chore: Bring confidential-devnet to tip of confidential/transfer branch (#6435)

docs/.gitignore

@@ -1,3 +0,0 @@
-html
-temp
-out.txt

docs/0001-negative-unl/README.md

@@ -134,7 +134,7 @@ validation messages (_PAV_) received from each validator on the node's UNL. Note
 that the node will only count the validation messages that agree with its own
 validations.
 
-We define the **PAV** as the **P**ercentage of **A**greed **V**alidation
+We define the **PAV** as the Percentage of Agreed Validation
 messages received for the last N ledgers, where N = 256 by default.
 
 When the PAV drops below the **_low-water mark_**, the validator is considered

docs/0001-negative-unl/negativeUNLSqDiagram.puml

@@ -43,14 +43,14 @@ alt phase == OPEN
             alt sqn%256==0
             CA -[#green]> RM: <font color=green>getValidations
             CA -[#green]> CA: <font color=green>create UNLModify Tx
-            hnote over CA#lightgreen: use validatations of the last 256 ledgers\nto figure out UNLModify Tx candidates.\nIf any, create UNLModify Tx, and add to TxSet.
+            hnote over CA#lightgreen: use validations of the last 256 ledgers\nto figure out UNLModify Tx candidates.\nIf any, create UNLModify Tx, and add to TxSet.
             end
         CA -> GC
         GC -> CA: propose
         deactivate CA
     end
 else phase == ESTABLISH
-    hnote over GC: receive peer postions
+    hnote over GC: receive peer positions
     GC -> GC : update our position
     GC -> CA : propose \n(if position changed)
     GC -> GC : check if have consensus

docs/README.md

@@ -54,8 +54,8 @@ There is a `docs` target in the CMake configuration.
 ```
 mkdir build
 cd build
-cmake ..
-cmake --build . --target docs
+cmake -Donly_docs=ON ..
+cmake --build . --target docs --parallel
 ```
 
 The output will be in `build/docs/html`.

docs/build/sanitizers.md

@@ -0,0 +1,207 @@
+# Sanitizer Configuration for Rippled
+
+This document explains how to properly configure and run sanitizers (AddressSanitizer, undefinedbehaviorSanitizer, ThreadSanitizer) with the xrpld project.
+Corresponding suppression files are located in the `sanitizers/suppressions` directory.
+
+- [Sanitizer Configuration for Rippled](#sanitizer-configuration-for-rippled)
+  - [Building with Sanitizers](#building-with-sanitizers)
+    - [Summary](#summary)
+    - [Build steps:](#build-steps)
+      - [Install dependencies](#install-dependencies)
+      - [Call CMake](#call-cmake)
+      - [Build](#build)
+  - [Running Tests with Sanitizers](#running-tests-with-sanitizers)
+    - [AddressSanitizer (ASAN)](#addresssanitizer-asan)
+    - [ThreadSanitizer (TSan)](#threadsanitizer-tsan)
+    - [LeakSanitizer (LSan)](#leaksanitizer-lsan)
+    - [UndefinedBehaviorSanitizer (UBSan)](#undefinedbehaviorsanitizer-ubsan)
+  - [Suppression Files](#suppression-files)
+    - [`asan.supp`](#asansupp)
+    - [`lsan.supp`](#lsansupp)
+    - [`ubsan.supp`](#ubsansupp)
+    - [`tsan.supp`](#tsansupp)
+    - [`sanitizer-ignorelist.txt`](#sanitizer-ignorelisttxt)
+  - [Troubleshooting](#troubleshooting)
+    - ["ASAN is ignoring requested \_\_asan_handle_no_return" warnings](#asan-is-ignoring-requested-__asan_handle_no_return-warnings)
+    - [Sanitizer Mismatch Errors](#sanitizer-mismatch-errors)
+  - [References](#references)
+
+## Building with Sanitizers
+
+### Summary
+
+Follow the same instructions as mentioned in [BUILD.md](../../BUILD.md) but with the following changes:
+
+1. Make sure you have a clean build directory.
+2. Set the `SANITIZERS` environment variable before calling conan install and cmake. Only set it once. Make sure both conan and cmake read the same values.
+   Example: `export SANITIZERS=address,undefinedbehavior`
+3. Optionally use `--profile:all sanitizers` with Conan to build dependencies with sanitizer instrumentation. [!NOTE]Building with sanitizer-instrumented dependencies is slower but produces fewer false positives.
+4. Set `ASAN_OPTIONS`, `LSAN_OPTIONS`, `UBSAN_OPTIONS` and `TSAN_OPTIONS` environment variables to configure sanitizer behavior when running executables. [More details below](#running-tests-with-sanitizers).
+
+---
+
+### Build steps:
+
+```bash
+cd /path/to/rippled
+rm -rf .build
+mkdir .build
+cd .build
+```
+
+#### Install dependencies
+
+The `SANITIZERS` environment variable is used by both Conan and CMake.
+
+```bash
+export SANITIZERS=address,undefinedbehavior
+# Standard build (without instrumenting dependencies)
+conan install .. --output-folder . --build missing --settings build_type=Debug
+
+# Or with sanitizer-instrumented dependencies (takes longer but fewer false positives)
+conan install .. --output-folder . --profile:all sanitizers --build missing --settings build_type=Debug
+```
+
+[!CAUTION]
+Do not mix Address and Thread sanitizers - they are incompatible.
+
+Since you already set the `SANITIZERS` environment variable when running Conan, same values will be read for the next part.
+
+#### Call CMake
+
+```bash
+cmake .. -G Ninja \
+    -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
+    -DCMAKE_BUILD_TYPE=Debug \
+    -Dtests=ON -Dxrpld=ON
+```
+
+#### Build
+
+```bash
+cmake --build . --parallel 4
+```
+
+## Running Tests with Sanitizers
+
+### AddressSanitizer (ASAN)
+
+**IMPORTANT**: ASAN with Boost produces many false positives. Use these options:
+
+```bash
+export ASAN_OPTIONS="print_stacktrace=1:detect_container_overflow=0:suppressions=path/to/asan.supp:halt_on_error=0:log_path=asan.log"
+export LSAN_OPTIONS="suppressions=path/to/lsan.supp:halt_on_error=0:log_path=lsan.log"
+
+# Run tests
+./xrpld --unittest --unittest-jobs=5
+```
+
+**Why `detect_container_overflow=0`?**
+
+- Boost intrusive containers (used in `aged_unordered_container`) trigger false positives
+- Boost context switching (used in `Workers.cpp`) confuses ASAN's stack tracking
+- Since we usually don't build Boost (because we don't want to instrument Boost and detect issues in Boost code) with ASAN but use Boost containers in ASAN instrumented rippled code, it generates false positives.
+- Building dependencies with ASAN instrumentation reduces false positives. But we don't want to instrument dependencies like Boost with ASAN because it is slow (to compile as well as run tests) and not necessary.
+- See: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow
+- More such flags are detailed [here](https://github.com/google/sanitizers/wiki/AddressSanitizerFlags)
+
+### ThreadSanitizer (TSan)
+
+```bash
+export TSAN_OPTIONS="suppressions=path/to/tsan.supp halt_on_error=0 log_path=tsan.log"
+
+# Run tests
+./xrpld --unittest --unittest-jobs=5
+```
+
+More details [here](https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual).
+
+### LeakSanitizer (LSan)
+
+LSan is automatically enabled with ASAN. To disable it:
+
+```bash
+export ASAN_OPTIONS="detect_leaks=0"
+```
+
+More details [here](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer).
+
+### UndefinedBehaviorSanitizer (UBSan)
+
+```bash
+export UBSAN_OPTIONS="suppressions=path/to/ubsan.supp:print_stacktrace=1:halt_on_error=0:log_path=ubsan.log"
+
+# Run tests
+./xrpld --unittest --unittest-jobs=5
+```
+
+More details [here](https://clang.llvm.org/docs/undefinedbehaviorSanitizer.html).
+
+## Suppression Files
+
+[!NOTE] Attached files contain more details.
+
+### [`asan.supp`](../../sanitizers/suppressions/asan.supp)
+
+- **Purpose**: Suppress AddressSanitizer (ASAN) errors only
+- **Format**: `interceptor_name:<pattern>` where pattern matches file names. Supported suppression types are:
+  - interceptor_name
+  - interceptor_via_fun
+  - interceptor_via_lib
+  - odr_violation
+- **More info**: [AddressSanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer)
+- **Note**: Cannot suppress stack-buffer-overflow, container-overflow, etc.
+
+### [`lsan.supp`](../../sanitizers/suppressions/lsan.supp)
+
+- **Purpose**: Suppress LeakSanitizer (LSan) errors only
+- **Format**: `leak:<pattern>` where pattern matches function/file names
+- **More info**: [LeakSanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer)
+
+### [`ubsan.supp`](../../sanitizers/suppressions/ubsan.supp)
+
+- **Purpose**: Suppress undefinedbehaviorSanitizer errors
+- **Format**: `<error_type>:<pattern>` (e.g., `unsigned-integer-overflow:protobuf`)
+- **Covers**: Intentional overflows in sanitizers/suppressions libraries (protobuf, gRPC, stdlib)
+- More info [UBSan suppressions](https://clang.llvm.org/docs/SanitizerSpecialCaseList.html).
+
+### [`tsan.supp`](../../sanitizers/suppressions/tsan.supp)
+
+- **Purpose**: Suppress ThreadSanitizer data race warnings
+- **Format**: `race:<pattern>` where pattern matches function/file names
+- **More info**: [ThreadSanitizer suppressions](https://github.com/google/sanitizers/wiki/ThreadSanitizerSuppressions)
+
+### [`sanitizer-ignorelist.txt`](../../sanitizers/suppressions/sanitizer-ignorelist.txt)
+
+- **Purpose**: Compile-time ignorelist for all sanitizers
+- **Usage**: Passed via `-fsanitize-ignorelist=absolute/path/to/sanitizer-ignorelist.txt`
+- **Format**: `<level>:<pattern>` (e.g., `src:Workers.cpp`)
+
+## Troubleshooting
+
+### "ASAN is ignoring requested \_\_asan_handle_no_return" warnings
+
+These warnings appear when using Boost context switching and are harmless. They indicate potential false positives.
+
+### Sanitizer Mismatch Errors
+
+If you see undefined symbols like `___tsan_atomic_load` when building with ASAN:
+
+**Problem**: Dependencies were built with a different sanitizer than the main project.
+
+**Solution**: Rebuild everything with the same sanitizer:
+
+```bash
+rm -rf .build
+# Then follow the build instructions above
+```
+
+Then review the log files: `asan.log.*`, `ubsan.log.*`, `tsan.log.*`
+
+## References
+
+- [AddressSanitizer Wiki](https://github.com/google/sanitizers/wiki/AddressSanitizer)
+- [AddressSanitizer Flags](https://github.com/google/sanitizers/wiki/AddressSanitizerFlags)
+- [Container Overflow Detection](https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow)
+- [UndefinedBehavior Sanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html)
+- [ThreadSanitizer](https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual)

docs/consensus.md

@@ -189,7 +189,7 @@ validations. It checks this on every call to `timerEntry`.
 - _Wrong Ledger_ indicates the node is not working on the correct prior ledger
   and does not have it available. It requests that ledger from the network, but
   continues to work towards consensus this round while waiting. If it had been
-  _proposing_, it will send a special "bowout" proposal to its peers to indicate
+  _proposing_, it will send a special "bow-out" proposal to its peers to indicate
   its change in mode for the rest of this round. For the duration of the round,
   it defers to peer positions for determining the consensus outcome as if it
   were just _observing_.
@@ -515,7 +515,7 @@ are excerpts of the generic consensus implementation and of helper types that wi
 interact with the concrete implementing class.
 
 ```{.cpp}
-// Represents a transction under dispute this round
+// Represents a transaction under dispute this round
 template <class Tx_t, class NodeID_t> class DisputedTx;
 
 // Represents how the node participates in Consensus this round