mirror of
https://github.com/Z3Prover/z3
synced 2026-06-13 12:25:37 +00:00
05c9ece3d2
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 What's new</h2> <h3>Direct Uploads</h3> <p>Adds support for uploading single files directly (unzipped). Callers can set the new <code>archive</code> parameter to <code>false</code> to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The <code>name</code> parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.</p> <h3>ESM</h3> <p>To support new versions of the <code>@actions/*</code> packages, we've upgraded the package to ESM.</p> <h2>What's Changed</h2> <ul> <li>Add proxy integration test by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> <li>Upgrade the module to ESM and bump dependencies by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li> <li>Support direct file uploads by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Link"><code>@Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p> <h2>v6.0.0</h2> <h2>v6 - What's new</h2> <blockquote> <p>[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (<code>runs.using: node24</code>) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>Node.js 24</h3> <p>This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.</p> <h2>What's Changed</h2> <ul> <li>Upload Artifact Node 24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/719">actions/upload-artifact#719</a></li> <li>fix: update <code>@actions/artifact</code> for Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/744">actions/upload-artifact#744</a></li> <li>prepare release v6.0.0 for Node.js 24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/745">actions/upload-artifact#745</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0">https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <p><strong>BREAKING CHANGE:</strong> this update supports Node <code>v24.x</code>. This is not a breaking change per-se but we're treating it as such.</p> <ul> <li>Update README.md by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li> <li>Readme: spell out the first use of GHES by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li> <li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li> <li>Prepare <code>v5.0.0</code> by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/734">actions/upload-artifact#734</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="043fb46d1a"><code>043fb46</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/797">#797</a> from actions/yacaovsnc/update-dependency</li> <li><a href="634250c138"><code>634250c</code></a> Include changes in typespec/ts-http-runtime 0.3.5</li> <li><a href="e454baaac2"><code>e454baa</code></a> Readme: bump all the example versions to v7 (<a href="https://redirect.github.com/actions/upload-artifact/issues/796">#796</a>)</li> <li><a href="74fad66b98"><code>74fad66</code></a> Update the readme with direct upload details (<a href="https://redirect.github.com/actions/upload-artifact/issues/795">#795</a>)</li> <li><a href="bbbca2ddaa"><code>bbbca2d</code></a> Support direct file uploads (<a href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li> <li><a href="589182c5a4"><code>589182c</code></a> Upgrade the module to ESM and bump dependencies (<a href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li> <li><a href="47309c993a"><code>47309c9</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a> from actions/Link-/add-proxy-integration-tests</li> <li><a href="02a8460834"><code>02a8460</code></a> Add proxy integration test</li> <li><a href="b7c566a772"><code>b7c566a</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/745">#745</a> from actions/upload-artifact-v6-release</li> <li><a href="e516bc8500"><code>e516bc8</code></a> docs: correct description of Node.js 24 support in README</li> <li>Additional commits viewable in <a href="https://github.com/actions/upload-artifact/compare/v4...v7">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
249 lines
9 KiB
YAML
249 lines
9 KiB
YAML
name: Memory Safety Analysis
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 0 * * 1'
|
|
workflow_dispatch:
|
|
inputs:
|
|
full_scan:
|
|
description: 'Run full codebase scan (not just changed files)'
|
|
required: false
|
|
default: 'false'
|
|
type: boolean
|
|
|
|
permissions:
|
|
contents: read
|
|
actions: read
|
|
|
|
concurrency:
|
|
group: memory-safety-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
# ============================================================================
|
|
# Job 1: AddressSanitizer Build and Tests
|
|
# ============================================================================
|
|
asan-test:
|
|
name: "ASan Build & Test"
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 120
|
|
env:
|
|
ASAN_OPTIONS: "detect_leaks=1:halt_on_error=0:print_stats=1:log_path=/tmp/asan"
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6.0.3
|
|
|
|
- name: Setup Python
|
|
uses: actions/setup-python@v6
|
|
with:
|
|
python-version: '3.x'
|
|
|
|
- name: Install dependencies
|
|
run: sudo apt-get update && sudo apt-get install -y ninja-build clang
|
|
|
|
- name: Configure with ASan
|
|
run: |
|
|
mkdir -p build-asan
|
|
cd build-asan
|
|
CC=clang CXX=clang++ cmake \
|
|
-DCMAKE_BUILD_TYPE=Debug \
|
|
-DCMAKE_C_FLAGS="-fsanitize=address -fno-omit-frame-pointer -fno-optimize-sibling-calls" \
|
|
-DCMAKE_CXX_FLAGS="-fsanitize=address -fno-omit-frame-pointer -fno-optimize-sibling-calls" \
|
|
-DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address" \
|
|
-DCMAKE_SHARED_LINKER_FLAGS="-fsanitize=address" \
|
|
-G Ninja ../
|
|
|
|
- name: Build Z3 with ASan
|
|
run: |
|
|
cd build-asan
|
|
ninja -j$(nproc)
|
|
ninja test-z3
|
|
|
|
- name: Run unit tests under ASan
|
|
run: |
|
|
cd build-asan
|
|
./test-z3 -a 2>&1 | tee /tmp/asan-unit-test.log
|
|
continue-on-error: true
|
|
|
|
- name: Run SMT-LIB2 benchmarks under ASan
|
|
run: |
|
|
cd build-asan
|
|
for f in ../examples/SMT-LIB2/bounded\ model\ checking/*.smt2; do
|
|
echo "=== Testing: $f ==="
|
|
timeout 60 ./z3 "$f" 2>&1 || true
|
|
done | tee /tmp/asan-benchmark.log
|
|
continue-on-error: true
|
|
|
|
- name: Run regression tests under ASan
|
|
run: |
|
|
git clone --depth=1 https://github.com/z3prover/z3test z3test
|
|
python z3test/scripts/test_benchmarks.py build-asan/z3 z3test/regressions/smt2 2>&1 | tee /tmp/asan-regression.log
|
|
continue-on-error: true
|
|
|
|
- name: Collect ASan reports
|
|
if: always()
|
|
run: |
|
|
mkdir -p /tmp/asan-reports
|
|
cp /tmp/asan* /tmp/asan-reports/ 2>/dev/null || true
|
|
if ls /tmp/asan.* 1>/dev/null 2>&1; then
|
|
cp /tmp/asan.* /tmp/asan-reports/
|
|
fi
|
|
echo "# ASan Summary" > /tmp/asan-reports/summary.md
|
|
echo "" >> /tmp/asan-reports/summary.md
|
|
if ls /tmp/asan-reports/asan.* 1>/dev/null 2>&1; then
|
|
echo "## Errors Found" >> /tmp/asan-reports/summary.md
|
|
for f in /tmp/asan-reports/asan.*; do
|
|
echo '```' >> /tmp/asan-reports/summary.md
|
|
head -50 "$f" >> /tmp/asan-reports/summary.md
|
|
echo '```' >> /tmp/asan-reports/summary.md
|
|
echo "" >> /tmp/asan-reports/summary.md
|
|
done
|
|
else
|
|
echo "No ASan errors detected." >> /tmp/asan-reports/summary.md
|
|
fi
|
|
|
|
- name: Upload ASan reports
|
|
if: always()
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: asan-reports
|
|
path: /tmp/asan-reports/
|
|
retention-days: 30
|
|
|
|
# ============================================================================
|
|
# Job 2: UndefinedBehaviorSanitizer Build and Tests
|
|
# ============================================================================
|
|
ubsan-test:
|
|
name: "UBSan Build & Test"
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 120
|
|
env:
|
|
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=0:log_path=/tmp/ubsan"
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6.0.3
|
|
|
|
- name: Setup Python
|
|
uses: actions/setup-python@v6
|
|
with:
|
|
python-version: '3.x'
|
|
|
|
- name: Install dependencies
|
|
run: sudo apt-get update && sudo apt-get install -y ninja-build clang
|
|
|
|
- name: Configure with UBSan
|
|
run: |
|
|
mkdir -p build-ubsan
|
|
cd build-ubsan
|
|
CC=clang CXX=clang++ cmake \
|
|
-DCMAKE_BUILD_TYPE=Debug \
|
|
-DCMAKE_C_FLAGS="-fsanitize=undefined -fno-omit-frame-pointer -fsanitize-recover=all" \
|
|
-DCMAKE_CXX_FLAGS="-fsanitize=undefined -fno-omit-frame-pointer -fsanitize-recover=all" \
|
|
-DCMAKE_EXE_LINKER_FLAGS="-fsanitize=undefined" \
|
|
-DCMAKE_SHARED_LINKER_FLAGS="-fsanitize=undefined" \
|
|
-G Ninja ../
|
|
|
|
- name: Build Z3 with UBSan
|
|
run: |
|
|
cd build-ubsan
|
|
ninja -j$(nproc)
|
|
ninja test-z3
|
|
|
|
- name: Run unit tests under UBSan
|
|
run: |
|
|
cd build-ubsan
|
|
./test-z3 -a 2>&1 | tee /tmp/ubsan-unit-test.log
|
|
continue-on-error: true
|
|
|
|
- name: Run SMT-LIB2 benchmarks under UBSan
|
|
run: |
|
|
cd build-ubsan
|
|
for f in ../examples/SMT-LIB2/bounded\ model\ checking/*.smt2; do
|
|
echo "=== Testing: $f ==="
|
|
timeout 60 ./z3 "$f" 2>&1 || true
|
|
done | tee /tmp/ubsan-benchmark.log
|
|
continue-on-error: true
|
|
|
|
- name: Run regression tests under UBSan
|
|
run: |
|
|
git clone --depth=1 https://github.com/z3prover/z3test z3test
|
|
python z3test/scripts/test_benchmarks.py build-ubsan/z3 z3test/regressions/smt2 2>&1 | tee /tmp/ubsan-regression.log
|
|
continue-on-error: true
|
|
|
|
- name: Collect UBSan reports
|
|
if: always()
|
|
run: |
|
|
mkdir -p /tmp/ubsan-reports
|
|
cp /tmp/ubsan* /tmp/ubsan-reports/ 2>/dev/null || true
|
|
if ls /tmp/ubsan.* 1>/dev/null 2>&1; then
|
|
cp /tmp/ubsan.* /tmp/ubsan-reports/
|
|
fi
|
|
echo "# UBSan Summary" > /tmp/ubsan-reports/summary.md
|
|
echo "" >> /tmp/ubsan-reports/summary.md
|
|
if ls /tmp/ubsan-reports/ubsan.* 1>/dev/null 2>&1; then
|
|
echo "## Errors Found" >> /tmp/ubsan-reports/summary.md
|
|
for f in /tmp/ubsan-reports/ubsan.*; do
|
|
echo '```' >> /tmp/ubsan-reports/summary.md
|
|
head -50 "$f" >> /tmp/ubsan-reports/summary.md
|
|
echo '```' >> /tmp/ubsan-reports/summary.md
|
|
echo "" >> /tmp/ubsan-reports/summary.md
|
|
done
|
|
else
|
|
echo "No UBSan errors detected." >> /tmp/ubsan-reports/summary.md
|
|
fi
|
|
|
|
- name: Upload UBSan reports
|
|
if: always()
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: ubsan-reports
|
|
path: /tmp/ubsan-reports/
|
|
retention-days: 30
|
|
|
|
# ============================================================================
|
|
# Job 3: Summary Report
|
|
# ============================================================================
|
|
summary:
|
|
name: "Memory Safety Summary"
|
|
runs-on: ubuntu-latest
|
|
needs: [asan-test, ubsan-test]
|
|
if: always()
|
|
steps:
|
|
- name: Download all artifacts
|
|
uses: actions/download-artifact@v8.0.1
|
|
with:
|
|
path: reports/
|
|
|
|
- name: Generate summary
|
|
run: |
|
|
echo "# Memory Safety Analysis Report" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "**Commit**: \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
|
|
echo "**Branch**: \`${{ github.ref_name }}\`" >> $GITHUB_STEP_SUMMARY
|
|
echo "**Trigger**: \`${{ github.event_name }}\`" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
|
|
echo "## Job Results" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "| Analysis | Status |" >> $GITHUB_STEP_SUMMARY
|
|
echo "|----------|--------|" >> $GITHUB_STEP_SUMMARY
|
|
echo "| AddressSanitizer | \`${{ needs.asan-test.result }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
echo "| UndefinedBehaviorSanitizer | \`${{ needs.ubsan-test.result }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
|
|
if [ -f reports/asan-reports/summary.md ]; then
|
|
echo "## ASan Results" >> $GITHUB_STEP_SUMMARY
|
|
cat reports/asan-reports/summary.md >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
|
|
if [ -f reports/ubsan-reports/summary.md ]; then
|
|
echo "## UBSan Results" >> $GITHUB_STEP_SUMMARY
|
|
cat reports/ubsan-reports/summary.md >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
|
|
echo "## Artifacts" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Sanitizer logs are available as workflow artifacts" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Run with \`workflow_dispatch\` and \`full_scan: true\` for complete codebase analysis" >> $GITHUB_STEP_SUMMARY
|