ci: cmake asan buildspec (aws#4048)

codebuild/README.md

@@ -0,0 +1,41 @@
+# Docker Image Structure
+The codebuild specifications are run on a custom docker images that have the test dependencies installed. The docker image structure is described below.
+
+### libcrypto
+Various libcryptos are installed to `/usr/local/$LIBCRYPTO` directories. For example
+```
+# non-exhaustive list
+/usr/local/openssl-1.0.2/lib/libcrypto.a
+/usr/local/openssl-1.0.2/lib/libcrypto.so
+/usr/local/openssl-1.0.2/lib/libcrypto.so.1.0.0
+/usr/local/openssl-1.0.2/lib/pkgconfig/libcrypto.pc
+/usr/local/openssl-3.0/lib64/libcrypto.a
+/usr/local/openssl-3.0/lib64/libcrypto.so.3
+/usr/local/openssl-3.0/lib64/libcrypto.so
+/usr/local/openssl-3.0/lib64/pkgconfig/libcrypto.pc
+/usr/local/boringssl/lib/libcrypto.so
+/usr/local/awslc/lib/libcrypto.a
+/usr/local/awslc/lib/libcrypto.so
+```
+
+Packages installed from the `apt` package manager can generally be found in `/usr/lib`. For example, our 32 bit build uses the 32 bit `i386` libcrypto, and it's artifacts are located at
+```
+/usr/lib/i386-linux-gnu/libcrypto.a
+/usr/lib/i386-linux-gnu/libcrypto.so.3
+/usr/lib/i386-linux-gnu/libcrypto.so
+/usr/lib/i386-linux-gnu/pkgconfig/libcrypto.pc
+```
+
+When the docker image is available locally, the structure can be easily examined by attaching an interactive terminal to the container with the following command
+```
+docker run --entrypoint /bin/bash -it --privileged <image id>
+```
+
+Then the `find` command can be used to look at the various artifacts that are available.
+```
+sudo find / -name libcrypto* # list all libcrypto artifacts
+```
+or
+```
+sudo find / -name clang* # find all clang binaries
+```

codebuild/spec/buildspec_asan.yml

@@ -0,0 +1,63 @@
+---
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
+# this file except in compliance with the License. A copy of the License is
+# located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing permissions and
+# limitations under the License.
+version: 0.2
+
+# This buildspec runs on an Ubuntu22 image. That configuration is a property of
+# the codebuild job itself.
+
+# Codebuild's matrix jobs have non-differentiated names so use batch-list
+# instead.
+batch:
+  build-list:
+    # awslc is the happy path libcrypto for s2n-tls
+    - identifier: awslc
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: awslc
+    # s2n-tls takes different code paths for ossl3, so make sure we run asan on
+    # it. See pr 4033 for a historical motivating example.
+    - identifier: openssl_3_0
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: openssl-3.0
+    # openssl 1.1.1 is a widely deployed version of openssl.
+    - identifier: openssl_1_1_1
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: openssl-1.1.1
+    # openssl 1.0.2 is the default distributed on AL2, and AL2 is still widely
+    # deployed
+    - identifier: openssl_1_0_2
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: openssl-1.0.2
+
+phases:
+  build:
+    on-failure: ABORT
+    commands:
+      - |
+        cmake . -Bbuild \
+          -DCMAKE_C_COMPILER=/usr/bin/clang \
+          -DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO \
+          -DASAN=ON
+      - cmake --build ./build -- -j $(nproc)
+  post_build:
+    on-failure: ABORT
+    commands:
+      - CTEST_OUTPUT_ON_FAILURE=1 CTEST_PARALLEL_LEVEL=$(nproc) make -C build test