Add suppression for pre-existing data race on LedgerHeader::validated
(plain bool mutable) between LedgerMaster worker thread and test code.
The flag is monotonic (false→true only), so the race is benign but
technically UB. Proper fix (atomic<bool>) deferred to a follow-up.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Suppress lock-order-inversion in LedgerReplayTask/LedgerDeltaAcquire
(28 TSAN warnings from pre-existing lock ordering issue).
- Add tools.build:cflags to Conan sanitizer profiles so that C
dependencies (ed25519) are compiled with -mcmodel=large and sanitizer
flags, fixing the GOTPCREL relocation overflow on GCC ASAN builds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Revert yield_to.h to use inline preprocessor blocks instead of
including sanitizers.h, avoiding a levelization loop between
xrpl.basics and xrpl.beast.
- Restructure XRPL_SANITIZER_ACTIVE fallback in sanitizers.h to avoid
the #ifndef/#define pattern that the rename check misdetects as an
include guard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix BasicApp::startIOThreads() member corruption: replace
while(numberOfThreads_--) with a for loop to preserve the member value.
- Fix Coro.ipp non-sanitizer stack size: increase default from 1MB to 2MB
to match yield_to.h and prevent stack overflows in deep call chains.
- Remove stale "TSAN deactivated" comment and dead activate_tsan variable
from CI matrix generator.
- Clarify Application.cpp setup() comment to distinguish io_context threads
from subsystem-specific threads.
- Use explicit load(std::memory_order_relaxed) at all SHAMap::ledgerSeq_
read sites for consistency with the atomic store.
- Extract sanitizer detection into XRPL_SANITIZER_ACTIVE macro in
sanitizers.h, replacing duplicated preprocessor blocks in Coro.ipp
and yield_to.h.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Make Journal::Sink::thresh_ atomic to fix data race between
concurrent log threshold reads (hot path) and writes (RPC/startup)
- Make SHAMap::ledgerSeq_ atomic to fix data race between concurrent
node fetch reads and ledger acquisition writes
- Suppress known lock-order-inversion between getMasterMutex() and
RCLConsensus::mutex_ (requires larger lock-ordering redesign)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
TSAN cannot instrument fcontext (assembly) context switches, causing
undefined symbol errors for fiber_activation_record::current(). Add
Conan build options and CMake defines to use the ucontext backend
for TSAN, matching the existing ASAN configuration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Include ByteUtilities.h in Coro.ipp so megabytes() is declared
- Use coroStackSize constant in coroutine constructor instead of
hardcoded 1536*1024, enabling sanitizer-aware stack sizing
- Initialize local variable in PropertyStream destructor to satisfy
clang-tidy cppcoreguidelines-init-variables
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This change:
* Removes a set of unnecessary brackets in the initialization of an `std::uint32_t`.
* Fixes a couple of incorrect flags (same value, just wrong variables - so no amendment needed).
This change replaces all instances of `<variable> != tesSUCCESS` with `!isTesSuccess(<variable>)` and `<variable> == tesSUCCESS` with `isTesSuccess(<variable>)`.
This change fixes delegation:
* If the Delegate object is not present, we should disallow empty permission list in DelegateSet preclaim.
* Empty permission list is only allowed to delete the existing Delegate object.
* In `doApply`, permission list being empty returns `tecINTERNAL`, which should not happen.
This change:
* Makes `addSLE` in `DIDSet` a static function, instead of a free function.
* Renames `Attestation` to `Data` everywhere (an artifact of a previous name for the field).
* Actually runs a set of tests that were not included in the `run` function of `DID_test`.
This change:
* Introduces a new helper function on `STTx`, `getFeePayer`.
* Removes the usage of `mSourceBalance` and replaces it with SLE balance lookups.
* Renames `mPriorBalance` to `preFeeBalance_`
This simplifies some of the code in the transactors and makes it a lot more readable.
Throwing exceptions from code sometime confuses ASAN, as it cannot keep track of stack frames. This change therefore adds a macro to skip instrumentation around the `Throw` function.
This change moves the sanitizer runtime options out to dedicated files, such that they can be used in multiple places (CI, local runs) without any need to rewrite them.
Per [XLS-0095](https://xls.xrpl.org/xls/XLS-0095-rename-rippled-to-xrpld.html), we are taking steps to rename ripple(d) to xrpl(d). This change modifies the system name from `rippled` to `xrpld`.
The system name is used in limited places:
* When no explicit config file is passed via the `--config` flag, then the system name is used to construct the path where the config file and database may be stored, via the `$XDG_CONFIG_HOME` and `$XDG_DATA_HOME` directories, respectively.
* It is used in the metadata and user-agent as part of RPC calls.
* It is newly used in the full version string.
ASAN wasn't able to keep track of `boost::coroutine` context switches, and would lead to many false positives being detected. By switching to `boost::coroutine2` and `ucontext`, ASAN is able to know about the context switches advertised by the `boost::fiber` class, which in turn leads to more cleaner ASAN analysis.
The `HTTPClient` class initializes a global SSL context via `initializeSSLContext()`. However, it had no way to release it, which caused memory leaks flagged by the LeakSanitizer. Multiple LSAN suppressions in the sanitizers' suppressions file were masking these leaks. Our test code also manually called `initializeSSLContext()` in each test without guaranteed cleanup on failure paths.
This change fixes these memory leaks by adding a `cleanupSSLContext()` method to properly release the global SSL context, and removes the corresponding LSAN suppressions. The change further refactors the `HTTPClient` tests to use a Google Test fixture (`HTTPClientTest`) that manages the SSL context lifecycle via RAII (SetUp/TearDown), making it impossible for tests to leak the context.
This change deletes the `SecretKey` equality/inequality operators from the public library header and moves the comparison logic into test-only code.
Specifically, the `operator==` and `operator!=` free functions on `SecretKey` have been removed from `include/xrpl/protocol/SecretKey.h` and have been replaced with explicitly deleted member functions to prevent accidental use in production code. A named `test::equal()` helper has also been added in `src/test/unit_test/utils.h` for test assertions that need to compare secret keys.
This change removes an unnecessary newline in a logging statement. Namely, `std::endl` is unneeded in `JLOG`, since it automatically places a newline at the end of the string.
This change enforces a maximum length of 63 characters on feature names, as well as not permitting an exactly 32 character long feature name to avoid confusion with those that use a `uint256` hex representation, as that is an alternative way to specify a feature. This change further prevents the use of Unicode characters in feature names, because some can be confused with regular ASCII characters despite being valid in identifiers.
The `setFieldU32` call is currently used to set the credential's expiry using a `getFieldU32` call to obtain the expiration time. However, that value was already obtained previously and can thus be reused.
DID, Escrows, PaymentChannels, and Credentials previously contained multiple unrelated transactor classes in a single header/implementation pair. This change splits each into one class per file, following the same pattern established by the rest of the codebase.
Now that prefixes in PR titles are being validated as part of CI, the "Type of Change" section in the PR template is no longer needed. The prefixes and descriptions in the `CONTRIBUTING.md` file have been updated to reflect the currently supported list.
Subscribe tests have a problem that there is no way to synchronize application running in background threads and test threads. Threads are communicating via websocket messages. When the code is compiled in debug mode with code coverage enabled it executes quite slow, so receiving websocket messages by the client in subscribe tests may time out.
This change does 2 things to fix the problem:
* Increases timeout for receiving a websocket message.
* Decreases the number of tests running in parallel.
While testing the fix for subscribe test another flaky test in ledger replay was found, which has also been addressed.
