- Add Doxygen documentation to new methods, members, constants, and
macros introduced by the TSAN/ASAN PR (Database::startReadThreads,
BasicApp::DeferStart, ResourceManager::start, XRPL_SANITIZER_ACTIVE,
coroStackSize, yieldStackSize)
- Add @note thread-safety tags where atomics were introduced
- Update Database constructor docs to reflect deferred thread startup
- Remove temporary CI filter that restricted builds to sanitizer-only
variants (must run full matrix before merge)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Clang doesn't have the 2GB shadow memory collision that GCC has,
so keep ASAN+UBSAN and TSAN+UBSAN combined for Clang-20. Only GCC-13
needs separate ASAN, TSAN, and UBSAN jobs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Combined ASAN+UBSAN instrumentation inflates data sections past 2GB,
colliding with ASAN's fixed shadow memory layout at 0x7fff8000+.
Split into independent ASAN, TSAN, and UBSAN jobs per compiler to
keep each binary within the shadow memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The previous commit (f13d17165a) switched the Conan profile from
-mcmodel=large to -mcmodel=medium for GCC ASAN builds, but missed
updating cmake/XrplSanitizers.cmake. The main xrpld binary was still
compiled with -mcmodel=large, inflating it to ~2.1GB with 64-bit
absolute addresses, which collided with ASAN's fixed shadow memory
layout at 0x7fff8000+.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Change -mcmodel=large to -mcmodel=medium for GCC ASAN builds. The large
model inflates code size with 64-bit absolute addresses, pushing the
binary past the 2GB limit where GCC's pre-compiled CRT startup code
(crtstuff.c) can't reach data sections with 32-bit relocations.
Medium model keeps code compact (CRT-compatible) while allowing data
beyond 2GB.
- Add nproc_subtract=20 for TSAN builds to reduce build parallelism.
TSAN instrumentation significantly increases per-compilation-unit memory
usage, causing OOM on CI runners with high parallelism.
- Plumb nproc_subtract from the CI matrix through to the build workflow
so individual configurations can control their parallelism.
- Temporarily restrict CI matrix to only the two previously-failing
configs (gcc-13 asan-ubsan, clang-20 tsan-ubsan) to validate fixes
without burning CI resources on passing configs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add suppression for pre-existing data race on LedgerHeader::validated
(plain bool mutable) between LedgerMaster worker thread and test code.
The flag is monotonic (false→true only), so the race is benign but
technically UB. Proper fix (atomic<bool>) deferred to a follow-up.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Suppress lock-order-inversion in LedgerReplayTask/LedgerDeltaAcquire
(28 TSAN warnings from pre-existing lock ordering issue).
- Add tools.build:cflags to Conan sanitizer profiles so that C
dependencies (ed25519) are compiled with -mcmodel=large and sanitizer
flags, fixing the GOTPCREL relocation overflow on GCC ASAN builds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Revert yield_to.h to use inline preprocessor blocks instead of
including sanitizers.h, avoiding a levelization loop between
xrpl.basics and xrpl.beast.
- Restructure XRPL_SANITIZER_ACTIVE fallback in sanitizers.h to avoid
the #ifndef/#define pattern that the rename check misdetects as an
include guard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix BasicApp::startIOThreads() member corruption: replace
while(numberOfThreads_--) with a for loop to preserve the member value.
- Fix Coro.ipp non-sanitizer stack size: increase default from 1MB to 2MB
to match yield_to.h and prevent stack overflows in deep call chains.
- Remove stale "TSAN deactivated" comment and dead activate_tsan variable
from CI matrix generator.
- Clarify Application.cpp setup() comment to distinguish io_context threads
from subsystem-specific threads.
- Use explicit load(std::memory_order_relaxed) at all SHAMap::ledgerSeq_
read sites for consistency with the atomic store.
- Extract sanitizer detection into XRPL_SANITIZER_ACTIVE macro in
sanitizers.h, replacing duplicated preprocessor blocks in Coro.ipp
and yield_to.h.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Make Journal::Sink::thresh_ atomic to fix data race between
concurrent log threshold reads (hot path) and writes (RPC/startup)
- Make SHAMap::ledgerSeq_ atomic to fix data race between concurrent
node fetch reads and ledger acquisition writes
- Suppress known lock-order-inversion between getMasterMutex() and
RCLConsensus::mutex_ (requires larger lock-ordering redesign)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
TSAN cannot instrument fcontext (assembly) context switches, causing
undefined symbol errors for fiber_activation_record::current(). Add
Conan build options and CMake defines to use the ucontext backend
for TSAN, matching the existing ASAN configuration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Include ByteUtilities.h in Coro.ipp so megabytes() is declared
- Use coroStackSize constant in coroutine constructor instead of
hardcoded 1536*1024, enabling sanitizer-aware stack sizing
- Initialize local variable in PropertyStream destructor to satisfy
clang-tidy cppcoreguidelines-init-variables
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This change:
* Removes a set of unnecessary brackets in the initialization of an `std::uint32_t`.
* Fixes a couple of incorrect flags (same value, just wrong variables - so no amendment needed).
This change replaces all instances of `<variable> != tesSUCCESS` with `!isTesSuccess(<variable>)` and `<variable> == tesSUCCESS` with `isTesSuccess(<variable>)`.
This change fixes delegation:
* If the Delegate object is not present, we should disallow empty permission list in DelegateSet preclaim.
* Empty permission list is only allowed to delete the existing Delegate object.
* In `doApply`, permission list being empty returns `tecINTERNAL`, which should not happen.
This change:
* Makes `addSLE` in `DIDSet` a static function, instead of a free function.
* Renames `Attestation` to `Data` everywhere (an artifact of a previous name for the field).
* Actually runs a set of tests that were not included in the `run` function of `DID_test`.
This change:
* Introduces a new helper function on `STTx`, `getFeePayer`.
* Removes the usage of `mSourceBalance` and replaces it with SLE balance lookups.
* Renames `mPriorBalance` to `preFeeBalance_`
This simplifies some of the code in the transactors and makes it a lot more readable.
