Skip to content

Commit

Permalink
Add a CircleCI job to test oqs-provider against memory leaks.
Browse files Browse the repository at this point in the history
This commit introduces a new CircleCI job called `check-ASan-tests` that compiles
OpenSSL 3, liboqs and oqs-provider with ASan (`-fsanitize=address`). Then, it
runs the CTest suite.

If any memory leak occurs somewhere and is triggered in one of the various unit tests,
then this CircleCI job fails and displays the ASan trace.
  • Loading branch information
thb-sb committed Sep 6, 2023
1 parent cc3895f commit e65ebe2
Showing 1 changed file with 80 additions and 0 deletions.
80 changes: 80 additions & 0 deletions .github/workflows/asan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
name: ASan tests

on:
push:
branches: [ '*' ]
pull_request:
branches: [ "main" ]

jobs:

asan_linux_intel:
runs-on: ubuntu-latest
strategy:
fail-fast: false
container:
image: openquantumsafe/ci-ubuntu-jammy:latest
env:
CC: "clang"
CXX: "clang++"
ASAN_C_FLAGS: "-fsanitize=address -fno-omit-frame-pointer"
ASAN_OPTIONS: "detect_stack_use_after_return=1,detect_leaks=1"
OPENSSL_BRANCH: "openssl-3.1"
steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Install dependencies
run: apt-get update && apt-get install -y clang llvm ninja-build git cmake libclang-rt-14-dev libclang-common-14-dev

- name: Clone and build OpenSSL(3) with ASan
run: |
git clone --depth=1 --branch "${OPENSSL_BRANCH}" https://github.com/openssl/openssl.git openssl
cd openssl
mkdir install
./Configure --openssldir="${PWD}/install" \
--prefix="${PWD}/install" \
--debug \
enable-asan \
no-tests
make -j$(nproc)
make install_sw
cd ..
- name: Clone and build liboqs with ASan
run: |
git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
cd liboqs
mkdir build install
cmake -GNinja -B build \
-DCMAKE_BUILD_TYPE=Debug \
-DOQS_USE_OPENSSL=OFF \
-DCMAKE_C_FLAGS="${ASAN_C_FLAGS}" \
-DCMAKE_EXE_LINKER_FLAGS="${ASAN_C_FLAGS}" \
-DCMAKE_INSTALL_PREFIX="${PWD}/install"
cmake --build build -j$(nproc)
cmake --install build
cd ..
- name: Build oqs-provider with ASan
run: |
cmake -GNinja -B build \
-DCMAKE_BUILD_TYPE=Debug \
-DOPENSSL_ROOT_DIR="$PWD/openssl/install" \
-Dliboqs_DIR="$PWD/liboqs/install/lib/cmake/liboqs" \
-DCMAKE_C_FLAGS="${ASAN_C_FLAGS}" \
-DCMAKE_EXE_LINKER_FLAGS="${ASAN_C_FLAGS}"
cmake --build build -j$(nproc)
- name: Verify that test binaries are linked against ASan
run: |
find build/test/ -type f -perm '/u=x' | while read -r test_bin; do
if ! nm "${test_bin}" | grep -q '__local_asan_preinit'; then
echo "ASan not found in ${test_bin}"
exit 1
fi
done
- name: Run tests
run: ctest --test-dir build --output-on-failure

0 comments on commit e65ebe2

Please sign in to comment.