ci: native x86_64 runtime smoke test for the SHS seam#5
Merged
Conversation
build-linux only compile-checks; nothing exercised the runtime path end-to-end. GitHub's ubuntu-22.04 runner is native x86_64 + clang-12 -- exactly what docker/run-smoke.sh's container emulates -- so run the script directly there (no Docker) and assert the SHS serve co-process fires (a "shs_cand" line in the KOFTA_DEBUG log). Make run-smoke.sh reusable outside the container via SMOKE_REPO/BUILD/ WORK env overrides: when BUILD == REPO it builds in place and skips the read-only-mount copy. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The native ubuntu-22.04 run aborted on the dry run: KOFTA's __args_leak reads argv/argc at a hardcoded stack offset (lea 0x50(%rsp), +0xc) tuned for glibc <=2.33's __libc_csu_init. glibc 2.34 (22.04) refactored startup, so the offset is wrong and the forkserver dies before any SHS code runs. Run inside an ubuntu:20.04 container (glibc 2.31) -- the authors' toolchain -- which also ships clang-12 for the legacy LLVM pass. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The local smoke image had the same latent bug the CI job hit on 22.04:
KOFTA's __args_leak ("lea 0x50(%rsp)", +0xc) is tuned for glibc <=2.33's
__libc_csu_init startup. glibc 2.34 (22.04) refactored startup, so the
offset points at garbage and the forkserver dies on the dry run. 20.04
ships glibc 2.31 (offset valid) and clang-12, matching the now-CI-proven
working environment.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
smoke-linux.yml: a CI job that runs a shortkofta-fuzzcampaign on the native x86_64ubuntu-22.04runner and asserts the SHS serve co-process fires at runtime (ashs_cand,...line in the KOFTA_DEBUG log).build-linuxonly compile-checks — until now nothing exercised the runtime path end-to-end.docker/run-smoke.sh's container emulated, so we run the script directly (no Docker). KOFTA's x86_64-only argv-leak asm — which broke under local arm64/Colima emulation — works natively here.run-smoke.shreusable outside the container viaSMOKE_REPO/SMOKE_BUILD/SMOKE_WORKenv overrides: whenBUILD == REPOit builds in place and skips the read-only-mount copy.Why this matters
This is the first time the SHS C seam (serve co-process, NDJSON IPC, env-var contract from #4) is verified at runtime rather than just compiled. A green
smokejob means: afl-fuzz launchedkofta-shs serve, streamed a request, and got candidates back through the forkserver — no real machine or API budget required (offline--mock).Test plan
bash -n docker/run-smoke.shand YAML validation pass locally.smokejob itself is the test — it must go green on this PR (shs_cand line present). Crash reproduction is a printed bonus, not gated (fork-timing varies).build-linux(compile-only, default + KOFTA_DEBUG) stays green.🤖 Generated with Claude Code