# This workflow runs checks for unsafe code. In crates that don't have any unsafe code, this can be
# removed. Runs:
# - miri - detects undefined behavior and memory leaks
# - address sanitizer - detects memory errors
# - leak sanitizer - detects memory leaks
# See check.yml for information about how the concurrency cancellation and workflow triggering works
permissions:
    contents: read
on:
    push:
        branches: [main]
    pull_request:
concurrency:
    group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
    cancel-in-progress: true
name: safety
jobs:
    sanitizers:
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v4
              with:
                  submodules: true
            - name: Install nightly
              uses: dtolnay/rust-toolchain@nightly
            - run: |
                  # to get the symbolizer for debug symbol resolution
                  sudo apt install llvm
                  # to fix buggy leak analyzer:
                  # https://github.com/japaric/rust-san#unrealiable-leaksanitizer
                  # ensure there's a profile.dev section
                  if ! grep -qE '^[ \t]*[profile.dev]' Cargo.toml; then
                      echo >> Cargo.toml
                      echo '[profile.dev]' >> Cargo.toml
                  fi
                  # remove pre-existing opt-levels in profile.dev
                  sed -i '/^\s*\[profile.dev\]/,/^\s*\[/ {/^\s*opt-level/d}' Cargo.toml
                  # now set opt-level to 1
                  sed -i '/^\s*\[profile.dev\]/a opt-level = 1' Cargo.toml
                  cat Cargo.toml
              name: Enable debug symbols
            - name: cargo test -Zsanitizer=address
              # only --lib --tests b/c of https://github.com/rust-lang/rust/issues/53945
              run: cargo test --lib --tests --all-features --target x86_64-unknown-linux-gnu
              env:
                  ASAN_OPTIONS: "detect_odr_violation=0:detect_leaks=0"
                  RUSTFLAGS: "-Z sanitizer=address"
            - name: cargo test -Zsanitizer=leak
              if: always()
              run: cargo test --all-features --target x86_64-unknown-linux-gnu
              env:
                  LSAN_OPTIONS: "suppressions=lsan-suppressions.txt"
                  RUSTFLAGS: "-Z sanitizer=leak"
    miri:
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v4
              with:
                  submodules: true
            - run: |
                  echo "NIGHTLY=nightly-$(curl -s https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)" >> $GITHUB_ENV
            - name: Install ${{ env.NIGHTLY }}
              uses: dtolnay/rust-toolchain@master
              with:
                  toolchain: ${{ env.NIGHTLY }}
                  components: miri
            - name: cargo miri test
              run: cargo miri test -- --skip pointer::tests::qc
              env:
                  MIRIFLAGS: ""