Bug 1246801 - Use SYS_PTRACE (features.allowPtrace) for LSan runs r=me
authorTim Taubert <ttaubert@mozilla.com>
Wed, 01 Feb 2017 22:51:57 +0100
changeset 13086 edfe0a84de6993b4aa46e0dbe3bdd14678681b06
parent 13085 650e5f6cb6172a6a251960496cda7afc53f453ad
child 13087 0a7ba014dbb3a12b0b779b16ce1f5be168d5545e
push id1982
push userttaubert@mozilla.com
push dateWed, 01 Feb 2017 21:53:05 +0000
reviewersme
bugs1246801
Bug 1246801 - Use SYS_PTRACE (features.allowPtrace) for LSan runs r=me
automation/taskcluster/docker-fuzz/setup.sh
automation/taskcluster/graph/src/extend.js
automation/taskcluster/graph/src/queue.js
--- a/automation/taskcluster/docker-fuzz/setup.sh
+++ b/automation/taskcluster/docker-fuzz/setup.sh
@@ -31,16 +31,17 @@ apt-get install -y --no-install-recommen
 
 # Install LLVM/clang-4.0.
 mkdir clang-tmp
 git clone -n --depth 1 https://chromium.googlesource.com/chromium/src/tools/clang clang-tmp/clang
 git -C clang-tmp/clang checkout HEAD scripts/update.py
 clang-tmp/clang/scripts/update.py
 rm -fr clang-tmp
 
+# Generate locales.
 locale-gen en_US.UTF-8
 dpkg-reconfigure locales
 
 # Cleanup.
 rm -rf ~/.ccache ~/.cache
 apt-get autoremove -y
 apt-get clean
 apt-get autoclean
--- a/automation/taskcluster/graph/src/extend.js
+++ b/automation/taskcluster/graph/src/extend.js
@@ -273,16 +273,17 @@ async function scheduleFuzzing() {
     env: {
       ASAN_OPTIONS: "allocator_may_return_null=1",
       UBSAN_OPTIONS: "print_stacktrace=1",
       NSS_DISABLE_ARENA_FREE_LIST: "1",
       NSS_DISABLE_UNLOAD: "1",
       CC: "clang",
       CCC: "clang++"
     },
+    features: ["allowPtrace"],
     platform: "linux64",
     collection: "fuzz",
     image: FUZZ_IMAGE
   };
 
   // Build base definition.
   let build_base = merge({
     command: [
@@ -327,71 +328,55 @@ async function scheduleFuzzing() {
     parent: task_build,
     name: "Hash",
     command: [
       "/bin/bash",
       "-c",
       "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
         "hash nss/fuzz/corpus/hash -max_total_time=300 -max_len=4096"
     ],
-    // Need a privileged docker container to remove detect_leaks=0.
-    env: {
-      ASAN_OPTIONS: "allocator_may_return_null=1:detect_leaks=0",
-    },
     symbol: "Hash",
     kind: "test"
   }));
 
   queue.scheduleTask(merge(base, {
     parent: task_build,
     name: "QuickDER",
     command: [
       "/bin/bash",
       "-c",
       "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
         "quickder nss/fuzz/corpus/quickder -max_total_time=300 -max_len=10000"
     ],
-    // Need a privileged docker container to remove detect_leaks=0.
-    env: {
-      ASAN_OPTIONS: "allocator_may_return_null=1:detect_leaks=0",
-    },
     symbol: "QuickDER",
     kind: "test"
   }));
 
   queue.scheduleTask(merge(base, {
     parent: task_build,
     name: "MPI",
     command: [
       "/bin/bash",
       "-c",
       "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
         "mpi nss/fuzz/corpus/mpi -max_total_time=300 -max_len=2048"
     ],
-    // Need a privileged docker container to remove detect_leaks=0.
-    env: {
-      ASAN_OPTIONS: "allocator_may_return_null=1:detect_leaks=0",
-    },
     symbol: "MPI",
     kind: "test"
   }));
 
   queue.scheduleTask(merge(base, {
     parent: task_build,
     name: "CertDN",
     command: [
       "/bin/bash",
       "-c",
       "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
         "certDN nss/fuzz/corpus/certDN -max_total_time=300 -max_len=4096"
     ],
-    // Need a privileged docker container to remove detect_leaks=0.
-    env: {
-      ASAN_OPTIONS: "allocator_may_return_null=1:detect_leaks=0",
-    },
     symbol: "CertDN",
     kind: "test"
   }));
 
   return queue.submit();
 }
 
 /*****************************************************************************/
--- a/automation/taskcluster/graph/src/queue.js
+++ b/automation/taskcluster/graph/src/queue.js
@@ -75,16 +75,17 @@ function parseTreeherder(def) {
   if (def.tier) {
     treeherder.tier = def.tier;
   }
 
   return treeherder;
 }
 
 function convertTask(def) {
+  let scopes = [];
   let dependencies = [];
 
   let env = merge({
     NSS_HEAD_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
     NSS_HEAD_REVISION: process.env.NSS_HEAD_REVISION
   }, def.env || {});
 
   if (def.parent) {
@@ -105,29 +106,34 @@ function convertTask(def) {
     command: def.command,
     maxRunTime: def.maxRunTime || 3600
   };
 
   if (def.image) {
     payload.image = def.image;
   }
 
+  if (def.artifacts) {
+    payload.artifacts = parseArtifacts(def.artifacts);
+  }
+
   if (def.features) {
     payload.features = parseFeatures(def.features);
-  }
 
-  if (def.artifacts) {
-    payload.artifacts = parseArtifacts(def.artifacts);
+    if (payload.features.allowPtrace) {
+      scopes.push("docker-worker:feature:allowPtrace");
+    }
   }
 
   return {
     provisionerId: def.provisioner || "aws-provisioner-v1",
     workerType: def.workerType || "hg-worker",
     schedulerId: "task-graph-scheduler",
 
+    scopes,
     created: fromNow(0),
     deadline: fromNow(24),
 
     dependencies,
     routes: parseRoutes(def.routes || []),
 
     metadata: {
       name: def.name,