[Memory Safety] Memory Safety Analysis Report — 2026-03-12 — Artifacts Unavailable

[github-actions[bot]]

Date: 2026-03-12
Commit: 664c8ca on branch master
Triggered by: workflow_run (Memory Safety Analysis completed)
Triggering Workflow Run: #22987768452
Report Run: #22988615250

---

⚠️ Artifact Retrieval Failed

The Memory Safety Analysis workflow (run #22987768452) completed and triggered this report, but the sanitizer artifacts could not be downloaded.

Root cause: The GH_TOKEN environment variable is not available to the report agent in its execution environment (credential isolation in the agentic workflow sandbox). The gh run download command requires an authenticated token with actions:read scope, which was not injected into the agent process.

To view results: Navigate directly to the triggering workflow run and download the asan-reports and ubsan-reports artifacts manually, or check the workflow step summary.

---

Trend Tracking

First report run — no historical cache data available for comparison.

Metric	Value
Previous run data	Not available (first run)
ASan findings	Unknown — artifact unavailable
UBSan findings	Unknown — artifact unavailable
New regressions	Unknown

---

Known Existing Suppressions

The repository has a small set of pre-existing known issues that are suppressed:

UBSan Suppressions (contrib/suppressions/sanitizers/ubsan.txt)

⚠️ The suppression file itself notes: "UBSan doesn't usually have false positives so we need to fix all of these!"

Suppression	Location	Issue Link
null dereference	rational.h	#964 — occurs when running tptp example
null dereference	mpq.h	#964 — occurs when running tptp example

ASan Suppressions (contrib/suppressions/sanitizers/asan.txt)

No active ASan suppressions — file is empty.

---

Memory Safety Workflow Configuration

The memory-safety.yml workflow runs the following analyses on commit 664c8ca:

Job	Tool	Tests Run
asan-test	AddressSanitizer (clang, -fsanitize=address)	Unit tests, SMT-LIB2 benchmarks, regression suite
ubsan-test	UndefinedBehaviorSanitizer (clang, -fsanitize=undefined)	Unit tests, SMT-LIB2 benchmarks, regression suite

Build flags:

• ASan: -fsanitize=address -fno-omit-frame-pointer -fno-optimize-sibling-calls, detect_leaks=1
• UBSan: -fsanitize=undefined -fno-omit-frame-pointer -fsanitize-recover=all

---

Recommendations

1. Fix the credential gap: The memory-safety-report.md workflow specifies permissions: actions: read, but the GH_TOKEN is not being forwarded to the agent process. Check the lock file (memory-safety-report.lock.yml) to ensure the agent step receives the token from the environment.

2. Address the existing UBSan suppressions: The null-dereference issues in rational.h and mpq.h (issue #964) are flagged as needing fixes (not false positives) by the suppression file comment.

3. Re-run to get results: Trigger the Memory Safety Analysis workflow manually with workflow_dispatch and full_scan: true to get complete coverage, then view results directly in the workflow run artifacts.

---

Raw Data / Cache State

{
  "last_run": {
    "date": "2026-03-12",
    "commit_sha": "664c8ca73aaa3d49289812e7463c48c8e4521542",
    "commit_short": "664c8ca",
    "branch": "master",
    "triggering_run_id": "22987768452",
    "report_run_id": "22988615250",
    "artifacts_available": false,
    "reason": "GH_TOKEN not available in agent environment — credential isolation"
  },
  "findings": {
    "total": null,
    "asan": null,
    "ubsan": null,
    "status": "unavailable"
  },
  "known_suppressions": {
    "ubsan": ["null:rational.h", "null:mpq.h"],
    "asan": []
  }
}

AI generated by Memory Safety Analysis Report Generator · history

• expires on Mar 19, 2026, 5:59 AM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-03-19T05:59:02.044Z.

Closed by Workflow