[gnutls-devel] GnuTLS | UB+ASAN: Fail tests if UB detected (!1136)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jan 2 17:23:12 CET 2020




Tim Rühsen commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266554253

> +  - export UBSAN_OPTIONS=print_stacktrace=1:suppressions=$(pwd)/devel/ubsan.supp
> +  - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
> +  - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope"
> +  - export CXXFLAGS="$CFLAGS"
> +  - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration
> +  - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
>    - make -j$(nproc)
> -  - make check -j$(nproc)
> -  - CFLAGS="-std=c99 -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2" CXXFLAGS=$CFLAGS LDFLAGS="-static-libubsan" dash ./configure
> -   --cache-file cache/config.cache --disable-non-suiteb-curves --disable-guile --disable-doc --disable-full-test-suite --with-default-trust-store-pkcs11="pkcs11:"
> +  - sed -i 's/-Werror//g' fuzz/Makefile tests/Makefile tests/slow/Makefile
> +  - make check -j$(nproc) -C fuzz
> +  - make check -j$(nproc) -C tests
> +  - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration --with-default-trust-store-pkcs11="pkcs11:"
>    - make clean
> +  - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile

Because of several autogen issues like this:
```
cli-debug-args.c:345:41: error: suggest parentheses around arithmetic in operand of '|' [-Werror=parentheses]
  345 | # define OPTPROC_BASE OPTPROC_TRANSLATE | OPTPROC_NXLAT_OPT
      |                                         ^
```

IMO, a comment in `.gitlab-ci.yml` is not needed since we all see these warning every time we compile.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266554253
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200102/eea4a2b0/attachment-0001.html>


More information about the Gnutls-devel mailing list