Commit 9851e93
Make UBSan findings fatal in sanitized builds (#1676)
## Context
Our sanitized macOS/Linux jobs enable
`-fsanitize=address,undefined[,vptr]`, so the UB checks are active — but
**UBSan is recoverable by default**. On a hit it prints a diagnostic to
stderr and keeps running. The process doesn't abort, the test doesn't
fail, CI stays green, and the diagnostic is buried in test output nobody
reads.
Adding `-fno-sanitize-recover=all` is what converts each UBSan hit into
a `SIGABRT` → test failure. We were missing it.
## Change
Three commits:
1. **Make UBSan findings fatal in sanitized builds.** Add
`-fno-sanitize-recover=all` to the Clang sanitizer `add_compile_options`
line in `CMakeLists.txt`, and set
`UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1:symbolize=1` and
`ASAN_OPTIONS=abort_on_error=1` in `build-macos.yml` / `build-linux.yml`
as runtime belt-and-suspenders. (MSVC only supports ASan, which already
aborts on error.)
2. **Bump glslang to merged PR #5 SHA** — picks up
[BabylonJS/glslang#5](BabylonJS/glslang#5)
(suppress UBSan enum check on SPIR-V mask bit-combining operators).
3. **Bump bgfx.cmake to merged #115 (UBSan fix)** — picks up
[BabylonJS/bgfx.cmake#115](BabylonJS/bgfx.cmake#115),
which bumps the bgfx submodule to the cherry-pick of
[bkaradzic/bgfx#3688](bkaradzic/bgfx#3688)
(default-init the SortKey ints/bools so we don't load undefined values
into bitfields) via
[BabylonJS/bgfx#60](BabylonJS/bgfx#60).
The dependency bumps in commits 2 and 3 fix every UBSan finding
currently being printed (and ignored) by the sanitized jobs on `master`,
so this PR should be green on first run.
## Out of scope
- **metal-cpp's intentional "nil-messaging" pattern.** Apple documents
sending messages to `nil` as well-defined in Obj-C, but C++ UBSan
doesn't know that. Not hit on the current pin; if a future metal-cpp
bump trips it, the standard fix is a scoped `-fno-sanitize=null` on
metal-cpp only.
- `-fsanitize=nullability` (Apple `_Nonnull` attribute checks, separate
from `null`) — worth considering as a follow-up once this lands and the
baseline is clean.
- Windows ASan already aborts on error; no change needed there.
[Created by Copilot on behalf of @bghgary]
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>1 parent 81a7bfe commit 9851e93
3 files changed
Lines changed: 10 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
19 | 19 | | |
20 | 20 | | |
21 | 21 | | |
| 22 | + | |
| 23 | + | |
22 | 24 | | |
23 | 25 | | |
24 | 26 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| 25 | + | |
| 26 | + | |
25 | 27 | | |
26 | 28 | | |
27 | 29 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | | - | |
| 38 | + | |
39 | 39 | | |
40 | 40 | | |
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
44 | 44 | | |
45 | 45 | | |
46 | | - | |
| 46 | + | |
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| |||
159 | 159 | | |
160 | 160 | | |
161 | 161 | | |
162 | | - | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
163 | 166 | | |
164 | 167 | | |
165 | 168 | | |
| |||
0 commit comments