using shared libraries for subbprojects assimp when using sanitizers, and better build.sh

Author: maureeungaro

.github/workflows/codeql.yml

@@ -8,10 +8,6 @@ on:
   schedule:
     - cron: '20 2 * * 5'
 
-# default geant4 version.
-env:
-  DEFAULT_CONTAINER: ghcr.io/gemc/g4install:11.4.0-ubuntu-24.04
-
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
@@ -22,7 +18,7 @@ jobs:
     # Consider using larger runners or machines with greater resources for possible analysis time improvements.
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     # Use a container with G4 installed
-    container: ${{ env.DEFAULT_CONTAINER }}
+    container: ghcr.io/gemc/g4install:11.4.0-ubuntu-24.04
 
     permissions:
       # required for all workflows
@@ -35,18 +31,16 @@ jobs:
       actions: read
       contents: read
 
-
-
     strategy:
       fail-fast: false
       matrix:
         include:
-        - language: actions
-          build-mode: none
-        - language: c-cpp
-          build-mode: manual
-        - language: python
-          build-mode: none
+          - language: actions
+            build-mode: none
+          - language: c-cpp
+            build-mode: manual
+          - language: python
+            build-mode: none
         # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
         # Use `c-cpp` to analyze code written in C, C++ or both
         # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
@@ -58,51 +52,51 @@ jobs:
     # Skip this entire job if the commit was made by the merge queue bot
     if: github.event.head_commit.committer.name != 'github-merge-queue[bot]'
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    # Add any setup steps before running the `GitHub/codeql-action/init` action.
-    # This includes steps like installing compilers or runtimes (`actions/setup-node`
-    # or others). This is typically only required for manual builds.
-    # - name: Setup runtime (example)
-    #   uses: actions/setup-example@v1
+      # Add any setup steps before running the `GitHub/codeql-action/init` action.
+      # This includes steps like installing compilers or runtimes (`actions/setup-node`
+      # or others). This is typically only required for manual builds.
+      # - name: Setup runtime (example)
+      #   uses: actions/setup-example@v1
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
-        config-file: .github/codeql_config.yml
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          config-file: .github/codeql_config.yml
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
 
-    # If the analyze step fails for one of the languages you are analyzing with
-    # "We were unable to automatically build your code", modify the matrix above
-    # to set the build mode to "manual" for that language. Then modify this step
-    # to build your code.
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-    - if: matrix.build-mode == 'manual'
-      shell: bash
-      run: |
-        echo "Starting manual build for CodeQL..."
-        
-        export DOCKER_ENTRYPOINT_SOURCE_ONLY=1
-        . /usr/local/bin/docker-entrypoint.sh
-        module load geant4/"${{ matrix.g4v }}"
-      
-        ./ci/build.sh "${{ matrix.sanitizer }}"
-        
-        echo "Manual build finished."
+      # If the analyze step fails for one of the languages you are analyzing with
+      # "We were unable to automatically build your code", modify the matrix above
+      # to set the build mode to "manual" for that language. Then modify this step
+      # to build your code.
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      - if: matrix.build-mode == 'manual'
+        shell: bash
+        run: |
+          echo "Starting manual build for CodeQL..."
+          
+          export DOCKER_ENTRYPOINT_SOURCE_ONLY=1
+          . /usr/local/bin/docker-entrypoint.sh
+          module load geant4
+          
+          ./ci/build.sh 
+          
+          echo "Manual build finished."
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      env:
-        LD_PRELOAD: ""        # suppress trace‑library warning
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        env:
+          LD_PRELOAD: ""        # suppress trace‑library warning
+        with:
+          category: "/language:${{matrix.language}}"

ci/build.sh

@@ -59,10 +59,15 @@ fi
 show_gemc_installation
 
 # if $1 is NOT one of sanitize option, run meson test
-if [[ $1 != @(address|thread|undefined|leak) ]]; then
-  echo " > Running meson test with options  -C build -j 1 --print-errorlogs --no-rebuild --num-processes 1 " | tee $test_log
-  meson test -C build -v -j 1 --print-errorlogs --no-rebuild --num-processes 1 >> $test_log
-  echo "   - Successful: $(cat $test_log | grep "Ok:" | awk '{print $2}')"
-  echo "   - Failures: $(cat $test_log | grep "Fail:" | awk '{print $2}')"
-  echo " > Complete test log: $test_log"
-fi
+case "$1" in
+  address|thread|undefined|leak)
+    # sanitizer option -> do NOT run meson test
+    ;;
+  *)
+    echo " > Running meson test with options -C build -j 1 --print-errorlogs --no-rebuild --num-processes 1" | tee -a "$test_log"
+    meson test -C build -v -j 1 --print-errorlogs --no-rebuild --num-processes 1 >> "$test_log"
+    echo "   - Successful: $(grep -m1 'Ok:' "$test_log" | awk '{print $2}')"
+    echo "   - Failures: $(grep -m1 'Fail:' "$test_log" | awk '{print $2}')"
+    echo " > Complete test log: $test_log"
+    ;;
+esac

meson/meson.build

@@ -44,7 +44,7 @@ if (not root_dep.found()) and (not root_opt.disabled())
                               modules : ['ROOT::Core', 'ROOT::RIO', 'ROOT::Tree', 'ROOT::Hist'],
                               required : false
         )
-        message( 'root-config found. root_dep  dependency added')
+        message('root-config found. root_dep  dependency added')
     else
         if root_opt.enabled()
             warning('ROOT was explicitly enabled (-Droot=enabled) but root-config was not found.')
@@ -58,11 +58,11 @@ endif
 # geant4.pc if not found
 fs = import('fs')
 gemc_prefix = get_option('prefix')
-geant4_pc_path =  gemc_prefix / 'lib/pkgconfig'
+geant4_pc_path = gemc_prefix / 'lib/pkgconfig'
 geant4_pc = geant4_pc_path / 'geant4.pc'
-g4_pkgconfig_script =  meson.project_source_root() / 'meson/g4_pkgconfig.py'
+g4_pkgconfig_script = meson.project_source_root() / 'meson/g4_pkgconfig.py'
 if not fs.exists(geant4_pc)
-    message('geant4.pc not found in ' + geant4_pc + ', running install script to install it in ' + gemc_prefix )
+    message('geant4.pc not found in ' + geant4_pc + ', running install script to install it in ' + gemc_prefix)
     run_command(g4_pkgconfig_script, gemc_prefix, check : true)
 endif
 geant4_dep = dependency('geant4', version : '>=11.3.2')
@@ -104,15 +104,24 @@ cmake_opts.add_cmake_defines({
                                  'CMAKE_POLICY_VERSION_MINIMUM' : '4.0',
                              })
 
+sanitize = get_option('b_sanitize')  # string option: 'none', 'address', 'undefined', etc.
+
+# only use shared libraries if a sanitizer option is passed
+# this will avoid duplicate symbols errors when sanitizer is used, coming from static library usage
+use_sharedl = (sanitize != 'none')
+
+
 if host_machine.system() == 'darwin'
     # there's a macro collision in Assimp’s bundled zlib on macOS.
     # Using system zlib is fine on macos
     cmake_opts.add_cmake_defines({
+                                     'BUILD_SHARED_LIBS': use_sharedl,
                                      'ASSIMP_BUILD_ZLIB' : false,
                                  })
 else
     # Ubuntu: zlib is not compiled with fPic on the system. Let Assimp compile it.
     cmake_opts.add_cmake_defines({
+                                     'BUILD_SHARED_LIBS': use_sharedl,
                                      'ASSIMP_BUILD_ZLIB' : true,
                                  })
 endif