Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitization and Fuzzing #458

Open
hmelder opened this issue Nov 5, 2024 · 8 comments
Open

Sanitization and Fuzzing #458

hmelder opened this issue Nov 5, 2024 · 8 comments
Assignees
Labels
enhancement Label issues that propose improvements to existing features.

Comments

@hmelder
Copy link
Contributor

hmelder commented Nov 5, 2024

It would be great to run address and ub sanitisation during testing in CI.

@hmelder hmelder added the enhancement Label issues that propose improvements to existing features. label Nov 5, 2024
@hmelder hmelder self-assigned this Nov 5, 2024
@rfm
Copy link
Contributor

rfm commented Nov 8, 2024 via email

@hmelder
Copy link
Contributor Author

hmelder commented Nov 8, 2024

What sort of thing did you have in mind?

Address sanitization greatly helps to reduce memory errors and time spend debugging them. Running the unit tests with CI is a good start as we already have decent code coverage.

However, I've just noticed that we leak a lot of memory that we don't cleanup before program exit, which results in ASAN being triggered in nearly every ObjC program compiled with GNUstep. There is an ignore list we can use.

Here is a patch to get ASAN working for projects using GNUstep Make: gnustep/tools-make#47.

@rfm
Copy link
Contributor

rfm commented Nov 15, 2024

I updated that adding en environment variable setting GS_WITH_ASAN=1 to turn it on.
With that it's easy to build both the libraries and run their tests with asan.
Of course, most tests then fail because asan aborts them at the end because the testcases are quite happy to leak objects ... I'm working on fixing that (and improving cleanup at exit and other changes to prevent normally harmless leaks etc in the base library) in the atexit branch.

@hmelder
Copy link
Contributor Author

hmelder commented Nov 16, 2024

I'm working on fixing that (and improving cleanup at exit and other changes to prevent normally harmless leaks etc in the base library) in the atexit branch.

Thank you very much. I can help you with that.

@rfm
Copy link
Contributor

rfm commented Nov 29, 2024

I spent about 8 days getting most of the base library tests to pass. That's mostly(say 95%) fixing leaks in the testcases (previously there was no incentive to avoid leaking memory in a short-running test), but also quite a few issues in the base library.

The remaining issues are with some of the code I'm least familiar with:
Some of the NSURLConnection tests leaking; I'm planning to look into those next.
Leaks in the NSURLSession tests: perhaps you could look at that?
Leaks in some of the NSXMLNode etc tests: probably Greg would be best to look into those (I think they are libxml2 bugs or errors in the way we interact with libxml2 memory management).

@rfm
Copy link
Contributor

rfm commented Nov 30, 2024

`I spent all yesterday tracking down and fixing the issues that were causing leaks in NSURLConnection tests.
As part of that I improved the new -trackOwnership method to report tracked instances still in existence at process exit and fixed subtle errors in that code related to situations where we instantiate instances of subclasses of a tracked class and/or track those subclass instances. Tracking the lifecycle of an individual object should now be reliable and easy.

@rfm
Copy link
Contributor

rfm commented Nov 30, 2024

Changed GS_WITH_ASAN to be GNUSTEP_WITH_ASAN
Added --asan option to gnustep-tests and made it report tests with an exitcode of 23 as leaked memory.
Added lsan.txt file in Tests/base directory with suppression information for the gnu runtime
Added a load of changes to get most tests to pass when we build with gcc and the gnu runtime setting:
GNUSTEP_WITH_ASAN=1
LSAN_OPTIONS=exitcode=23:suppressions=/home/richard/git/libs-base/Tests/base/lsan.txt

Testcases for NSURLSession and the NSXMLNode classes still fail.
I will take a look at the libxml2 integration next, but will probably need help from Greg, and can't get round to it immediately anyway as I'm away on Monday and Tuesday,

@rfm
Copy link
Contributor

rfm commented Dec 23, 2024

I have fixed the leaks ion the NSXML... code and testcases, both for clang and gcc (the two behave a little differently in what they consider to be leaks).
The only outstanding thingpreventing us from turning this on within CI is the NSURLSession code/tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Label issues that propose improvements to existing features.
Development

No branches or pull requests

2 participants