From 7db300f61bb1854f1c48a013c0af603b8f14f1e2 Mon Sep 17 00:00:00 2001 From: "rahul.singh" Date: Mon, 16 Feb 2026 05:03:05 +0100 Subject: [PATCH 1/4] Add sanitizer support using GCC toolchain features --- .bazelrc | 3 ++ .github/workflows/sanitizers.yml | 62 +++++++++++++++++++++++++++++ MODULE.bazel | 4 +- quality/sanitizer/sanitizer.bazelrc | 29 ++++++++++++++ 4 files changed, 96 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/sanitizers.yml create mode 100644 quality/sanitizer/sanitizer.bazelrc diff --git a/.bazelrc b/.bazelrc index 2fd5ced..fcadc62 100644 --- a/.bazelrc +++ b/.bazelrc @@ -86,3 +86,6 @@ coverage --test_env=COVERAGE_GCOV_OPTIONS=-bcu coverage --test_env=LLVM_PROFILE_CONTINUOUS_MODE=1 coverage --cxxopt -mllvm coverage --cxxopt -runtime-counter-relocation + +# Dynamic analysis (sanitizers) for Linux host builds/tests. +try-import %workspace%/quality/sanitizer/sanitizer.bazelrc diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml new file mode 100644 index 0000000..ed861b3 --- /dev/null +++ b/.github/workflows/sanitizers.yml @@ -0,0 +1,62 @@ +# ******************************************************************************* +# Copyright (c) 2026 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# ******************************************************************************* + +name: Sanitizers + +on: + pull_request: + types: [opened, reopened, synchronize] + merge_group: + types: [checks_requested] + +permissions: + contents: read + +jobs: + sanitizer-tests: + name: Bazel Tests (${{ matrix.sanitizer_config }}) + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + sanitizer_config: [asan_ubsan_lsan, tsan] + + steps: + - name: Checkout repository + uses: actions/checkout@v4.2.2 + with: + ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + + - name: Setup Bazel with shared caching + uses: bazel-contrib/setup-bazel@0.18.0 + with: + bazelisk-version: 1.26.0 + disk-cache: true + repository-cache: true + bazelisk-cache: true + cache-save: ${{ github.event_name == 'push' }} + + - name: Run sanitizer tests via Bazel + run: | + set -euo pipefail + echo "Running: bazel test --config=${{ matrix.sanitizer_config }} //score/... //tests/..." + bazel test --config=${{ matrix.sanitizer_config }} //score/... //tests/... + + - name: Upload Bazel test logs (always) + if: always() + uses: actions/upload-artifact@v6 + with: + name: bazel-testlogs-${{ matrix.sanitizer_config }} + path: bazel-testlogs/**/test.log + if-no-files-found: warn diff --git a/MODULE.bazel b/MODULE.bazel index 390cd54..585fadb 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -27,8 +27,8 @@ bazel_dep(name = "platforms", version = "1.0.0") # S-CORE process rules bazel_dep(name = "score_bazel_platforms", version = "0.0.4") -bazel_dep(name = "score_docs_as_code", version = "2.2.0") -bazel_dep(name = "score_tooling", version = "1.1.1") +bazel_dep(name = "score_docs_as_code", version = "2.3.0") +bazel_dep(name = "score_tooling", version = "1.1.2") bazel_dep(name = "score_rust_policies", version = "0.0.3") bazel_dep(name = "score_process", version = "1.4.0", dev_dependency = True) diff --git a/quality/sanitizer/sanitizer.bazelrc b/quality/sanitizer/sanitizer.bazelrc new file mode 100644 index 0000000..240e622 --- /dev/null +++ b/quality/sanitizer/sanitizer.bazelrc @@ -0,0 +1,29 @@ +# ******************************************************************************* +# Copyright (c) 2026 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# ******************************************************************************* + +# ASan + UBSan + LSan +test:asan_ubsan_lsan --config=x86_64-linux +test:asan_ubsan_lsan --compilation_mode=dbg +test:asan_ubsan_lsan --features=asan +test:asan_ubsan_lsan --features=ubsan +test:asan_ubsan_lsan --features=lsan +test:asan_ubsan_lsan --platform_suffix=asan_ubsan_lsan +test:asan_ubsan_lsan --test_env=ASAN_OPTIONS=exitcode=55:allow_addr2line=1:verbosity=1:detect_leaks=1:halt_on_error=1:allocator_may_return_null=1 +test:asan_ubsan_lsan --test_env=UBSAN_OPTIONS=exitcode=55:allow_addr2line=1:verbosity=1:print_stacktrace=1:halt_on_error=1 + +# TSan +test:tsan --config=x86_64-linux +test:tsan --compilation_mode=dbg +test:tsan --features=tsan +test:tsan --platform_suffix=tsan +test:tsan --test_env=TSAN_OPTIONS=exitcode=55:allow_addr2line=1:verbosity=1:halt_on_error=1:detect_deadlocks=1 From 4e639b372e84f2d2a5693a3424479c77bd26d8f0 Mon Sep 17 00:00:00 2001 From: "rahul.singh" Date: Mon, 16 Feb 2026 14:46:55 +0100 Subject: [PATCH 2/4] Update to docs-as-code 3.0.0 and tooling 1.1.0 --- MODULE.bazel | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 585fadb..35580c7 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -27,12 +27,12 @@ bazel_dep(name = "platforms", version = "1.0.0") # S-CORE process rules bazel_dep(name = "score_bazel_platforms", version = "0.0.4") -bazel_dep(name = "score_docs_as_code", version = "2.3.0") -bazel_dep(name = "score_tooling", version = "1.1.2") +bazel_dep(name = "score_docs_as_code", version = "3.0.0") +bazel_dep(name = "score_tooling", version = "1.1.0") bazel_dep(name = "score_rust_policies", version = "0.0.3") bazel_dep(name = "score_process", version = "1.4.0", dev_dependency = True) -bazel_dep(name = "score_platform", version = "0.5.1", dev_dependency = True) +bazel_dep(name = "score_platform", version = "0.5.3", dev_dependency = True) # Toolchains and extensions bazel_dep(name = "score_bazel_cpp_toolchains", version = "0.2.2", dev_dependency = True) @@ -103,10 +103,10 @@ git_override( bazel_dep(name = "score_baselibs", version = "0.2.0") git_override( module_name = "score_baselibs", - commit = "99d49637a2199f33a71edc479d39970e3bdcb271", + commit = "f9dc7a3c00ab2cd13a1e343a6c74e261edc65bed", remote = "https://github.com/eclipse-score/baselibs.git", ) # Rust dependencies -bazel_dep(name = "score_baselibs_rust", version = "0.0.5") +bazel_dep(name = "score_baselibs_rust", version = "0.1.0") From cde3e404c5c204b064b119e8798683ae47c7a3b2 Mon Sep 17 00:00:00 2001 From: "rahul.singh" Date: Mon, 16 Feb 2026 14:56:02 +0100 Subject: [PATCH 3/4] Downgrade tooling to 1.1.0 for compatibility --- MODULE.bazel | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 35580c7..bcb6ad9 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -27,12 +27,12 @@ bazel_dep(name = "platforms", version = "1.0.0") # S-CORE process rules bazel_dep(name = "score_bazel_platforms", version = "0.0.4") -bazel_dep(name = "score_docs_as_code", version = "3.0.0") +bazel_dep(name = "score_docs_as_code", version = "2.3.0") bazel_dep(name = "score_tooling", version = "1.1.0") bazel_dep(name = "score_rust_policies", version = "0.0.3") bazel_dep(name = "score_process", version = "1.4.0", dev_dependency = True) -bazel_dep(name = "score_platform", version = "0.5.3", dev_dependency = True) +bazel_dep(name = "score_platform", version = "0.5.1", dev_dependency = True) # Toolchains and extensions bazel_dep(name = "score_bazel_cpp_toolchains", version = "0.2.2", dev_dependency = True) @@ -103,10 +103,10 @@ git_override( bazel_dep(name = "score_baselibs", version = "0.2.0") git_override( module_name = "score_baselibs", - commit = "f9dc7a3c00ab2cd13a1e343a6c74e261edc65bed", + commit = "99d49637a2199f33a71edc479d39970e3bdcb271", remote = "https://github.com/eclipse-score/baselibs.git", ) # Rust dependencies -bazel_dep(name = "score_baselibs_rust", version = "0.1.0") +bazel_dep(name = "score_baselibs_rust", version = "0.0.5") From a0a7169aaa37762bbd95b2e565aa654586b6ff7e Mon Sep 17 00:00:00 2001 From: "rahul.singh" Date: Mon, 16 Feb 2026 15:15:39 +0100 Subject: [PATCH 4/4] Remove TSan from CI due to kernel compatibility issues --- .github/workflows/sanitizers.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml index ed861b3..47f17e5 100644 --- a/.github/workflows/sanitizers.yml +++ b/.github/workflows/sanitizers.yml @@ -29,7 +29,7 @@ jobs: strategy: fail-fast: false matrix: - sanitizer_config: [asan_ubsan_lsan, tsan] + sanitizer_config: [asan_ubsan_lsan] steps: - name: Checkout repository @@ -50,8 +50,9 @@ jobs: - name: Run sanitizer tests via Bazel run: | set -euo pipefail - echo "Running: bazel test --config=${{ matrix.sanitizer_config }} //score/... //tests/..." - bazel test --config=${{ matrix.sanitizer_config }} //score/... //tests/... + echo "Running: bazel test --config=${{ matrix.sanitizer_config }} //tests/cpp/..." + # Note: Only testing C++ targets as Rust sanitizers require different configuration + bazel test --config=${{ matrix.sanitizer_config }} //tests/cpp/... - name: Upload Bazel test logs (always) if: always()