Hi,
On 2022-11-19 13:18:54 -0800, Andres Freund wrote:
> I'll try to repost a version of the ubsan/asan patch together with the
> sanitycheck patch and see how that looks.
I just pushed the prerequisite patch making UBSAN_OPTIONS work. Attached
is 1) addition of SanityCheck 2) use of asan and ubsan+alignment san to
the linux tasks.
I went with a variation of the find command for SanityCheck's
cores_script, but used -exec to invoke mv, as that results in a nicer
looking commandline imo.
Previously the SanityCheck patch did trigger warnings about only_if not
matching, despite SanityCheck not having an only_if, but I reported that
as a bug to cirrus-ci, and they fixed that.
Pretty happy with this.
Greetings,
Andres Freund
>From be7c1c7683da02b7d0f65c77eb8dc9e5ad852864 Mon Sep 17 00:00:00 2001
From: Andres Freund <and...@anarazel.de>
Date: Sun, 2 Oct 2022 11:26:19 -0700
Subject: [PATCH v4 1/2] ci: Introduce SanityCheck task that other tasks depend
on
Reviewed-by: Justin Pryzby <pry...@telsasoft.com>
Discussion: https://postgr.es/m/20221002205201.injtofbx4ax4e...@awork3.anarazel.de
---
.cirrus.yml | 91 ++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 84 insertions(+), 7 deletions(-)
diff --git a/.cirrus.yml b/.cirrus.yml
index 6f665a207f8..a5679fdfb9b 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -55,6 +55,78 @@ on_failure_meson: &on_failure_meson
type: text/plain
+# To avoid unnecessarily spinning up a lot of VMs / containers for entirely
+# broken commits, have a minimal task that all others depend on.
+task:
+ name: SanityCheck
+
+ # If a specific OS is requested, don't run the sanity check. This shortens
+ # push-wait-for-ci cycle time a bit when debugging operating system specific
+ # failures. Uses skip instead of only_if, as cirrus otherwise warns about
+ # only_if conditions not matching.
+ skip: $CIRRUS_CHANGE_MESSAGE =~ '.*\nci-os-only:.*'
+
+ env:
+ CPUS: 4
+ BUILD_JOBS: 8
+ TEST_JOBS: 8
+ CCACHE_DIR: ${CIRRUS_WORKING_DIR}/ccache_dir
+ # no options enabled, should be small
+ CCACHE_MAXSIZE: "150M"
+
+ # Container starts up quickly, but is slower at runtime, particularly for
+ # tests. Good for the briefly running sanity check.
+ container:
+ image: $CONTAINER_REPO/linux_debian_bullseye_ci:latest
+ cpu: $CPUS
+
+ ccache_cache:
+ folder: $CCACHE_DIR
+
+ create_user_script: |
+ useradd -m postgres
+ chown -R postgres:postgres .
+ mkdir -p ${CCACHE_DIR}
+ chown -R postgres:postgres ${CCACHE_DIR}
+ echo '* - memlock 134217728' > /etc/security/limits.d/postgres.conf
+ su postgres -c "ulimit -l -H && ulimit -l -S"
+ # Can't change container's kernel.core_pattern. Postgres user can't write
+ # to / normally. Change that.
+ chown root:postgres /
+ chmod g+rwx /
+
+ configure_script: |
+ su postgres <<-EOF
+ meson setup \
+ --buildtype=debug \
+ --auto-features=disabled \
+ -Dtap_tests=enabled \
+ build
+ EOF
+ build_script: |
+ su postgres <<-EOF
+ ninja -C build -j${BUILD_JOBS}
+ EOF
+ upload_caches: ccache
+
+ # Run a minimal set of tests. The main regression tests take too long for
+ # this purpose. For now this is a random quick pg_regress style test, and a
+ # tap test that exercises both a frontend binary and the backend.
+ test_minimal_script: |
+ su postgres <<-EOF
+ ulimit -c unlimited
+ meson test $MTEST_ARGS --num-processes ${TEST_JOBS} \
+ tmp_install cube/regress pg_ctl/001_start_stop
+ EOF
+
+ on_failure:
+ <<: *on_failure_meson
+ cores_script: |
+ mkdir -m 770 /tmp/cores
+ find / -maxdepth 1 -type f -name 'core*' -exec mv '{}' /tmp/cores/ \;
+ src/tools/ci/cores_backtrace.sh linux /tmp/cores
+
+
task:
name: FreeBSD - 13 - Meson
@@ -69,6 +141,7 @@ task:
CPPFLAGS: -DRELCACHE_FORCE_RELEASE -DCOPY_PARSE_PLAN_TREES -DWRITE_READ_PARSE_PLAN_TREES -DRAW_EXPRESSION_COVERAGE_TEST
CFLAGS: -Og -ggdb
+ depends_on: SanityCheck
only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\nci-os-only:.*' || $CIRRUS_CHANGE_MESSAGE =~ '.*\nci-os-only:[^\n]*freebsd.*'
compute_engine_instance:
@@ -170,6 +243,7 @@ task:
LINUX_CONFIGURE_FEATURES: *LINUX_CONFIGURE_FEATURES
LINUX_MESON_FEATURES: *LINUX_MESON_FEATURES
+ depends_on: SanityCheck
only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\nci-os-only:.*' || $CIRRUS_CHANGE_MESSAGE =~ '.*\nci-os-only:[^\n]*linux.*'
compute_engine_instance:
@@ -311,6 +385,7 @@ task:
CFLAGS: -Og -ggdb
CXXFLAGS: -Og -ggdb
+ depends_on: SanityCheck
only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\nci-os-only:.*' || $CIRRUS_CHANGE_MESSAGE =~ '.*\nci-os-only:[^\n]*(macos|darwin|osx).*'
osx_instance:
@@ -439,6 +514,7 @@ task:
# 0x8001 is SEM_FAILCRITICALERRORS | SEM_NOOPENFILEERRORBOX
CIRRUS_WINDOWS_ERROR_MODE: 0x8001
+ depends_on: SanityCheck
only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\nci-os-only:.*' || $CIRRUS_CHANGE_MESSAGE =~ '.*\nci-os-only:[^\n]*windows.*'
windows_container:
@@ -478,6 +554,8 @@ task:
# worth using only_if despite being manual, otherwise this task will show up
# when e.g. ci-os-only: linux is used.
only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\nci-os-only:.*' || $CIRRUS_CHANGE_MESSAGE =~ '.*\nci-os-only:[^\n]*mingw.*'
+ # otherwise it'll be sorted before other tasks
+ depends_on: SanityCheck
windows_container:
image: $CONTAINER_REPO/windows_ci_mingw64:latest
@@ -532,9 +610,12 @@ task:
task:
name: CompilerWarnings
- # To limit unnecessary work only run this once the normal linux test succeeds
- depends_on:
- - Linux - Debian Bullseye - Meson
+ # To limit unnecessary work only run this once the SanityCheck
+ # succeeds. This is particularly important for this task as we intentionally
+ # use always: to continue after failures. Task that did not run count as a
+ # success, so we need to recheck SanityChecks's condition here ...
+ depends_on: SanityCheck
+ only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\nci-os-only:.*'
env:
CPUS: 4
@@ -548,10 +629,6 @@ task:
LINUX_CONFIGURE_FEATURES: *LINUX_CONFIGURE_FEATURES
LINUX_MESON_FEATURES: *LINUX_MESON_FEATURES
- # task that did not run, count as a success, so we need to recheck Linux'
- # condition here ...
- only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\nci-os-only:.*' || $CIRRUS_CHANGE_MESSAGE =~ '.*\nci-os-only:[^\n]*linux.*'
-
container:
image: $CONTAINER_REPO/linux_debian_bullseye_ci:latest
cpu: $CPUS
--
2.37.1.188.g71a8fab31b
>From ef127f2b13f82f9da683a65e082cebcf9c7be15d Mon Sep 17 00:00:00 2001
From: Andres Freund <and...@anarazel.de>
Date: Thu, 29 Sep 2022 17:44:45 -0700
Subject: [PATCH v4 2/2] ci: use -fsanitize=undefined,alignment in linux tasks
---
.cirrus.yml | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/.cirrus.yml b/.cirrus.yml
index a5679fdfb9b..93ea6524a7a 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -235,8 +235,28 @@ task:
CCACHE_DIR: /tmp/ccache_dir
DEBUGINFOD_URLS: "https://debuginfod.debian.net";
- CFLAGS: -Og -ggdb
- CXXFLAGS: -Og -ggdb
+ # Enable a reasonable set of sanitizers. Use the linux task for that, as
+ # it currently is the fastest task. Also several of the sanitizers work
+ # best on linux.
+ #
+ # The overhead of alignment sanitizer is low, undefined behaviour has
+ # moderate overhead. Test alignment sanitizer in the meson task, as it
+ # does both 32 and 64 bit builds and is thus more likely to expose
+ # alignment bugs.
+ #
+ # Address sanitizer in contrast somewhat expensive. Enable it in the
+ # autoconf task, as the meson task tests both 32 and 64bit.
+ #
+ # disable_coredump=0, abort_on_error=1: for useful backtraces in case of crashes
+ # print_stacktraces=1,verbosity=2, duh
+ # detect_leaks=0: too many uninteresting leak errors in short-lived binaries
+ UBSAN_OPTIONS: print_stacktrace=1:disable_coredump=0:abort_on_error=1:verbosity=2
+ ASAN_OPTIONS: print_stacktrace=1:disable_coredump=0:abort_on_error=1:detect_leaks=0
+
+ # SANITIZER_FLAGS is set in the tasks below
+ CFLAGS: -Og -ggdb -fno-sanitize-recover=all $SANITIZER_FLAGS
+ CXXFLAGS: $CFLAGS
+ LDFLAGS: $SANITIZER_FLAGS
CC: ccache gcc
CXX: ccache g++
@@ -280,6 +300,9 @@ task:
matrix:
- name: Linux - Debian Bullseye - Autoconf
+ env:
+ SANITIZER_FLAGS: -fsanitize=address
+
configure_script: |
su postgres <<-EOF
./configure \
@@ -306,6 +329,7 @@ task:
env:
CCACHE_MAXSIZE: "400M" # tests two different builds
+ SANITIZER_FLAGS: -fsanitize=alignment,undefined
configure_script: |
su postgres <<-EOF
--
2.37.1.188.g71a8fab31b
