turn on MSAN for ci builds

.github/actions/deps/action.yml

@@ -17,6 +17,11 @@ inputs:
     options:
       - gcc
       - clang
+  msan-opt:
+    description: "whether or not to build deps with msan"
+    required: false
+    default: 'false'
+    type: boolean
   compiler-version:
     description: 'The compiler version to use'
     required: true
@@ -50,6 +55,14 @@ runs:
         path: deps-bundle.tar.zst
         key: deps-sh-${{ runner.os }}-${{ runner.arch }}-${{ inputs.compiler }}-${{ inputs.compiler-version }}-${{ steps.deps-sh-hash.outputs.HASH }}
         clean-key: deps-sh
+
+    - id: deps-sh-msan-cache
+      uses: corca-ai/local-cache@v2
+      with:
+        base: "${{ runner.tool_cache }}/cache"
+        path: deps-bundle-msan.tar.zst
+        key: deps-sh-${{ runner.os }}-${{ runner.arch }}-${{ inputs.compiler }}-${{ inputs.compiler-version }}-${{ steps.deps-sh-hash.outputs.HASH }}-MSAN
+        clean-key: deps-sh
 
     - name: Install system level dependencies
       shell: bash
@@ -60,6 +73,11 @@ runs:
       run: tar -Izstd -xvf deps-bundle.tar.zst
       if: steps.deps-sh-cache.outputs.cache-hit == 'true'
 
+    - name: Install MSAN dependencies from cache
+      shell: bash
+      run: tar -Izstd -xvf deps-bundle-msan.tar.zst
+      if: steps.deps-sh-msan-cache.outputs.cache-hit == 'true' && ${{ inputs.msan-opt }} == 'true'
+
     - name: Install dependencies from scratch
       shell: bash
       run: |
@@ -72,3 +90,19 @@ runs:
         '${{ inputs.deps-script-path }}' +dev fetch install
         '${{ inputs.deps-bundle-path }}'
       if: steps.deps-sh-cache.outputs.cache-hit != 'true'
+
+    - name: Install MSAN dependencies from scratch
+      shell: bash
+      env: 
+        MSAN: 1
+      run: |
+        if [[ "${{ inputs.compiler-version }}" != "system" ]]; then
+          source /opt/${{ inputs.compiler }}/${{ inputs.compiler }}-${{ inputs.compiler-version }}/activate
+        fi
+        CC='${{ inputs.compiler }}' \
+        CXX='${{ inputs.compiler == 'gcc' && 'g++' || 'clang++' }}' \
+        FD_AUTO_INSTALL_PACKAGES=1 \
+        '${{ inputs.deps-script-path }}' +dev +msan fetch install
+        '${{ inputs.deps-bundle-path }}'
+      if: steps.deps-sh-msan-cache.outputs.cache-hit != 'true' && ${{ inputs.msan-opt }} == 'true'
+

.github/workflows/clusterfuzz.yml

@@ -10,6 +10,9 @@ jobs:
       url: 'https://isol-clusterfuzz.appspot.com/'
     strategy:
       matrix:
+        sanitizer_combos:
+          - "fuzz asan ubsan"
+          - "fuzz msan"
         machine:
           - linux_clang_haswell
           - linux_clang_icelake
@@ -24,14 +27,17 @@ jobs:
       group: github-v1
     env:
       MACHINE: ${{ matrix.machine }}
-      EXTRAS: fuzz asan ubsan
+      EXTRAS: ${{ matrix.sanitizer_combos }}
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
 
       - uses: ./.github/actions/hugepages
-      - uses: ./.github/actions/deps
+      - uses: ./.github/actions/deps # "regular" non-msan dependencies (./opt)
+      - uses: ./.github/actions/deps # build deps with msan       (./opt-msan)
+        with:
+          msan-opt: true
 
       - run: sudo apt update && sudo apt install -y zip
 

contrib/deps-bundle.sh

@@ -18,11 +18,18 @@ set -e
 
 cd -- "$( dirname -- "${BASH_SOURCE[0]}" )"/..
 
-rm -f deps-bundle.tar.zst
+if [ -n "$MSAN" ]; then
+    bundle="deps-bundle-msan.tar.zst"
+    prefix="opt-msan"
+else
+    bundle="deps-bundle.tar.zst"
+    prefix="opt"
+fi
 
-tar -Izstd -cf deps-bundle.tar.zst \
-  ./opt/{include,lib}
+rm -f "$bundle"
 
-echo "[+] Created deps-bundle.tar.zst"
+tar -Izstd -cf "$bundle" "./$prefix"/{include,lib} 
+
+echo "[+] Created $bundle"
 
 # Now you can commit this file to blob storage such as Git LFS.