Merge branch 'ripple/wasmi' into wasmi-host-functions

2026-04-29 15:37:57 +00:00 · 2026-01-21 12:57:47 -05:00
parent 42494dd4cf ed5139d4e3
commit 8c3544a58c
55 changed files with 2749 additions and 956 deletions
--- a/.github/actions/build-deps/action.yml
+++ b/.github/actions/build-deps/action.yml
@@ -18,6 +18,10 @@ inputs:
    description: "The logging verbosity."
    required: false
    default: "verbose"
+  sanitizers:
+    description: "The sanitizers to enable."
+    required: false
+    default: ""

 runs:
  using: composite
@@ -29,9 +33,11 @@ runs:
        BUILD_OPTION: ${{ inputs.force_build == 'true' && '*' || 'missing' }}
        BUILD_TYPE: ${{ inputs.build_type }}
        LOG_VERBOSITY: ${{ inputs.log_verbosity }}
+        SANITIZERS: ${{ inputs.sanitizers }}
      run: |
        echo 'Installing dependencies.'
        conan install \
+          --profile ci \
          --build="${BUILD_OPTION}" \
          --options:host='&:tests=True' \
          --options:host='&:xrpld=True' \
--- a/.github/actions/setup-conan/action.yml
+++ b/.github/actions/setup-conan/action.yml
@@ -28,7 +28,7 @@ runs:
      shell: bash
      run: |
        echo 'Installing profile.'
-        conan config install conan/profiles/default -tf $(conan config home)/profiles/
+        conan config install conan/profiles/ -tf $(conan config home)/profiles/

        echo 'Conan profile:'
        conan profile show
--- a/.github/scripts/levelization/results/ordering.txt
+++ b/.github/scripts/levelization/results/ordering.txt
@@ -104,6 +104,7 @@ test.overlay > xrpl.basics
 test.overlay > xrpld.app
 test.overlay > xrpld.overlay
 test.overlay > xrpld.peerfinder
+test.overlay > xrpl.nodestore
 test.overlay > xrpl.protocol
 test.overlay > xrpl.shamap
 test.peerfinder > test.beast
--- a/.github/scripts/strategy-matrix/generate.py
+++ b/.github/scripts/strategy-matrix/generate.py
@@ -20,8 +20,8 @@ class Config:
 Generate a strategy matrix for GitHub Actions CI.

 On each PR commit we will build a selection of Debian, RHEL, Ubuntu, MacOS, and
-Windows configurations, while upon merge into the develop, release, or master
-branches, we will build all configurations, and test most of them.
+Windows configurations, while upon merge into the develop or release branches,
+we will build all configurations, and test most of them.

 We will further set additional CMake arguments as follows:
 - All builds will have the `tests`, `werr`, and `xrpld` options.
@@ -229,7 +229,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
        if (n := os["compiler_version"]) != "":
            config_name += f"-{n}"
        config_name += (
-            f"-{architecture['platform'][architecture['platform'].find('/') + 1 :]}"
+            f"-{architecture['platform'][architecture['platform'].find('/')+1:]}"
        )
        config_name += f"-{build_type.lower()}"
        if "-Dcoverage=ON" in cmake_args:
@@ -240,17 +240,53 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
        # Add the configuration to the list, with the most unique fields first,
        # so that they are easier to identify in the GitHub Actions UI, as long
        # names get truncated.
-        configurations.append(
-            {
-                "config_name": config_name,
-                "cmake_args": cmake_args,
-                "cmake_target": cmake_target,
-                "build_only": build_only,
-                "build_type": build_type,
-                "os": os,
-                "architecture": architecture,
-            }
-        )
+        # Add Address and Thread (both coupled with UB) sanitizers for specific bookworm distros.
+        # GCC-Asan rippled-embedded tests are failing because of https://github.com/google/sanitizers/issues/856
+        if (
+            os["distro_version"] == "bookworm"
+            and f"{os['compiler_name']}-{os['compiler_version']}" == "clang-20"
+        ):
+            # Add ASAN + UBSAN configuration.
+            configurations.append(
+                {
+                    "config_name": config_name + "-asan-ubsan",
+                    "cmake_args": cmake_args,
+                    "cmake_target": cmake_target,
+                    "build_only": build_only,
+                    "build_type": build_type,
+                    "os": os,
+                    "architecture": architecture,
+                    "sanitizers": "address,undefinedbehavior",
+                }
+            )
+            # TSAN is deactivated due to seg faults with latest compilers.
+            activate_tsan = False
+            if activate_tsan:
+                configurations.append(
+                    {
+                        "config_name": config_name + "-tsan-ubsan",
+                        "cmake_args": cmake_args,
+                        "cmake_target": cmake_target,
+                        "build_only": build_only,
+                        "build_type": build_type,
+                        "os": os,
+                        "architecture": architecture,
+                        "sanitizers": "thread,undefinedbehavior",
+                    }
+                )
+        else:
+            configurations.append(
+                {
+                    "config_name": config_name,
+                    "cmake_args": cmake_args,
+                    "cmake_target": cmake_target,
+                    "build_only": build_only,
+                    "build_type": build_type,
+                    "os": os,
+                    "architecture": architecture,
+                    "sanitizers": "",
+                }
+            )

    return configurations

--- a/.github/workflows/on-pr.yml
+++ b/.github/workflows/on-pr.yml
@@ -125,7 +125,7 @@ jobs:
    needs:
      - should-run
      - build-test
-    if: ${{ needs.should-run.outputs.go == 'true' && (startsWith(github.base_ref, 'release') || github.base_ref == 'master') }}
+    if: ${{ needs.should-run.outputs.go == 'true' && startsWith(github.ref, 'refs/heads/release') }}
    uses: ./.github/workflows/reusable-notify-clio.yml
    secrets:
      clio_notify_token: ${{ secrets.CLIO_NOTIFY_TOKEN }}
--- a/.github/workflows/on-trigger.yml
+++ b/.github/workflows/on-trigger.yml
@@ -1,9 +1,8 @@
-# This workflow runs all workflows to build the dependencies required for the
-# project on various Linux flavors, as well as on MacOS and Windows, on a
-# scheduled basis, on merge into the 'develop', 'release', or 'master' branches,
-# or manually. The missing commits check is only run when the code is merged
-# into the 'develop' or 'release' branches, and the documentation is built when
-# the code is merged into the 'develop' branch.
+# This workflow runs all workflows to build and test the code on various Linux
+# flavors, as well as on MacOS and Windows, on a scheduled basis, on merge into
+# the 'develop' or 'release*' branches, or when requested manually. Upon
+# successful completion, it also uploads the built libxrpl package to the Conan
+# remote.
 name: Trigger

 on:
@@ -11,7 +10,6 @@ on:
    branches:
      - "develop"
      - "release*"
-      - "master"
    paths:
      # These paths are unique to `on-trigger.yml`.
      - ".github/workflows/on-trigger.yml"
@@ -70,10 +68,10 @@ jobs:
    with:
      # Enable ccache only for events targeting the XRPLF repository, since
      # other accounts will not have access to our remote cache storage.
-      # However, we do not enable ccache for events targeting the master or a
-      # release branch, to protect against the rare case that the output
-      # produced by ccache is not identical to a regular compilation.
-      ccache_enabled: ${{ github.repository_owner == 'XRPLF' && !(github.base_ref == 'master' || startsWith(github.base_ref, 'release')) }}
+      # However, we do not enable ccache for events targeting a release branch,
+      # to protect against the rare case that the output produced by ccache is
+      # not identical to a regular compilation.
+      ccache_enabled: ${{ github.repository_owner == 'XRPLF' && !startsWith(github.ref, 'refs/heads/release') }}
      os: ${{ matrix.os }}
      strategy_matrix: ${{ github.event_name == 'schedule' && 'all' || 'minimal' }}
    secrets:
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -3,7 +3,9 @@ name: Run pre-commit hooks
 on:
  pull_request:
  push:
-    branches: [develop, release, master]
+    branches:
+      - "develop"
+      - "release*"
  workflow_dispatch:

 jobs:
--- a/.github/workflows/reusable-build-test-config.yml
+++ b/.github/workflows/reusable-build-test-config.yml
@@ -51,6 +51,12 @@ on:
        type: number
        default: 2

+      sanitizers:
+        description: "The sanitizers to enable."
+        required: false
+        type: string
+        default: ""
+
    secrets:
      CODECOV_TOKEN:
        description: "The Codecov token to use for uploading coverage reports."
@@ -91,6 +97,7 @@ jobs:
      # Determine if coverage and voidstar should be enabled.
      COVERAGE_ENABLED: ${{ contains(inputs.cmake_args, '-Dcoverage=ON') }}
      VOIDSTAR_ENABLED: ${{ contains(inputs.cmake_args, '-Dvoidstar=ON') }}
+      SANITIZERS_ENABLED: ${{ inputs.sanitizers != '' }}
    steps:
      - name: Cleanup workspace (macOS and Windows)
        if: ${{ runner.os == 'macOS' || runner.os == 'Windows' }}
@@ -128,11 +135,13 @@ jobs:
          # Set the verbosity to "quiet" for Windows to avoid an excessive
          # amount of logs. For other OSes, the "verbose" logs are more useful.
          log_verbosity: ${{ runner.os == 'Windows' && 'quiet' || 'verbose' }}
+          sanitizers: ${{ inputs.sanitizers }}

      - name: Configure CMake
        working-directory: ${{ env.BUILD_DIR }}
        env:
          BUILD_TYPE: ${{ inputs.build_type }}
+          SANITIZERS: ${{ inputs.sanitizers }}
          CMAKE_ARGS: ${{ inputs.cmake_args }}
        run: |
          cmake \
@@ -174,7 +183,7 @@ jobs:
          if-no-files-found: error

      - name: Check linking (Linux)
-        if: ${{ runner.os == 'Linux' }}
+        if: ${{ runner.os == 'Linux' && env.SANITIZERS_ENABLED == 'false' }}
        working-directory: ${{ env.BUILD_DIR }}
        run: |
          ldd ./xrpld
@@ -191,6 +200,14 @@ jobs:
        run: |
          ./xrpld --version | grep libvoidstar

+      - name: Set sanitizer options
+        if: ${{ !inputs.build_only && env.SANITIZERS_ENABLED == 'true' }}
+        run: |
+          echo "ASAN_OPTIONS=print_stacktrace=1:detect_container_overflow=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/asan.supp" >> ${GITHUB_ENV}
+          echo "TSAN_OPTIONS=second_deadlock_stack=1:halt_on_error=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/tsan.supp" >> ${GITHUB_ENV}
+          echo "UBSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/ubsan.supp" >> ${GITHUB_ENV}
+          echo "LSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/lsan.supp" >> ${GITHUB_ENV}
+
      - name: Run the separate tests
        if: ${{ !inputs.build_only }}
        working-directory: ${{ env.BUILD_DIR }}
--- a/.github/workflows/reusable-build-test.yml
+++ b/.github/workflows/reusable-build-test.yml
@@ -57,5 +57,6 @@ jobs:
      runs_on: ${{ toJSON(matrix.architecture.runner) }}
      image: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-{4}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version, matrix.os.image_sha) || '' }}
      config_name: ${{ matrix.config_name }}
+      sanitizers: ${{ matrix.sanitizers }}
    secrets:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}