Skip to content

Commit

Permalink
Set detect_leaks=1 in various places where we do ASAN builds in CI. (#…
Browse files Browse the repository at this point in the history
…20913)

This is a relanding of #20246
  • Loading branch information
bzbarsky-apple authored and pull[bot] committed Dec 21, 2023
1 parent 105717e commit 5245321
Show file tree
Hide file tree
Showing 5 changed files with 63 additions and 11 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -377,6 +377,9 @@ jobs:
scripts/run_in_build_env.sh "ninja -C ./out/$BUILD_TYPE"
- name: Setup Build, Run Build and Run Tests
timeout-minutes: 120
# We can't enable leak checking here in LSAN_OPTIONS, because on
# Darwin that's only supported with a new enough clang, and we're
# not building with the pigweed clang here.
run: |
for BUILD_TYPE in default python_lib; do
case $BUILD_TYPE in
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/darwin-tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,10 @@ jobs:

strategy:
matrix:
build_variant: [no-ble-asan]
build_variant: [no-ble-asan-clang]
env:
BUILD_VARIANT: ${{matrix.build_variant}}
LSAN_OPTIONS: detect_leaks=1 malloc_context_size=40 suppressions=scripts/tests/chiptest/lsan-mac-suppressions.txt

if: github.actor != 'restyled-io[bot]'
runs-on: macos-latest
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ jobs:
BUILD_VARIANT: ${{matrix.build_variant}}
CHIP_TOOL_VARIANT: ${{matrix.chip_tool}}
TSAN_OPTIONS: "halt_on_error=1 suppressions=scripts/tests/chiptest/tsan-linux-suppressions.txt"
LSAN_OPTIONS: detect_leaks=1

if: github.actor != 'restyled-io[bot]'
runs-on: ubuntu-latest
Expand Down Expand Up @@ -132,6 +133,7 @@ jobs:
BUILD_VARIANT: ${{matrix.build_variant}}
CHIP_TOOL_VARIANT: ${{matrix.chip_tool}}
TSAN_OPTIONS: "halt_on_error=1"
LSAN_OPTIONS: detect_leaks=1 suppressions=scripts/tests/chiptest/lsan-mac-suppressions.txt

if: github.actor != 'restyled-io[bot]'
runs-on: macos-latest
Expand Down
31 changes: 21 additions & 10 deletions examples/darwin-framework-tool/commands/common/CHIPToolKeypair.mm
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ @interface CHIPToolKeypair ()
@property (nonatomic) chip::Crypto::P256Keypair mIssuer;
@property (nonatomic) NSData * ipk;
@property (atomic) uint32_t mNow;
@property (nonatomic, readonly) SecKeyRef mPublicKey;
@end

@implementation CHIPToolKeypair
Expand Down Expand Up @@ -46,16 +47,19 @@ - (NSData *)signMessageECDSA_RAW:(NSData *)message

- (SecKeyRef)publicKey
{
chip::Crypto::P256PublicKey publicKey = _mKeyPair.Pubkey();
NSData * publicKeyNSData = [NSData dataWithBytes:publicKey.Bytes() length:publicKey.Length()];
NSDictionary * attributes = @{
(__bridge NSString *) kSecAttrKeyClass : (__bridge NSString *) kSecAttrKeyClassPublic,
(NSString *) kSecAttrKeyType : (NSString *) kSecAttrKeyTypeECSECPrimeRandom,
(NSString *) kSecAttrKeySizeInBits : @Public_KeySize,
(NSString *) kSecAttrLabel : kCHIPToolKeychainLabel,
(NSString *) kSecAttrApplicationTag : @CHIPPlugin_CAKeyTag,
};
return SecKeyCreateWithData((__bridge CFDataRef) publicKeyNSData, (__bridge CFDictionaryRef) attributes, nullptr);
if (_mPublicKey == nil) {
chip::Crypto::P256PublicKey publicKey = _mKeyPair.Pubkey();
NSData * publicKeyNSData = [NSData dataWithBytes:publicKey.Bytes() length:publicKey.Length()];
NSDictionary * attributes = @{
(__bridge NSString *) kSecAttrKeyClass : (__bridge NSString *) kSecAttrKeyClassPublic,
(NSString *) kSecAttrKeyType : (NSString *) kSecAttrKeyTypeECSECPrimeRandom,
(NSString *) kSecAttrKeySizeInBits : @Public_KeySize,
(NSString *) kSecAttrLabel : kCHIPToolKeychainLabel,
(NSString *) kSecAttrApplicationTag : @CHIPPlugin_CAKeyTag,
};
_mPublicKey = SecKeyCreateWithData((__bridge CFDataRef) publicKeyNSData, (__bridge CFDictionaryRef) attributes, nullptr);
}
return _mPublicKey;
}

- (CHIP_ERROR)Deserialize:(chip::Crypto::P256SerializedKeypair &)input
Expand Down Expand Up @@ -136,4 +140,11 @@ - (CHIP_ERROR)initSerializedKeyFromValue:(NSData *)value serializedKey:(chip::Cr
return CHIP_NO_ERROR;
}

- (void)dealloc
{
if (_mPublicKey) {
CFRelease(_mPublicKey);
}
}

@end
35 changes: 35 additions & 0 deletions scripts/tests/chiptest/lsan-mac-suppressions.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Looks like some Objective C class bits are leaked, which is probably OK since
# those are singletons.
leak:realizeClassWithoutSwift
leak:objc_initializeClassPair_internal

# TODO: Under [NSManagedObjectContext executeFetchRequest] there are managed object bits that seem to be leaky.
leak:class_addMethod
leak:class_addIvar

# TODO: Leaks of blocks from dispatch source handlers that need to be investigated.
leak:_Block_copy

# TODO: OpenSSL random byte generation creates some sort of pools that we seem to never clean up. This seems to be happening a _lot_.
leak:drbg_ctr_init
leak:rand_pool_new
leak:RAND_priv_bytes
leak:drbg_bytes

# TODO: OpenSSL ERR_get_state seems to leak.
leak:ERR_get_state

# TODO: BLE initialization allocates some UUIDs and strings that seem to leak.
leak:[BleConnection initWithDiscriminator:]
leak:[CBXpcConnection initWithDelegate:queue:options:sessionType:]

# TODO: ClusterBase::SubscribeAttribute creates a subscription that cannot
# actually be shut down in any way.
leak:ClusterBase::SubscribeAttribute

# TODO: Figure out how we are managing to leak NSData while using ARC!
leak:[CHIPToolKeypair signMessageECDSA_RAW:]

# TODO: Figure out how we are managing to leak NSData while using ARC, though
# this may just be a leak deep inside the CFPreferences stuff somewhere.
leak:[CHIPToolPersistentStorageDelegate storageDataForKey:]

0 comments on commit 5245321

Please sign in to comment.