib.getExe finalAttrs.finalPackage}
touch $out

1
src/libfetchers/meson.build
View file

@ -32,6 +32,7 @@ libgit2 = dependency('libgit2', version : '>= 1.9')
deps_private += libgit2
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'attrs.cc',

1
src/libflake-c/meson.build
View file

@ -32,6 +32,7 @@ deps_public_maybe_subproject = [
subdir('nix-meson-build-support/subprojects')
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'nix_api_flake.cc',

3
src/libflake-tests/meson.build
View file

@ -34,6 +34,7 @@ gtest = dependency('gtest', main : true)
deps_private += gtest
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'flakeref.cc',
@ -58,7 +59,7 @@ this_exe = executable(
test(
meson.project_name(),
this_exe,
env : {
env : asan_test_options_env + {
'_NIX_TEST_UNIT_DATA' : meson.current_source_dir() / 'data',
'NIX_CONFIG' : 'extra-experimental-features = flakes',
'HOME' : meson.current_build_dir() / 'test-home',

1
src/libflake-tests/package.nix
View file

@ -59,6 +59,7 @@ mkMesonExecutable (finalAttrs: {
buildInputs = [ writableTmpDirAsHomeHook ];
}
(''
export ASAN_OPTIONS=abort_on_error=1:print_summary=1:detect_leaks=0
export _NIX_TEST_UNIT_DATA=${resolvePath ./data}
export NIX_CONFIG="extra-experimental-features = flakes"
${stdenv.hostPlatform.emulator buildPackages} ${lib.getExe finalAttrs.finalPackage}

1
src/libflake/meson.build
View file

@ -29,6 +29,7 @@ nlohmann_json = dependency('nlohmann_json', version : '>= 3.9')
deps_public += nlohmann_json
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
subdir('nix-meson-build-support/generate-header')

1
src/libmain-c/meson.build
View file

@ -28,6 +28,7 @@ deps_public_maybe_subproject = [
subdir('nix-meson-build-support/subprojects')
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'nix_api_main.cc',

1
src/libmain/meson.build
View file

@ -53,6 +53,7 @@ config_priv_h = configure_file(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'common-args.cc',

1
src/libstore-c/meson.build
View file

@ -26,6 +26,7 @@ deps_public_maybe_subproject = [
subdir('nix-meson-build-support/subprojects')
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'nix_api_store.cc',

1
src/libstore-test-support/meson.build
View file

@ -29,6 +29,7 @@ rapidcheck = dependency('rapidcheck')
deps_public += rapidcheck
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'derived-path.cc',

5
src/libstore-tests/meson.build
View file

@ -52,6 +52,7 @@ gtest = dependency('gmock')
deps_private += gtest
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'common-protocol.cc',
@ -102,7 +103,7 @@ this_exe = executable(
test(
meson.project_name(),
this_exe,
env : {
env : asan_test_options_env + {
'_NIX_TEST_UNIT_DATA' : meson.current_source_dir() / 'data',
'HOME' : meson.current_build_dir() / 'test-home',
'NIX_REMOTE' : meson.current_build_dir() / 'test-home' / 'store',
@ -136,7 +137,7 @@ if get_option('benchmarks')
benchmark(
'nix-store-benchmarks',
benchmark_exe,
env : {
env : asan_test_options_env + {
'_NIX_TEST_UNIT_DATA' : meson.current_source_dir() / 'data',
},
)

1
src/libstore-tests/package.nix
View file

@ -83,6 +83,7 @@ mkMesonExecutable (finalAttrs: {
}
(
''
export ASAN_OPTIONS=abort_on_error=1:print_summary=1:detect_leaks=0
export _NIX_TEST_UNIT_DATA=${data + "/src/libstore-tests/data"}
export NIX_REMOTE=$HOME/store
${stdenv.hostPlatform.emulator buildPackages} ${lib.getExe finalAttrs.finalPackage}

1
src/libstore/meson.build
View file

@ -265,6 +265,7 @@ config_priv_h = configure_file(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'binary-cache-store.cc',

1
src/libutil-c/meson.build
View file

@ -32,6 +32,7 @@ config_priv_h = configure_file(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'nix_api_util.cc',

1
src/libutil-test-support/meson.build
View file

@ -27,6 +27,7 @@ rapidcheck = dependency('rapidcheck')
deps_public += rapidcheck
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'hash.cc',

3
src/libutil-tests/meson.build
View file

@ -42,6 +42,7 @@ config_priv_h = configure_file(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = files(
'args.cc',
@ -96,7 +97,7 @@ this_exe = executable(
test(
meson.project_name(),
this_exe,
env : {
env : asan_test_options_env + {
'_NIX_TEST_UNIT_DATA' : meson.current_source_dir() / 'data',
},
protocol : 'gtest',

1
src/libutil-tests/package.nix
View file

@ -61,6 +61,7 @@ mkMesonExecutable (finalAttrs: {
mkdir -p "$HOME"
''
+ ''
export ASAN_OPTIONS=abort_on_error=1:print_summary=1:detect_leaks=0
export _NIX_TEST_UNIT_DATA=${./data}
${stdenv.hostPlatform.emulator buildPackages} ${lib.getExe finalAttrs.finalPackage}
touch $out

1
src/libutil/meson.build
View file

@ -118,6 +118,7 @@ config_priv_h = configure_file(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
sources = [ config_priv_h ] + files(
'archive.cc',

6
src/nix/asan-options.cc Normal file
View file

@ -0,0 +1,6 @@
extern "C" [[gnu::retain]] const char * __asan_default_options()
{
// We leak a bunch of memory knowingly on purpose. It's not worthwhile to
// diagnose that memory being leaked for now.
return "abort_on_error=1:print_summary=1:detect_leaks=0";
}

2
src/nix/meson.build
View file

@ -56,11 +56,13 @@ config_priv_h = configure_file(
)
subdir('nix-meson-build-support/common')
subdir('nix-meson-build-support/asan-options')
subdir('nix-meson-build-support/generate-header')
nix_sources = [ config_priv_h ] + files(
'add-to-store.cc',
'app.cc',
'asan-options.cc',
'build.cc',
'bundle.cc',
'cat.cc',

7
tests/functional/meson.build
View file

@ -239,6 +239,12 @@ foreach suite : suites
# Turns, e.g., `tests/functional/flakes/show.sh` into a Meson test target called
# `functional-flakes-show`.
name = fs.replace_suffix(script, '')
asan_options = 'abort_on_error=1:print_summary=1:detect_leaks=0'
# Otherwise ASAN dumps warnings into stderr that make some tests fail on stderr output
# comparisons.
asan_options += ':log_path=@0@'.format(
meson.current_build_dir() / 'asan-log',
)
test(
name,
@ -253,6 +259,7 @@ foreach suite : suites
],
suite : suite_name,
env : {
'ASAN_OPTIONS' : asan_options,
'_NIX_TEST_SOURCE_DIR' : meson.current_source_dir(),
'_NIX_TEST_BUILD_DIR' : meson.current_build_dir(),
'TEST_NAME' : suite_name / name,

7
tests/functional/test-libstoreconsumer/main.cc
View file

@ -5,6 +5,13 @@
using namespace nix;
extern "C" [[gnu::retain]] const char * __asan_default_options()
{
// We leak a bunch of memory knowingly on purpose. It's not worthwhile to
// diagnose that memory being leaked for now.
return "abort_on_error=1:print_summary=1:detect_leaks=0";
}
int main(int argc, char ** argv)
{
try {

4
tests/functional/test-libstoreconsumer/meson.build
View file

@ -1,3 +1,7 @@
cxx = meson.get_compiler('cpp')
subdir('nix-meson-build-support/asan-options')
libstoreconsumer_tester = executable(
'test-libstoreconsumer',
'main.cc',

1
tests/functional/test-libstoreconsumer/nix-meson-build-support Symbolic link
View file

@ -0,0 +1 @@
../../../nix-meson-build-support