From 2e226c24224a8ab5fb8e06b3c489eb1cbc570c7b Mon Sep 17 00:00:00 2001
From: firewave <firewave@users.noreply.github.com>
Date: Fri, 27 Feb 2026 16:15:14 +0100
Subject: [PATCH 1/2] consolidated individual sanitizer workflows into a single
 one

---
 .github/workflows/asan.yml  | 145 -----------------------------------
 .github/workflows/tsan.yml  | 146 ------------------------------------
 .github/workflows/ubsan.yml |  45 +++++++++--
 3 files changed, 40 insertions(+), 296 deletions(-)
 delete mode 100644 .github/workflows/asan.yml
 delete mode 100644 .github/workflows/tsan.yml

diff --git a/.github/workflows/asan.yml b/.github/workflows/asan.yml
deleted file mode 100644
index c52dc70420a..00000000000
--- a/.github/workflows/asan.yml
+++ /dev/null
@@ -1,145 +0,0 @@
-# Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
-# Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners
-name: address sanitizer
-
-on:
-  push:
-    branches:
-      - 'main'
-      - 'releases/**'
-      - '2.*'
-    tags:
-      - '2.*'
-  pull_request:
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-
-    runs-on: ubuntu-22.04
-
-    env:
-      QT_VERSION: 6.10.0
-      ASAN_OPTIONS: detect_stack_use_after_return=1
-      LSAN_OPTIONS: suppressions=lsan-suppr.txt:print_suppressions=0
-      # TODO: figure out why there are cache misses with PCH enabled
-      CCACHE_SLOPPINESS: pch_defines,time_macros
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: ccache
-        uses: hendrikmuhs/ccache-action@v1.2
-        with:
-          key: ${{ github.workflow }}-${{ github.job }}-${{ matrix.os }}
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.14'
-          check-latest: true
-
-      - name: Install missing software on ubuntu
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y cmake make libpcre3-dev libboost-container-dev libxml2-utils
-          sudo apt-get install -y libcups2-dev  # required for Qt6PrintSupport in CMake since Qt 6.7.3
-
-      - name: Install clang
-        run: |
-          sudo apt-get purge --auto-remove llvm python3-lldb-14 llvm-14
-          wget https://apt.llvm.org/llvm.sh
-          chmod +x llvm.sh
-          sudo ./llvm.sh 22
-
-      - name: Install Qt ${{ env.QT_VERSION }}
-        uses: jurplel/install-qt-action@v4
-        with:
-          version: ${{ env.QT_VERSION }}
-          modules: 'qtcharts'
-          setup-python: 'false'
-          cache: true
-
-      - name: Install missing Python packages
-        run: |
-          python3 -m pip install pip --upgrade
-          python3 -m pip install pytest
-          python3 -m pip install pytest-timeout
-          python3 -m pip install pytest-xdist
-          python3 -m pip install psutil
-
-      - name: CMake
-        run: |
-          cmake -S . -B cmake.output -DCMAKE_BUILD_TYPE=RelWithDebInfo -DHAVE_RULES=On -DBUILD_TESTING=On -DBUILD_GUI=On -DWITH_QCHART=On -DBUILD_TRIAGE=On -DUSE_MATCHCOMPILER=Verify -DANALYZE_ADDRESS=On -DENABLE_CHECK_INTERNAL=On -DUSE_BOOST=On -DCPPCHK_GLIBCXX_DEBUG=Off -DCMAKE_DISABLE_PRECOMPILE_HEADERS=On -DCMAKE_GLOBAL_AUTOGEN_TARGET=On -DDISABLE_DMAKE=On -DFILESDIR= -DCMAKE_COMPILE_WARNING_AS_ERROR=On -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache
-        env:
-          CC: clang-22
-          CXX: clang++-22
-
-      - name: Build cppcheck
-        run: |
-          cmake --build cmake.output --target cppcheck -- -j $(nproc)
-
-      - name: Build test
-        run: |
-          cmake --build cmake.output --target testrunner -- -j $(nproc)
-
-      - name: Build GUI tests
-        run: |
-          cmake --build cmake.output --target gui-tests -- -j $(nproc)
-
-      - name: Run tests
-        run: ./cmake.output/bin/testrunner
-
-      - name: Run cfg tests
-        run: |
-          cmake --build cmake.output --target checkcfg -- -j $(nproc)
-
-      - name: Run CTest
-        run: |
-          cp lsan-suppr.txt cmake.output/bin
-          ctest --test-dir cmake.output --output-on-failure -j$(nproc)
-
-      - name: Run test/cli
-        run: |
-          pwd=$(pwd)
-          TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
-
-      - name: Run test/cli (-j2)
-        run: |
-          pwd=$(pwd)
-          TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
-        env:
-          TEST_CPPCHECK_INJECT_J: 2
-
-      - name: Run test/cli (--clang)
-        if: false
-        run: |
-          pwd=$(pwd)
-          TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
-        env:
-          TEST_CPPCHECK_INJECT_CLANG: clang
-
-      - name: Run test/cli (--cppcheck-build-dir)
-        run: |
-          pwd=$(pwd)
-          TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
-        env:
-          TEST_CPPCHECK_INJECT_BUILDDIR: injected
-
-      - name: Generate dependencies
-        if: false
-        run: |
-          # make sure auto-generated GUI files exist
-          make -C cmake.output autogen
-          make -C cmake.output gui-build-deps triage-build-ui-deps
-
-      # TODO: this is currently way too slow (~60 minutes) to enable it
-      # TODO: only fail the step on sanitizer issues - since we use processes it will only fail the underlying process which will result in an cppcheckError
-      - name: Self check
-        if: false
-        run: |
-          ./selfcheck_san.sh ./cmake.output
diff --git a/.github/workflows/tsan.yml b/.github/workflows/tsan.yml
deleted file mode 100644
index cca77bc9a6c..00000000000
--- a/.github/workflows/tsan.yml
+++ /dev/null
@@ -1,146 +0,0 @@
-# Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
-# Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners
-name: thread sanitizer
-
-on:
-  push:
-    branches:
-      - 'main'
-      - 'releases/**'
-      - '2.*'
-    tags:
-      - '2.*'
-  pull_request:
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-
-    runs-on: ubuntu-22.04
-
-    env:
-      QT_VERSION: 6.10.0
-      TSAN_OPTIONS: halt_on_error=1
-      # TODO: figure out why there are cache misses with PCH enabled
-      CCACHE_SLOPPINESS: pch_defines,time_macros
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: ccache
-        uses: hendrikmuhs/ccache-action@v1.2
-        with:
-          key: ${{ github.workflow }}-${{ github.job }}-${{ matrix.os }}
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.14'
-          check-latest: true
-
-      - name: Install missing software on ubuntu
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y cmake make libpcre3-dev libboost-container-dev libxml2-utils
-          sudo apt-get install -y libcups2-dev  # required for Qt6PrintSupport in CMake since Qt 6.7.3
-
-      - name: Install clang
-        run: |
-          sudo apt-get purge --auto-remove llvm python3-lldb-14 llvm-14
-          wget https://apt.llvm.org/llvm.sh
-          chmod +x llvm.sh
-          sudo ./llvm.sh 22
-
-      - name: Install Qt ${{ env.QT_VERSION }}
-        uses: jurplel/install-qt-action@v4
-        with:
-          version: ${{ env.QT_VERSION }}
-          modules: 'qtcharts'
-          setup-python: 'false'
-          cache: true
-
-      - name: Install missing Python packages
-        run: |
-          python3 -m pip install pip --upgrade
-          python3 -m pip install pytest
-          python3 -m pip install pytest-timeout
-          python3 -m pip install pytest-xdist
-          python3 -m pip install psutil
-
-      - name: CMake
-        run: |
-          cmake -S . -B cmake.output -DCMAKE_BUILD_TYPE=RelWithDebInfo -DHAVE_RULES=On -DBUILD_TESTING=On -DBUILD_GUI=On -DWITH_QCHART=On -DBUILD_TRIAGE=On -DUSE_MATCHCOMPILER=Verify -DANALYZE_THREAD=On -DENABLE_CHECK_INTERNAL=On -DUSE_BOOST=On -DCPPCHK_GLIBCXX_DEBUG=Off -DCMAKE_DISABLE_PRECOMPILE_HEADERS=On -DCMAKE_GLOBAL_AUTOGEN_TARGET=Off -DDISABLE_DMAKE=On -DFILESDIR= -DCMAKE_COMPILE_WARNING_AS_ERROR=On -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache
-        env:
-          CC: clang-22
-          CXX: clang++-22
-
-      - name: Build cppcheck
-        run: |
-          cmake --build cmake.output --target cppcheck -- -j $(nproc)
-
-      - name: Build test
-        run: |
-          cmake --build cmake.output --target testrunner -- -j $(nproc)
-
-      - name: Build GUI tests
-        run: |
-          cmake --build cmake.output --target gui-tests -- -j $(nproc)
-
-      - name: Run tests
-        run: ./cmake.output/bin/testrunner
-
-      - name: Run cfg tests
-        run: |
-          cmake --build cmake.output --target checkcfg -- -j $(nproc)
-
-      - name: Run CTest
-        if: false # TODO: test-filelist fails with data race in pthread_cond_destroy
-        run: |
-          ctest --test-dir cmake.output --output-on-failure -j$(nproc)
-
-      - name: Run test/cli
-        run: |
-          pwd=$(pwd)
-          TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
-        env:
-          TEST_CPPCHECK_INJECT_EXECUTOR: thread
-
-      - name: Run test/cli (-j2)
-        run: |
-          pwd=$(pwd)
-          TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
-        env:
-          TEST_CPPCHECK_INJECT_J: 2
-
-      - name: Run test/cli (--clang)
-        if: false
-        run: |
-          pwd=$(pwd)
-          TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
-        env:
-          TEST_CPPCHECK_INJECT_CLANG: clang
-
-      - name: Run test/cli (--cppcheck-build-dir)
-        run: |
-          pwd=$(pwd)
-          TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
-        env:
-          TEST_CPPCHECK_INJECT_BUILDDIR: injected
-
-      - name: Generate dependencies
-        if: false
-        run: |
-          # make sure auto-generated GUI files exist
-          make -C cmake.output autogen
-          make -C cmake.output gui-build-deps triage-build-ui-deps
-
-      # TODO: disabled for now as it takes around 40 minutes to finish
-      # set --error-exitcode=0 so we only fail on sanitizer issues - since it uses threads for execution it will exit the whole process on the first issue
-      - name: Self check
-        if: false
-        run: |
-          ./selfcheck_san.sh ./cmake.output "--executor=thread --error-exitcode=0"
diff --git a/.github/workflows/ubsan.yml b/.github/workflows/ubsan.yml
index 1502babdcdc..cf584c1d5b8 100644
--- a/.github/workflows/ubsan.yml
+++ b/.github/workflows/ubsan.yml
@@ -1,6 +1,6 @@
 # Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
 # Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners
-name: undefined behaviour sanitizers
+name: sanitizers
 
 on:
   push:
@@ -18,10 +18,34 @@ permissions:
 jobs:
   build:
 
+    strategy:
+      matrix:
+        include:
+          - sanitizer: 'asan'
+            cmake_opts: '-DANALYZE_ADDRESS=On'
+            run_ctest: true
+            inject_executor: 'process'
+            run_selfcheck: false  # TODO: this is currently way too slow (~60 minutes) to enable it
+          - sanitizer: 'tsan'
+            cmake_opts: '-DANALYZE_THREAD=On'
+            run_ctest: false   # TODO: test-filelist fails with data race in pthread_cond_destroy
+            inject_executor: 'thread'
+            run_selfcheck: false  # TODO: disabled for now as it takes around 40 minutes to finish
+            selfcheck_opts: '--executor=thread --error-exitcode=0'  # set --error-exitcode=0 so we only fail on sanitizer issues - since it uses threads for execution it will exit the whole process on the first issue
+          - sanitizer: 'ubsan'
+            cmake_opts: '-DANALYZE_UNDEFINED=On'
+            run_ctest: true
+            inject_executor: 'process'
+            run_selfcheck: true
+      fail-fast: false
+
     runs-on: ubuntu-22.04
 
     env:
       QT_VERSION: 6.10.0
+      ASAN_OPTIONS: detect_stack_use_after_return=1
+      LSAN_OPTIONS: suppressions=lsan-suppr.txt:print_suppressions=0
+      TSAN_OPTIONS: halt_on_error=1
       UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1:report_error_type=1
       # TODO: figure out why there are cache misses with PCH enabled
       CCACHE_SLOPPINESS: pch_defines,time_macros
@@ -34,7 +58,7 @@ jobs:
       - name: ccache
         uses: hendrikmuhs/ccache-action@v1.2
         with:
-          key: ${{ github.workflow }}-${{ github.job }}-${{ matrix.os }}
+          key: ${{ github.workflow }}-${{ github.job }}-${{ matrix.os }}-${{ matrix.sanitizer }}
 
       - name: Set up Python
         uses: actions/setup-python@v5
@@ -73,7 +97,7 @@ jobs:
 
       - name: CMake
         run: |
-          cmake -S . -B cmake.output -DCMAKE_BUILD_TYPE=RelWithDebInfo -DHAVE_RULES=On -DBUILD_TESTING=On -DBUILD_GUI=On -DWITH_QCHART=On -DBUILD_TRIAGE=On -DUSE_MATCHCOMPILER=Verify -DANALYZE_UNDEFINED=On -DENABLE_CHECK_INTERNAL=On -DUSE_BOOST=On -DCPPCHK_GLIBCXX_DEBUG=Off -DCMAKE_DISABLE_PRECOMPILE_HEADERS=On -DCMAKE_GLOBAL_AUTOGEN_TARGET=On -DDISABLE_DMAKE=On -DFILESDIR= -DCMAKE_COMPILE_WARNING_AS_ERROR=On -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache
+          cmake -S . -B cmake.output -DCMAKE_BUILD_TYPE=RelWithDebInfo -DHAVE_RULES=On -DBUILD_TESTING=On -DBUILD_GUI=On -DWITH_QCHART=On -DBUILD_TRIAGE=On -DUSE_MATCHCOMPILER=Verify ${{ matrix.cmake_opts }} -DENABLE_CHECK_INTERNAL=On -DUSE_BOOST=On -DCPPCHK_GLIBCXX_DEBUG=Off -DCMAKE_DISABLE_PRECOMPILE_HEADERS=On -DCMAKE_GLOBAL_AUTOGEN_TARGET=On -DDISABLE_DMAKE=On -DFILESDIR= -DCMAKE_COMPILE_WARNING_AS_ERROR=On -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache
         env:
           CC: clang-22
           CXX: clang++-22
@@ -97,14 +121,23 @@ jobs:
         run: |
           cmake --build cmake.output --target checkcfg -- -j $(nproc)
 
+      - name: Copy LSAN suppressions
+        if: matrix.sanitizer == 'asan'
+        run: |
+          cp lsan-suppr.txt cmake.output/bin
+
       - name: Run CTest
+        if: matrix.run_ctest
         run: |
+          cp lsan-suppr.txt cmake.output/bin
           ctest --test-dir cmake.output --output-on-failure -j$(nproc)
 
       - name: Run test/cli
         run: |
           pwd=$(pwd)
           TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
+        env:
+          TEST_CPPCHECK_INJECT_EXECUTOR: thread
 
       - name: Run test/cli (-j2)
         run: |
@@ -126,9 +159,10 @@ jobs:
           pwd=$(pwd)
           TEST_CPPCHECK_EXE_LOOKUP_PATH="$pwd/cmake.output" python3 -m pytest -Werror --strict-markers -vv -n auto test/cli
         env:
-          TEST_CPPCHECK_INJECT_BUILDDIR: injected
+          TEST_CPPCHECK_INJECT_BUILDDIR: ${{ matrix.inject_executor }}
 
       - name: Generate dependencies
+        if: matrix.run_selfcheck
         run: |
           # make sure auto-generated GUI files exist
           make -C cmake.output autogen
@@ -136,5 +170,6 @@ jobs:
 
       # TODO: only fail the step on sanitizer issues - since we use processes it will only fail the underlying process which will result in an cppcheckError
       - name: Self check
+        if: matrix.run_selfcheck
         run: |
-          ./selfcheck_san.sh ./cmake.output
+          ./selfcheck_san.sh ./cmake.output ${{ matrix.selfcheck_opts }}

From b07a15bf30254f26010a27c1148bf76800888b96 Mon Sep 17 00:00:00 2001
From: firewave <firewave@users.noreply.github.com>
Date: Fri, 27 Feb 2026 17:01:45 +0100
Subject: [PATCH 2/2] renamed sanitizer workflow to `sanitizers.yml`

---
 .github/workflows/{ubsan.yml => sanitizers.yml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{ubsan.yml => sanitizers.yml} (100%)

diff --git a/.github/workflows/ubsan.yml b/.github/workflows/sanitizers.yml
similarity index 100%
rename from .github/workflows/ubsan.yml
rename to .github/workflows/sanitizers.yml