Merge pull request #14016 from xokdvium/asan

treewide: Support builds with ASAN, enable in CI

Author: Ericson2314

ci/gha/tests/default.nix

@@ -24,16 +24,7 @@ let
   enableSanitizersLayer = finalAttrs: prevAttrs: {
     mesonFlags =
       (prevAttrs.mesonFlags or [ ])
-      ++ [
-        # Run all tests with UBSAN enabled. Running both with ubsan and
-        # without doesn't seem to have much immediate benefit for doubling
-        # the GHA CI workaround.
-        #
-        # TODO: Work toward enabling "address,undefined" if it seems feasible.
-        # This would maybe require dropping Boost coroutines and ignoring intentional
-        # memory leaks with detect_leaks=0.
-        (lib.mesonOption "b_sanitize" "undefined")
-      ]
+      ++ [ (lib.mesonOption "b_sanitize" "address,undefined") ]
       ++ (lib.optionals stdenv.cc.isClang [
         # https://www.github.com/mesonbuild/meson/issues/764
         (lib.mesonBool "b_lundef" false)
@@ -71,8 +62,12 @@ rec {
   nixComponentsInstrumented = nixComponents.overrideScope (
     final: prev: {
       nix-store-tests = prev.nix-store-tests.override { withBenchmarks = true; };
+      # Boehm is incompatible with ASAN.
+      nix-expr = prev.nix-expr.override { enableGC = !withSanitizers; };
 
       mesonComponentOverrides = lib.composeManyExtensions componentOverrides;
+      # Unclear how to make Perl bindings work with a dynamically linked ASAN.
+      nix-perl-bindings = if withSanitizers then null else prev.nix-perl-bindings;
     }
   );
 

doc/manual/meson.build

@@ -15,6 +15,7 @@ pymod = import('python')
 python = pymod.find_installation('python3')
 
 nix_env_for_docs = {
+  'ASAN_OPTIONS' : 'abort_on_error=1:print_summary=1:detect_leaks=0',
   'HOME' : '/dummy',
   'NIX_CONF_DIR' : '/dummy',
   'NIX_SSL_CERT_FILE' : '/dummy/no-ca-bundle.crt',

doc/manual/source/command-ref/meson.build

@@ -2,6 +2,7 @@ xp_features_json = custom_target(
   command : [ nix, '__dump-xp-features' ],
   capture : true,
   output : 'xp-features.json',
+  env : nix_env_for_docs,
 )
 
 experimental_features_shortlist_md = custom_target(

doc/manual/source/development/debugging.md

@@ -24,6 +24,19 @@ It is also possible to build without debugging for faster build:
 
 (The first line is needed because `fortify` hardening requires at least some optimization.)
 
+## Building Nix with sanitizers
+
+Nix can be built with [Address](https://clang.llvm.org/docs/AddressSanitizer.html) and
+[UB](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html) sanitizers using LLVM
+or GCC. This is useful when debugging memory corruption issues.
+
+```console
+[nix-shell]$ export mesonBuildType=debugoptimized
+[nix-shell]$ appendToVar mesonFlags "-Dlibexpr:gc=disabled" # Disable Boehm
+[nix-shell]$ appendToVar mesonFlags "-Dbindings=false" # Disable nix-perl
+[nix-shell]$ appendToVar mesonFlags "-Db_sanitize=address,undefined"
+```
+
 ## Debugging the Nix Binary
 
 Obtain your preferred debugger within the development shell:

doc/manual/source/development/meson.build

@@ -7,5 +7,6 @@ experimental_feature_descriptions_md = custom_target(
     xp_features_json,
   ],
   capture : true,
+  env : nix_env_for_docs,
   output : 'experimental-feature-descriptions.md',
 )

meson.build

@@ -41,8 +41,10 @@ subproject('libexpr-c')
 subproject('libflake-c')
 subproject('libmain-c')
 
+asan_enabled = 'address' in get_option('b_sanitize')
+
 # Language Bindings
-if get_option('bindings') and not meson.is_cross_build()
+if get_option('bindings') and not meson.is_cross_build() and not asan_enabled
   subproject('perl')
 endif
 

nix-meson-build-support/asan-options/meson.build

@@ -0,0 +1,12 @@
+asan_test_options_env = {
+  'ASAN_OPTIONS' : 'abort_on_error=1:print_summary=1:detect_leaks=0',
+}
+
+# Clang gets grumpy about missing libasan symbols if -shared-libasan is not
+# passed when building shared libs, at least on Linux
+if cxx.get_id() == 'clang' and ('address' in get_option('b_sanitize') or 'undefined' in get_option(
+  'b_sanitize',
+))
+  add_project_link_arguments('-shared-libasan', language : 'cpp')
+endif
+

nix-meson-build-support/common/meson.build

@@ -33,13 +33,5 @@ if cxx.get_id() == 'clang'
   add_project_arguments('-fpch-instantiate-templates', language : 'cpp')
 endif
 
-# Clang gets grumpy about missing libasan symbols if -shared-libasan is not
-# passed when building shared libs, at least on Linux
-if cxx.get_id() == 'clang' and ('address' in get_option('b_sanitize') or 'undefined' in get_option(
-  'b_sanitize',
-))
-  add_project_link_arguments('-shared-libasan', language : 'cpp')
-endif
-
 # Darwin ld doesn't like "X.Y.Zpre"
 nix_soversion = meson.project_version().replace('pre', '')

src/libcmd/meson.build

@@ -67,6 +67,7 @@ config_priv_h = configure_file(
 )
 
 subdir('nix-meson-build-support/common')
+subdir('nix-meson-build-support/asan-options')
 
 sources = files(
   'built-path.cc',

src/libexpr-c/meson.build

@@ -28,6 +28,7 @@ deps_public_maybe_subproject = [
 subdir('nix-meson-build-support/subprojects')
 
 subdir('nix-meson-build-support/common')
+subdir('nix-meson-build-support/asan-options')
 
 sources = files(
   'nix_api_expr.cc',