fix #14077: fuzzing crash (assert) in Token::update_property_info()…
          
            #2745
        
      
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | # Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions | |
| # Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners | |
| name: selfcheck | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'releases/**' | |
| - '2.*' | |
| tags: | |
| - '2.*' | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| env: | |
| QT_VERSION: 6.9.1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: ccache | |
| uses: hendrikmuhs/[email protected] | |
| with: | |
| key: ${{ github.workflow }}-${{ runner.os }} | |
| - name: Install missing software | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install clang-14 | |
| sudo apt-get install libboost-container-dev | |
| sudo apt-get install valgrind | |
| sudo apt-get install -y libgl-dev # fixes missing dependency for Qt in CMake | |
| - name: Install Qt ${{ env.QT_VERSION }} | |
| uses: jurplel/install-qt-action@v4 | |
| with: | |
| version: ${{ env.QT_VERSION }} | |
| modules: 'qtcharts' | |
| setup-python: 'false' | |
| install-deps: false | |
| cache: true | |
| # TODO: cache this - perform same build as for the other self check | |
| - name: Self check (build) | |
| run: | | |
| export PATH="/usr/lib/ccache:/usr/local/opt/ccache/libexec:$PATH" | |
| # valgrind cannot handle DWARF 5 yet so force version 4 | |
| # work around performance regression with -inline-deferral | |
| make -j$(nproc) CXXOPTS="-Werror -O2 -gdwarf-4" CPPOPTS="-DHAVE_BOOST -mllvm -inline-deferral" MATCHCOMPILER=yes CPPCHK_GLIBCXX_DEBUG= | |
| env: | |
| CC: clang-14 | |
| CXX: clang++-14 | |
| # unusedFunction - start | |
| - name: CMake | |
| run: | | |
| cmake -S . -B cmake.output -G "Unix Makefiles" -DHAVE_RULES=On -DBUILD_TESTS=On -DBUILD_GUI=ON -DWITH_QCHART=ON -DBUILD_TRIAGE=On -DENABLE_CHECK_INTERNAL=On -DCMAKE_GLOBAL_AUTOGEN_TARGET=On -DDISABLE_DMAKE=On -DCPPCHK_GLIBCXX_DEBUG=Off | |
| - name: Generate dependencies | |
| run: | | |
| # make sure auto-generated GUI files exist | |
| make -C cmake.output autogen | |
| # make sure the precompiled headers exist | |
| make -C cmake.output lib/CMakeFiles/cppcheck-core.dir/cmake_pch.hxx.cxx | |
| make -C cmake.output test/CMakeFiles/testrunner.dir/cmake_pch.hxx.cxx | |
| # make sure the auto-generated GUI dependencies exist | |
| make -C cmake.output gui-build-deps | |
| # TODO: find a way to report unmatched suppressions without need to add information checks | |
| - name: Self check (unusedFunction) | |
| if: false # TODO: fails with preprocessorErrorDirective - see #10667 | |
| run: | | |
| ./cppcheck -q --template=selfcheck --error-exitcode=1 --library=cppcheck-lib --library=qt -D__CPPCHECK__ -D__GNUC__ -DQT_VERSION=0x060000 -DQ_MOC_OUTPUT_REVISION=69 -DQT_CHARTS_LIB -DQT_MOC_HAS_STRINGDATA --enable=unusedFunction --exception-handling -rp=. --project=cmake.output/compile_commands.json --suppressions-list=.selfcheck_unused_suppressions --inline-suppr | |
| env: | |
| DISABLE_VALUEFLOW: 1 | |
| UNUSEDFUNCTION_ONLY: 1 | |
| # unusedFunction - end | |
| # the following steps are duplicated from above since setting up the build node in a parallel step takes longer than the actual steps | |
| # unusedFunction notest - start | |
| - name: CMake (no test) | |
| run: | | |
| cmake -S . -B cmake.output.notest -G "Unix Makefiles" -DHAVE_RULES=On -DBUILD_TESTS=Off -DBUILD_GUI=ON -DBUILD_TRIAGE=On -DWITH_QCHART=ON -DENABLE_CHECK_INTERNAL=On -DCMAKE_GLOBAL_AUTOGEN_TARGET=On -DDISABLE_DMAKE=On -DCPPCHK_GLIBCXX_DEBUG=Off | |
| - name: Generate dependencies (no test) | |
| run: | | |
| # make sure auto-generated GUI files exist | |
| make -C cmake.output.notest autogen | |
| # make sure the precompiled headers exist | |
| make -C cmake.output.notest lib/CMakeFiles/cppcheck-core.dir/cmake_pch.hxx.cxx | |
| # make sure the auto-generated GUI dependencies exist | |
| make -C cmake.output.notest gui-build-deps | |
| # TODO: find a way to report unmatched suppressions without need to add information checks | |
| - name: Self check (unusedFunction / no test) | |
| run: | | |
| ./cppcheck -q --template=selfcheck --error-exitcode=1 --library=cppcheck-lib --library=qt -D__CPPCHECK__ -D__GNUC__ -DQT_VERSION=0x060000 -DQ_MOC_OUTPUT_REVISION=69 -DQT_CHARTS_LIB -DQT_MOC_HAS_STRINGDATA --enable=unusedFunction --exception-handling -rp=. --project=cmake.output.notest/compile_commands.json --suppressions-list=.selfcheck_unused_suppressions --inline-suppr | |
| env: | |
| DISABLE_VALUEFLOW: 1 | |
| UNUSEDFUNCTION_ONLY: 1 | |
| # unusedFunction notest - end | |
| # unusedFunction notest nogui - start | |
| - name: CMake (no test / no gui) | |
| run: | | |
| cmake -S . -B cmake.output.notest_nogui -G "Unix Makefiles" -DHAVE_RULES=On -DBUILD_TESTS=Off -DENABLE_CHECK_INTERNAL=On -DCPPCHK_GLIBCXX_DEBUG=Off | |
| - name: Generate dependencies (no test / no gui) | |
| run: | | |
| # make sure the precompiled headers exist | |
| make -C cmake.output.notest_nogui lib/CMakeFiles/cppcheck-core.dir/cmake_pch.hxx.cxx | |
| # TODO: find a way to report unmatched suppressions without need to add information checks | |
| - name: Self check (unusedFunction / no test / no gui) | |
| run: | | |
| ./cppcheck -q --template=selfcheck --error-exitcode=1 --library=cppcheck-lib -D__CPPCHECK__ -D__GNUC__ --enable=unusedFunction --exception-handling -rp=. --project=cmake.output.notest_nogui/compile_commands.json --suppressions-list=.selfcheck_unused_suppressions --inline-suppr | |
| env: | |
| DISABLE_VALUEFLOW: 1 | |
| UNUSEDFUNCTION_ONLY: 1 | |
| # unusedFunction notest nogui - end | |
| # unusedFunction notest nocli - start | |
| - name: CMake (no test / no cli) | |
| run: | | |
| cmake -S . -B cmake.output.notest_nocli -G "Unix Makefiles" -DHAVE_RULES=On -DBUILD_TESTS=Off -DBUILD_CLI=Off -DBUILD_GUI=ON -DWITH_QCHART=ON -DBUILD_TRIAGE=On -DENABLE_CHECK_INTERNAL=On -DCMAKE_GLOBAL_AUTOGEN_TARGET=On -DDISABLE_DMAKE=On -DCPPCHK_GLIBCXX_DEBUG=Off | |
| - name: Generate dependencies (no test / no cli) | |
| run: | | |
| # make sure auto-generated GUI files exist | |
| make -C cmake.output.notest_nocli autogen | |
| # make sure the precompiled headers exist | |
| make -C cmake.output.notest_nocli lib/CMakeFiles/cppcheck-core.dir/cmake_pch.hxx.cxx | |
| # make sure the auto-generated GUI dependencies exist | |
| make -C cmake.output.notest_nocli gui-build-deps | |
| # TODO: find a way to report unmatched suppressions without need to add information checks | |
| - name: Self check (unusedFunction / no test / no cli) | |
| if: false # TODO: the findings are currently too intrusive | |
| run: | | |
| ./cppcheck -q --template=selfcheck --error-exitcode=1 --library=cppcheck-lib --library=qt -D__CPPCHECK__ -D__GNUC__ -DQT_VERSION=0x060000 -DQ_MOC_OUTPUT_REVISION=69 -DQT_CHARTS_LIB -DQT_MOC_HAS_STRINGDATA --enable=unusedFunction --exception-handling -rp=. --project=cmake.output.notest_nocli/compile_commands.json --suppressions-list=.selfcheck_unused_suppressions --inline-suppr | |
| env: | |
| DISABLE_VALUEFLOW: 1 | |
| UNUSEDFUNCTION_ONLY: 1 | |
| # unusedFunction notest nocli - end | |
| # unusedFunction notest nocli nogui - start | |
| - name: CMake (no test / no cli / no gui) | |
| run: | | |
| cmake -S . -B cmake.output.notest_nocli_nogui -G "Unix Makefiles" -DHAVE_RULES=On -DBUILD_TESTS=Off -DBUILD_CLI=Off -DBUILD_GUI=Off -DENABLE_CHECK_INTERNAL=On -DCPPCHK_GLIBCXX_DEBUG=Off | |
| - name: Generate dependencies (no test / no cli / no gui) | |
| run: | | |
| # make sure the precompiled headers exist | |
| make -C cmake.output.notest_nocli_nogui lib/CMakeFiles/cppcheck-core.dir/cmake_pch.hxx.cxx | |
| # TODO: find a way to report unmatched suppressions without need to add information checks | |
| - name: Self check (unusedFunction / no test / no cli / no gui) | |
| if: false # TODO: the findings are currently too intrusive | |
| run: | | |
| ./cppcheck -q --template=selfcheck --error-exitcode=1 --library=cppcheck-lib --library=qt -D__CPPCHECK__ -D__GNUC__ --enable=unusedFunction --exception-handling -rp=. --project=cmake.output.notest_nocli_nogui/compile_commands.json --suppressions-list=.selfcheck_unused_suppressions --inline-suppr | |
| env: | |
| DISABLE_VALUEFLOW: 1 | |
| UNUSEDFUNCTION_ONLY: 1 | |
| # unusedFunction notest nocli nogui - end | |
| - name: Fetch corpus | |
| run: | | |
| wget https://github.com/danmar/cppcheck/archive/refs/tags/2.8.tar.gz | |
| tar xvf 2.8.tar.gz | |
| - name: CMake (corpus / no test) | |
| run: | | |
| cmake -S cppcheck-2.8 -B cmake.output.corpus -G "Unix Makefiles" -DHAVE_RULES=On -DBUILD_TESTS=Off -DBUILD_GUI=ON -DUSE_QT6=On -DWITH_QCHART=ON -DENABLE_CHECK_INTERNAL=On -DCMAKE_GLOBAL_AUTOGEN_TARGET=On -DDISABLE_DMAKE=On -DCPPCHK_GLIBCXX_DEBUG=Off -DCMAKE_POLICY_VERSION_MINIMUM=3.5 | |
| - name: Generate dependencies (corpus) | |
| run: | | |
| # make sure auto-generated GUI files exist | |
| make -C cmake.output.corpus autogen | |
| # make sure the precompiled headers exist | |
| make -C cmake.output.corpus lib/CMakeFiles/lib_objs.dir/cmake_pch.hxx.cxx | |
| # make sure the auto-generated GUI dependencies exist | |
| make -C cmake.output.corpus gui-build-deps | |
| # TODO: find a way to report unmatched suppressions without need to add information checks | |
| - name: Self check (unusedFunction / corpus / no test / callgrind) | |
| run: | | |
| # TODO: fix -rp so the suppressions actually work | |
| valgrind --tool=callgrind ./cppcheck --template=selfcheck --error-exitcode=0 --library=cppcheck-lib --library=qt -D__GNUC__ -DQT_VERSION=0x060000 -DQ_MOC_OUTPUT_REVISION=69 -DQT_CHARTS_LIB -DQT_MOC_HAS_STRINGDATA --enable=unusedFunction --exception-handling -rp=. --project=cmake.output.corpus/compile_commands.json --suppressions-list=.selfcheck_unused_suppressions --inline-suppr 2>callgrind.log || (cat callgrind.log && false) | |
| cat callgrind.log | |
| callgrind_annotate --auto=no > callgrind.annotated.log | |
| head -50 callgrind.annotated.log | |
| env: | |
| DISABLE_VALUEFLOW: 1 | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: Callgrind Output | |
| path: ./callgrind.* |