Add ASAN/UBSAN CI testing and fix signed left shift UB#399
Merged
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Add a sanitizer CI job that builds and tests with AddressSanitizer and UndefinedBehaviorSanitizer using clang on Ubuntu for both stable and HEAD release tracks. Fix three UBSAN signed left shift errors found during sanitizer testing by casting signed values to unsigned before left shifting: - address.hh sign_extend(): left shift of negative value / overflow - slghpatexpress.cc LeftShiftExpression: left shift of negative value Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a ci-assertions CMake preset that builds with libc++ in debug hardening mode (_LIBCPP_HARDENING_MODE_DEBUG), which catches STL contract violations at runtime — most importantly strict-weak ordering violations in comparators passed to std::sort. Add a corresponding assertions CI job that runs HEAD-only, since new comparator bugs from upstream Ghidra surface there first. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ekilmer
force-pushed
the
ekilmer/run-asan-v2
branch
2 times, most recently
from
4272304 to
67be5ff
Compare
Use the official LLVM apt script to install clang rather than relying on whichever version happens to ship on the runner. The version is configured via a workflow-level LLVM_VERSION env variable (currently 21) so bumping is a one-line change. The assertions job also installs the matching versioned libc++-dev and libc++abi-dev packages. Remove CMAKE_CXX_COMPILER from the ci-assertions preset so the CXX environment variable is respected by CMake in both CI and local use. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The sanitizer and assertions CI jobs provide more useful Debug-like coverage on Linux than a plain Debug build. Keep Debug builds only for Windows where sanitizers are not available. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ekilmer
force-pushed
the
ekilmer/run-asan-v2
branch
from
67be5ff to
f696911
Compare
Port the existing HEAD patch (0007) to stable as well. FlowBlock::compareFinalOrder returns true when both blocks have index 0, violating strict weak ordering irreflexivity. This is caught by the libc++ assertions CI job. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add a sanitizer CI job that builds and tests with AddressSanitizer and UndefinedBehaviorSanitizer using clang on Ubuntu for both stable and HEAD release tracks.
Fix three UBSAN signed left shift errors found during sanitizer testing by casting signed values to unsigned before left shifting: