Master/upx
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

CI update: add ASAN/MSAN/valgrind checks

Browse Source
This commit is contained in:
Markus F.X.J. Oberhumer
2023-08-17 12:07:19 +02:00
parent f8ea416a4d
commit 1a7732b285
20 changed files with 262 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/github-close-inactive-issues.yml
+1 -1
View File
@@ -14,7 +14,7 @@
name: 'GitHub - Close inactive issues'
on:
schedule: [cron: '50 2 * * 3'] # run weekly Wednesday 02:50 UTC
schedule: [cron: '50 0 * * 3'] # run weekly Wednesday 00:50 UTC
workflow_dispatch:
jobs:
close-issues:
.github/workflows/static-analyzer-clang-analyzer.yml
+6 -4
View File
@@ -21,10 +21,12 @@ jobs:
run: 'apk update && apk upgrade && apk add clang clang-analyzer cmake g++ git make'
- name: ${{ format('Check out UPX {0} source code', github.ref_name) }}
run: |
git clone --branch "$GITHUB_REF_NAME" --depth 1 https://github.com/upx/upx
git -C upx submodule update --init
# this seems to be needed when running in a container (beause of UID mismatch??)
git config --global --add safe.directory '*'
git clone --branch "$GITHUB_REF_NAME" --depth 1 https://github.com/upx/upx .
git submodule update --init
- name: 'Perform clang-analyzer scan-build Analysis Debug'
run: 'make -C upx build/analyze/clang-analyzer/debug'
run: 'make build/analyze/clang-analyzer/debug'
- name: 'Perform clang-analyzer scan-build Analysis Release'
if: success() || failure() # run this step even if the previous step failed
run: 'make -C upx build/analyze/clang-analyzer/release'
run: 'make build/analyze/clang-analyzer/release'
.github/workflows/static-analyzer-clang-tidy.yml
+6 -4
View File
@@ -21,10 +21,12 @@ jobs:
run: 'apk update && apk upgrade && apk add clang clang-extra-tools cmake g++ git make python3'
- name: ${{ format('Check out UPX {0} source code', github.ref_name) }}
run: |
git clone --branch "$GITHUB_REF_NAME" --depth 1 https://github.com/upx/upx
git -C upx submodule update --init
# this seems to be needed when running in a container (beause of UID mismatch??)
git config --global --add safe.directory '*'
git clone --branch "$GITHUB_REF_NAME" --depth 1 https://github.com/upx/upx .
git submodule update --init
- name: 'Perform clang-tidy Analysis Debug'
run: 'make -C upx -k build/analyze/clang-tidy/debug'
run: 'make -k build/analyze/clang-tidy/debug'
- name: 'Perform clang-tidy Analysis Release'
if: success() || failure() # run this step even if the previous step failed
run: 'make -C upx -k build/analyze/clang-tidy/release'
run: 'make -k build/analyze/clang-tidy/release'
.github/workflows/test-alpine-linux.yml
-72
View File
@@ -63,75 +63,3 @@ jobs:
with:
name: ${{ env.artifact_name }}
path: 'upx*/build/*/upx'
job-alpine-by-hand: # uses a POSIX-compliant shell
# ...and also uses a subdirectory "upx with space" in order to detect possible quoting issues
# ...and also uses ccache as we are running the same build-script again and again
if: ${{ true }}
strategy: { matrix: { container: ['alpine:3.9','alpine:edge'] } }
name: ${{ format('gcc by-hand {0}', matrix.container) }}
runs-on: ubuntu-latest
container: ${{ matrix.container }}
steps:
- name: ${{ format('Install packages {0}', matrix.container) }}
run: |
# install ccache, g++, git and various POSIX shells
shells="bash dash loksh mksh zsh"
case ${{ matrix.container }} in
*:edge) shells="$shells oksh yash" ;;
esac
echo "installing shells: $shells"
apk update && apk upgrade && apk add ccache g++ git $shells
# enable ccache
echo -e "CC=ccache gcc\nCXX=ccache g++ -std=gnu++17" >> $GITHUB_ENV
# this seems to be needed when running in a container (beause of UID mismatch??)
git config --global --add safe.directory '*'
- name: 'Check out code'
uses: actions/checkout@v3
with:
submodules: true
path: 'upx with space'
- name: 'Build by-hand with bash'
run: 'bash "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with bash --posix'
run: 'bash --posix "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with busybox ash'
run: 'busybox ash "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with busybox sh'
run: 'busybox sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with dash'
run: 'dash "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with loksh'
run: 'ksh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with loksh -o posix'
run: 'ksh -o posix "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with loksh -o sh'
run: 'ksh -o sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with mksh'
run: 'mksh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with mksh -o posix'
run: 'mksh -o posix "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with mksh -o sh'
run: 'mksh -o sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with oksh'
if: ${{ contains(matrix.container, ':edge') }}
run: 'oksh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with oksh -o posix'
if: ${{ contains(matrix.container, ':edge') }}
run: 'oksh -o posix "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with oksh -o sh'
if: ${{ contains(matrix.container, ':edge') }}
run: 'oksh -o sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with yash'
if: ${{ contains(matrix.container, ':edge') }}
run: 'yash "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with zsh'
run: 'zsh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with zsh --emulate ksh'
run: 'zsh --emulate ksh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with zsh --emulate sh'
run: 'zsh --emulate sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Show ccache stats'
run: |
ccache -s
ccache -p
.github/workflows/weekly-ci-bs-by-hand.yml
+83
View File
@@ -0,0 +1,83 @@
# Copyright (C) Markus Franz Xaver Johannes Oberhumer
# BuildSystem: build "by hand" using a POSIX-compliant shell
name: 'Weekly CI BS - By Hand'
on:
schedule: [cron: '00 1 * * 3'] # run weekly Wednesday 01:00 UTC
workflow_dispatch:
env:
CMAKE_REQUIRED_QUIET: OFF
DEBIAN_FRONTEND: noninteractive
jobs:
job-alpine-by-hand: # uses a POSIX-compliant shell
# ...and also uses a subdirectory "upx with space" in order to detect possible quoting issues
# ...and also uses ccache as we are running the same build-script again and again
if: ${{ true }}
strategy: { matrix: { container: ['alpine:3.9','alpine:edge'] } }
name: ${{ format('gcc by-hand {0}', matrix.container) }}
runs-on: ubuntu-latest
container: ${{ matrix.container }}
steps:
- name: ${{ format('Install packages {0}', matrix.container) }}
run: |
# install ccache, g++, git and various POSIX shells
shells="bash dash loksh mksh zsh"
case ${{ matrix.container }} in
*:edge) shells="$shells oksh yash" ;;
esac
echo "installing shells: $shells"
apk update && apk upgrade && apk add ccache g++ git $shells
# enable ccache
echo -e "CC=ccache gcc\nCXX=ccache g++ -std=gnu++17" >> $GITHUB_ENV
# this seems to be needed when running in a container (beause of UID mismatch??)
git config --global --add safe.directory '*'
- name: 'Check out code'
uses: actions/checkout@v3
with:
submodules: true
path: 'upx with space'
- name: 'Build by-hand with bash'
run: 'bash "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with bash --posix'
run: 'bash --posix "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with busybox ash'
run: 'busybox ash "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with busybox sh'
run: 'busybox sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with dash'
run: 'dash "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with loksh'
run: 'ksh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with loksh -o posix'
run: 'ksh -o posix "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with loksh -o sh'
run: 'ksh -o sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with mksh'
run: 'mksh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with mksh -o posix'
run: 'mksh -o posix "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with mksh -o sh'
run: 'mksh -o sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with oksh'
if: ${{ contains(matrix.container, ':edge') }}
run: 'oksh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with oksh -o posix'
if: ${{ contains(matrix.container, ':edge') }}
run: 'oksh -o posix "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with oksh -o sh'
if: ${{ contains(matrix.container, ':edge') }}
run: 'oksh -o sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with yash'
if: ${{ contains(matrix.container, ':edge') }}
run: 'yash "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with zsh'
run: 'zsh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with zsh --emulate ksh'
run: 'zsh --emulate ksh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Build by-hand with zsh --emulate sh'
run: 'zsh --emulate sh "./upx with space/misc/scripts/build_upx_by_hand.sh"'
- name: 'Show ccache stats'
run: |
ccache -s
ccache -p
.github/workflows/weekly-ci-cmake-macos-xcode.yml → .github/workflows/weekly-ci-bs-cmake-macos-xcode.yml
+5 -5
View File
@@ -1,9 +1,9 @@
# Copyright (C) Markus Franz Xaver Johannes Oberhumer
# build with 'cmake -G Xcode'
# BuildSystem: build with 'cmake -G Xcode'
name: 'Weekly CI - cmake macOS Xcode'
name: 'Weekly CI BS - cmake macOS Xcode'
on:
schedule: [cron: '20 3 * * 3'] # run weekly Wednesday 03:20 UTC
schedule: [cron: '10 1 * * 3'] # run weekly Wednesday 01:10 UTC
workflow_dispatch:
env:
CMAKE_REQUIRED_QUIET: OFF
@@ -11,8 +11,6 @@ env:
jobs:
job-cmake-macos-xcode: # uses cmake + xcodebuild
name: ${{ format('{0} cmake Xcode', matrix.os) }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
@@ -20,6 +18,8 @@ jobs:
- { os: macos-11, run_test: true }
- { os: macos-12, run_test: true }
- { os: macos-13, run_test: false } # TODO: enable once UPX fully works on macos-13
name: ${{ format('{0} cmake Xcode', matrix.os) }}
runs-on: ${{ matrix.os }}
steps:
- name: 'Check out code'
uses: actions/checkout@v3
.github/workflows/weekly-ci-cmake-windows-nmake.yml → .github/workflows/weekly-ci-bs-cmake-windows-nmake.yml
+7 -5
View File
@@ -1,9 +1,11 @@
# Copyright (C) Markus Franz Xaver Johannes Oberhumer
# build with 'cmake -G "NMake Makefiles"'
# BuildSystem: build with 'cmake -G "NMake Makefiles"'
name: 'Weekly CI - cmake Windows NMake'
# also tests "clang-cl"
name: 'Weekly CI BS - cmake Windows NMake'
on:
schedule: [cron: '30 3 * * 3'] # run weekly Wednesday 03:30 UTC
schedule: [cron: '20 1 * * 3'] # run weekly Wednesday 01:20 UTC
workflow_dispatch:
env:
CMAKE_REQUIRED_QUIET: OFF
@@ -11,8 +13,6 @@ env:
jobs:
job-cmake-windows-nmake: # uses cmake + nmake
name: ${{ format('vs{0} {1} {2}', matrix.vsversion, matrix.arch, matrix.clang_cl && 'clang-cl' || '') }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
@@ -26,6 +26,8 @@ jobs:
- { os: windows-2022, vsversion: 2022, arch: amd64_x86 }
# clang-cl
- { os: windows-2022, vsversion: 2022, arch: amd64, clang_cl: true }
name: ${{ format('vs{0} {1} {2}', matrix.vsversion, matrix.arch, matrix.clang_cl && 'clang-cl' || '') }}
runs-on: ${{ matrix.os }}
steps:
- name: 'Check out code'
uses: actions/checkout@v3
.github/workflows/weekly-ci-alpine-linux.yml → .github/workflows/weekly-ci-cc-alpine-linux.yml
+6 -4
View File
@@ -1,16 +1,18 @@
# Copyright (C) Markus Franz Xaver Johannes Oberhumer
# CompilationCheck: test various clang and gcc versions
# Build under various Alpine Linux versions with clang and gcc, and
# also test building with C++20 and C++23.
# And also uses a subdirectory "upx with space" that contains whitespace in order
# to detect possible quoting issues.
# info: Alpine 3.9 has clang-5, cmake-3.13.0 and gcc-8, which nicely
# matches our minimal build requirements
# info: Alpine Linux 3.9 (released Jan 2019) has clang-5, cmake-3.13.0
# and gcc-8, which nicely matches our minimal build requirements
name: 'Weekly CI - Alpine Linux'
name: 'Weekly CI CC - Alpine Linux'
on:
schedule: [cron: '05 3 * * 3'] # run weekly Wednesday 03:05 UTC
schedule: [cron: '00 2 * * 3'] # run weekly Wednesday 02:00 UTC
workflow_dispatch:
env:
CMAKE_REQUIRED_QUIET: OFF
.github/workflows/weekly-ci-llvm-mingw.yml → .github/workflows/weekly-ci-cc-llvm-mingw.yml
+8 -6
View File
@@ -1,9 +1,11 @@
# Copyright (C) Markus Franz Xaver Johannes Oberhumer
# CompilationCheck: test llvm-mingw
# see https://github.com/mstorsjo/llvm-mingw
name: 'Weekly CI - llvm-mingw'
name: 'Weekly CI CC - llvm-mingw'
on:
schedule: [cron: '40 3 * * 3'] # run weekly Wednesday 03:40 UTC
schedule: [cron: '20 2 * * 3'] # run weekly Wednesday 02:20 UTC
workflow_dispatch:
env:
CMAKE_REQUIRED_QUIET: OFF
@@ -12,8 +14,6 @@ env:
jobs:
job-llvm-mingw: # uses cmake+make
if: ${{ true }}
name: ${{ format('{0} {1}', matrix.name, matrix.llvm_version) }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
@@ -25,11 +25,13 @@ jobs:
llvm_version: 16.0.6
url: 'https://github.com/mstorsjo/llvm-mingw/releases/download/20230614/llvm-mingw-20230614-ucrt-ubuntu-20.04-x86_64.tar.xz'
- name: llvm-mingw-20230811-msvcrt
llvm_version: 17.0.0rc1
llvm_version: 17.0.0rc2
url: 'https://github.com/mstorsjo/llvm-mingw/releases/download/20230811/llvm-mingw-20230811-msvcrt-ubuntu-20.04-x86_64.tar.xz'
- name: llvm-mingw-20230811-ucrt
llvm_version: 17.0.0rc1
llvm_version: 17.0.0rc2
url: 'https://github.com/mstorsjo/llvm-mingw/releases/download/20230811/llvm-mingw-20230811-ucrt-ubuntu-20.04-x86_64.tar.xz'
name: ${{ format('{0} {1}', matrix.name, matrix.llvm_version) }}
runs-on: ubuntu-latest
steps:
- name: 'Check out code'
uses: actions/checkout@v3
.github/workflows/weekly-ci-zigcc.yml → .github/workflows/weekly-ci-cc-zigcc.yml
+7 -5
View File
@@ -1,9 +1,11 @@
# Copyright (C) Markus Franz Xaver Johannes Oberhumer
# CompilationCheck: test zigcc
# build with "zig cc"; see https://ziglang.org/download/
name: 'Weekly CI - zigcc'
name: 'Weekly CI CC - zigcc'
on:
schedule: [cron: '50 3 * * 3'] # run weekly Wednesday 03:50 UTC
schedule: [cron: '30 2 * * 3'] # run weekly Wednesday 02:30 UTC
workflow_dispatch:
env:
CMAKE_REQUIRED_QUIET: OFF
@@ -13,9 +15,6 @@ env:
jobs:
job-linux-zigcc: # uses cmake + make
name: ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }}
runs-on: ubuntu-latest
container: 'alpine:3.18' # older versions such as alpine:3.12 also work; no-container also works
strategy:
fail-fast: false
matrix:
@@ -43,6 +42,9 @@ jobs:
- { zig_target: x86_64-macos.12.0-none }
- { zig_target: x86_64-macos.13.0-none }
- { zig_target: x86_64-windows-gnu }
name: ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }}
runs-on: ubuntu-latest
container: 'alpine:3.18' # older versions such as alpine:3.12 also work; no-container also works
env:
# for zig-cc wrapper scripts (see below):
ZIG_CPPFLAGS: -DUPX_DOCTEST_CONFIG_MULTITHREADING
.github/workflows/weekly-ci-rt-checkers.yml
+99
View File
@@ -0,0 +1,99 @@
# Copyright (C) Markus Franz Xaver Johannes Oberhumer
# RunTime test
# runs ASAN, MSAN, qemu and valgrind checkers; slow!
name: 'Weekly CI RT - ASAN MSAN Valgrind'
on:
schedule: [cron: '00 3 * * 3'] # run weekly Wednesday 03:00 UTC
workflow_dispatch:
env:
CMAKE_REQUIRED_QUIET: OFF
DEBIAN_FRONTEND: noninteractive
jobs:
job-runtime-checkers: # uses cmake + make
strategy:
fail-fast: false
matrix:
include:
- container: 'alpine:3.18'
release: debug
qemu: 'qemu-x86_64 -cpu Westmere'
- container: 'alpine:3.18'
release: release
qemu: 'qemu-x86_64 -cpu Westmere'
- container: 'alpine:edge'
release: release
qemu: 'qemu-x86_64 -cpu Westmere'
- container: 'i386/alpine:edge'
release: release
qemu: 'qemu-i386'
name: ${{ format('{0} {1}', matrix.container, matrix.release) }}
runs-on: ubuntu-latest
container: ${{ matrix.container }}
env:
release: ${{ matrix.release }}
steps:
- name: ${{ format('Install packages {0} {1}', matrix.container, matrix.release) }}
run: |
apk update && apk upgrade
apk add bash clang cmake compiler-rt coreutils g++ git make qemu-i386 qemu-x86_64 tar valgrind
# this seems to be needed when running in a container (beause of UID mismatch??)
git config --global --add safe.directory '*'
- name: ${{ format('Check out UPX {0} source code', github.ref_name) }}
run: |
git clone --branch "$GITHUB_REF_NAME" --depth 1 https://github.com/upx/upx .
git submodule update --init
git clone --depth=1 https://github.com/upx/upx-testsuite ../upx-testsuite
- name: 'Build clang-static'
run: |
export CC="clang -static" CXX="clang++ -static"
make UPX_XTARGET=clang-static xtarget/$release
- name: 'Build clang-asan'
if: ${{ !startsWith(matrix.container, 'i386/') }} # i386: ASAN not supported
run: |
# unfortunately ASAN does not support static linking
flags="-fsanitize=address -fsanitize=pointer-compare -fsanitize=pointer-subtract -fsanitize=undefined -fno-omit-frame-pointer -D__SANITIZE_ADDRESS__=1"
export CC="clang $flags" CXX="clang++ $flags"
make UPX_XTARGET=clang-asan xtarget/$release
- name: 'Build clang-msan'
if: ${{ !startsWith(matrix.container, 'i386/') }} # MSAN i386: not supported
run: |
# unfortunately MSAN does not support static linking
flags="-fsanitize=memory -fsanitize=undefined -fno-omit-frame-pointer -D__SANITIZE_ADDRESS__=1 -DDOCTEST_CONFIG_DISABLE=1"
export CC="clang $flags" CXX="clang++ $flags"
make UPX_XTARGET=clang-msan xtarget/$release
- name: 'Make artifact'
run: |
N=$(echo "upx-${GITHUB_REF_NAME}-${GITHUB_SHA:0:7}-weekly-ci-runtime-checkers-${{ matrix.container }}-${{ matrix.release }}" | sed 's/[^0-9a-zA-Z_.-]/-/g')
mkdir -p "tmp/artifact/$N"
(cd build && cp -ai --parents */*/*/upx "../tmp/artifact/$N")
(cd tmp/artifact && tar --sort=name -czf "$N.tar.gz" "$N" && rm -rf "./$N")
# GitHub Actions magic: set "artifact_name" environment value for use in next step
echo "artifact_name=$N" >> $GITHUB_ENV
- name: ${{ format('Upload artifact {0}', env.artifact_name) }}
if: ${{ !startsWith(matrix.container, 'i386/') }} # i386: missing nodejs on host
uses: actions/upload-artifact@v3
with:
name: ${{ env.artifact_name }}
path: tmp/artifact
- name: 'Run testsuite clang-asan'
if: ${{ !startsWith(matrix.container, 'i386/') }} # i386: ASAN not supported
run: |
export ASAN_OPTIONS=detect_invalid_pointer_pairs=2
env -C build/xtarget/clang-asan/$release "$PWD"/misc/testsuite/upx_testsuite_1.sh
- name: 'Run testsuite clang-msan'
if: ${{ !startsWith(matrix.container, 'i386/') }} # i386: MSAN not supported
run: |
env -C build/xtarget/clang-msan/$release "$PWD"/misc/testsuite/upx_testsuite_1.sh
- name: 'Run testsuite clang-static - QEMU'
if: ${{ matrix.qemu }}
run: |
export upx_exe_runner="${{ matrix.qemu }}"
env -C build/xtarget/clang-static/$release "$PWD"/misc/testsuite/upx_testsuite_1.sh
- name: 'Run testsuite clang-static - Valgrind'
if: ${{ true }} # very slow (takes about 30 minutes on current GitHub CI)
run: |
export upx_exe_runner="valgrind --error-exitcode=1 --quiet"
env -C build/xtarget/clang-static/$release "$PWD"/misc/testsuite/upx_testsuite_1.sh