Skip to content

ci: add Valgrind leak detection on bookworm#123

Merged
atoomic merged 3 commits into
cpan-authors:mainfrom
atoomic:koan.atoomic/valgrind-ci
Mar 21, 2026
Merged

ci: add Valgrind leak detection on bookworm#123
atoomic merged 3 commits into
cpan-authors:mainfrom
atoomic:koan.atoomic/valgrind-ci

Conversation

@Koan-Bot
Copy link
Copy Markdown
Contributor

@Koan-Bot Koan-Bot commented Mar 19, 2026
edited
Loading

What

Adds a Valgrind CI job to automatically detect memory leaks in RSA.xs.

Why

We've fixed ~15 memory leaks in the XS code (PRs #74#114). A Valgrind CI gate
ensures no new leaks are introduced and validates that existing fixes hold.

How

  • Runs on debian:bookworm (OpenSSL 3.x) — where most leak vectors exist
  • --show-leak-kinds=definite filters Perl's "still reachable" false positives
  • --trace-children=yes + --child-silent-after-fork=yes since prove forks per test file
  • --error-exitcode=1 fails the job on any definite leak
  • 15-minute timeout (valgrind ~20x slowdown vs normal test run)
  • Gates on ubuntu job (same pattern as openssl-matrix)

Testing

Push and observe CI. If Perl-internal false positives surface, a suppression
file can be added in a follow-up.

🤖 Generated with Claude Code

Quality Report

Changes: 1 file changed, 57 insertions(+)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan post-mission quality pipeline

Koan-Bot and others added 3 commits March 18, 2026 23:35
@Koan-Bot @claude
ci: add Valgrind memory leak detection job
9e5b48d 
Add a Valgrind CI job running on debian:bookworm (OpenSSL 3.x) to
automatically detect memory leaks in the XS code across all PRs.

Uses --show-leak-kinds=definite to avoid Perl's known "still reachable"
false positives, and --trace-children=yes since prove forks child
processes for each test file.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Koan-Bot @claude
ci: fix valgrind OOM — run per-file instead of via prove
59e9f0e 
trace-children=yes with prove caused valgrind to wrap every child
process, exhausting CI memory (exit 137). Run each test file directly
under valgrind in a loop instead — one valgrind instance at a time.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Koan-Bot @claude
ci: filter valgrind output for RSA.xs leaks only
39c08d5 
Perl's runtime has known "definitely lost" allocations at exit that are
false positives. Instead of --error-exitcode=1 (which catches all leaks),
parse valgrind's text output and only fail if a "definitely lost" block's
stack trace includes RSA.so — our XS shared library.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@toddr-bot toddr-bot mentioned this pull request Mar 20, 2026
Merged
@toddr toddr marked this pull request as ready for review March 21, 2026 01:35
@atoomic atoomic self-assigned this Mar 21, 2026
@atoomic atoomic merged commit 5734062 into cpan-authors:main Mar 21, 2026
84 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timlegge timlegge timlegge approved these changes

Assignees

@atoomic atoomic

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Koan-Bot @timlegge @atoomic