Merge branch 'pratik/Add-sanitizers-to-CI-builds' into pratik/Fix-ubsan-flagged-issues

Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>

.github/actions/build-deps/action.yml

@@ -18,6 +18,10 @@ inputs:
     description: "The logging verbosity."
     required: false
     default: "verbose"
+  sanitizers:
+    description: "The sanitizers to enable."
+    required: false
+    default: ""
 
 runs:
   using: composite
@@ -29,9 +33,11 @@ runs:
         BUILD_OPTION: ${{ inputs.force_build == 'true' && '*' || 'missing' }}
         BUILD_TYPE: ${{ inputs.build_type }}
         LOG_VERBOSITY: ${{ inputs.log_verbosity }}
+        SANITIZERS: ${{ inputs.sanitizers }}
       run: |
         echo 'Installing dependencies.'
         conan install \
+          --profile ci \
           --build="${BUILD_OPTION}" \
           --options:host='&:tests=True' \
           --options:host='&:xrpld=True' \

.github/actions/setup-conan/action.yml

@@ -28,7 +28,7 @@ runs:
       shell: bash
       run: |
         echo 'Installing profile.'
-        conan config install conan/profiles/default -tf $(conan config home)/profiles/
+        conan config install conan/profiles/ -tf $(conan config home)/profiles/
 
         echo 'Conan profile:'
         conan profile show

.github/scripts/strategy-matrix/generate.py

@@ -229,7 +229,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         if (n := os["compiler_version"]) != "":
             config_name += f"-{n}"
         config_name += (
-            f"-{architecture['platform'][architecture['platform'].find('/') + 1 :]}"
+            f"-{architecture['platform'][architecture['platform'].find('/')+1:]}"
         )
         config_name += f"-{build_type.lower()}"
         if "-Dcoverage=ON" in cmake_args:
@@ -240,17 +240,53 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         # Add the configuration to the list, with the most unique fields first,
         # so that they are easier to identify in the GitHub Actions UI, as long
         # names get truncated.
-        configurations.append(
-            {
-                "config_name": config_name,
-                "cmake_args": cmake_args,
-                "cmake_target": cmake_target,
-                "build_only": build_only,
-                "build_type": build_type,
-                "os": os,
-                "architecture": architecture,
-            }
-        )
+        # Add Address and Thread (both coupled with UB) sanitizers for specific bookworm distros.
+        # GCC-Asan rippled-embedded tests are failing because of https://github.com/google/sanitizers/issues/856
+        if (
+            os["distro_version"] == "bookworm"
+            and f"{os['compiler_name']}-{os['compiler_version']}" == "clang-20"
+        ):
+            # Add ASAN + UBSAN configuration.
+            configurations.append(
+                {
+                    "config_name": config_name + "-asan-ubsan",
+                    "cmake_args": cmake_args,
+                    "cmake_target": cmake_target,
+                    "build_only": build_only,
+                    "build_type": build_type,
+                    "os": os,
+                    "architecture": architecture,
+                    "sanitizers": "address,undefinedbehavior",
+                }
+            )
+            # TSAN is deactivated due to seg faults with latest compilers.
+            activateTSAN = False
+            if activateTSAN:
+                configurations.append(
+                    {
+                        "config_name": config_name + "-tsan-ubsan",
+                        "cmake_args": cmake_args,
+                        "cmake_target": cmake_target,
+                        "build_only": build_only,
+                        "build_type": build_type,
+                        "os": os,
+                        "architecture": architecture,
+                        "sanitizers": "thread,undefinedbehavior",
+                    }
+                )
+        else:
+            configurations.append(
+                {
+                    "config_name": config_name,
+                    "cmake_args": cmake_args,
+                    "cmake_target": cmake_target,
+                    "build_only": build_only,
+                    "build_type": build_type,
+                    "os": os,
+                    "architecture": architecture,
+                    "sanitizers": "",
+                }
+            )
 
     return configurations
 

.github/workflows/reusable-build-test-config.yml

@@ -51,6 +51,12 @@ on:
         type: number
         default: 2
 
+      sanitizers:
+        description: "The sanitizers to enable."
+        required: false
+        type: string
+        default: ""
+
     secrets:
       CODECOV_TOKEN:
         description: "The Codecov token to use for uploading coverage reports."
@@ -91,6 +97,7 @@ jobs:
       # Determine if coverage and voidstar should be enabled.
       COVERAGE_ENABLED: ${{ contains(inputs.cmake_args, '-Dcoverage=ON') }}
       VOIDSTAR_ENABLED: ${{ contains(inputs.cmake_args, '-Dvoidstar=ON') }}
+      SANITIZERS_ENABLED: ${{ inputs.sanitizers != '' }}
     steps:
       - name: Cleanup workspace (macOS and Windows)
         if: ${{ runner.os == 'macOS' || runner.os == 'Windows' }}
@@ -128,11 +135,13 @@ jobs:
           # Set the verbosity to "quiet" for Windows to avoid an excessive
           # amount of logs. For other OSes, the "verbose" logs are more useful.
           log_verbosity: ${{ runner.os == 'Windows' && 'quiet' || 'verbose' }}
+          sanitizers: ${{ inputs.sanitizers }}
 
       - name: Configure CMake
         working-directory: ${{ env.BUILD_DIR }}
         env:
           BUILD_TYPE: ${{ inputs.build_type }}
+          SANITIZERS: ${{ inputs.sanitizers }}
           CMAKE_ARGS: ${{ inputs.cmake_args }}
         run: |
           cmake \
@@ -174,7 +183,7 @@ jobs:
           if-no-files-found: error
 
       - name: Check linking (Linux)
-        if: ${{ runner.os == 'Linux' }}
+        if: ${{ runner.os == 'Linux' && env.SANITIZERS_ENABLED == 'false' }}
         working-directory: ${{ env.BUILD_DIR }}
         run: |
           ldd ./xrpld
@@ -191,6 +200,14 @@ jobs:
         run: |
           ./xrpld --version | grep libvoidstar
 
+      - name: Set sanitizer options
+        if: ${{ !inputs.build_only && env.SANITIZERS_ENABLED == 'true' }}
+        run: |
+          echo "ASAN_OPTIONS=detect_container_overflow=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/asan.supp" >> ${GITHUB_ENV}
+          echo "TSAN_OPTIONS=second_deadlock_stack=1:halt_on_error=0:suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/tsan.supp" >> ${GITHUB_ENV}
+          echo "UBSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/ubsan.supp" >> ${GITHUB_ENV}
+          echo "LSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/sanitizers/suppressions/lsan.supp" >> ${GITHUB_ENV}
+
       - name: Run the separate tests
         if: ${{ !inputs.build_only }}
         working-directory: ${{ env.BUILD_DIR }}
@@ -209,6 +226,7 @@ jobs:
         working-directory: ${{ runner.os == 'Windows' && format('{0}/{1}', env.BUILD_DIR, inputs.build_type) || env.BUILD_DIR }}
         env:
           BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
+          PREFIX: ${{ (runner.arch == 'X64' && env.ENABLED_SANITIZERS == 'true') && 'setarch x86_64 -R' || '' }}
         run: |
           ./xrpld --unittest --unittest-jobs "${BUILD_NPROC}"
 

.github/workflows/reusable-build-test.yml

@@ -57,5 +57,6 @@ jobs:
       runs_on: ${{ toJSON(matrix.architecture.runner) }}
       image: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-{4}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version, matrix.os.image_sha) || '' }}
       config_name: ${{ matrix.config_name }}
+      sanitizers: ${{ matrix.sanitizers }}
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

BUILD.md

@@ -1,5 +1,5 @@
-| :warning: **WARNING** :warning:
-|---|
+| :warning: **WARNING** :warning:                                                                                                                                                                                                |
+| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | These instructions assume you have a C++ development environment ready with Git, Python, Conan, CMake, and a C++ compiler. For help setting one up on Linux, macOS, or Windows, [see this guide](./docs/build/environment.md). |
 
 > These instructions also assume a basic familiarity with Conan and CMake.
@@ -518,18 +518,32 @@ stored inside the build directory, as either of:
 - file named `coverage.`_extension_, with a suitable extension for the report format, or
 - directory named `coverage`, with the `index.html` and other files inside, for the `html-details` or `html-nested` report formats.
 
+## Sanitizers
+
+To build dependencies and xprld with sanitizer instrumentation, set the
+`SANITIZERS` environment variable(only once before running conan and cmake) and use the `sanitizers` profile in conan:
+
+```bash
+export SANITIZERS=address,undefinedbehavior
+
+conan install .. --output-folder . --profile:all sanitizers --build missing --settings build_type=Debug
+
+cmake -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake -DCMAKE_BUILD_TYPE=Debug -Dxrpld=ON -Dtests=ON ..
+```
+
+See [Sanitizers docs](./docs/build/sanitizers.md) for more details.
+
 ## Options
 
-| Option     | Default Value | Description                                                        |
-| ---------- | ------------- | ------------------------------------------------------------------ |
-| `assert`   | OFF           | Enable assertions.                                                 |
-| `coverage` | OFF           | Prepare the coverage report.                                       |
-| `san`      | N/A           | Enable a sanitizer with Clang. Choices are `thread` and `address`. |
-| `tests`    | OFF           | Build tests.                                                       |
-| `unity`    | OFF           | Configure a unity build.                                           |
-| `xrpld`    | OFF           | Build the xrpld application, and not just the libxrpl library.     |
-| `werr`     | OFF           | Treat compilation warnings as errors                               |
-| `wextra`   | OFF           | Enable additional compilation warnings                             |
+| Option     | Default Value | Description                                                    |
+| ---------- | ------------- | -------------------------------------------------------------- |
+| `assert`   | OFF           | Enable assertions.                                             |
+| `coverage` | OFF           | Prepare the coverage report.                                   |
+| `tests`    | OFF           | Build tests.                                                   |
+| `unity`    | OFF           | Configure a unity build.                                       |
+| `xrpld`    | OFF           | Build the xrpld application, and not just the libxrpl library. |
+| `werr`     | OFF           | Treat compilation warnings as errors                           |
+| `wextra`   | OFF           | Enable additional compilation warnings                         |
 
 [Unity builds][5] may be faster for the first build
 (at the cost of much more memory) since they concatenate sources into fewer

CMakeLists.txt

@@ -16,14 +16,16 @@ set(CMAKE_CXX_EXTENSIONS OFF)
 set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
 
-if(CMAKE_CXX_COMPILER_ID MATCHES "GNU")
+include(CompilationEnv)
+
+if(is_gcc)
     # GCC-specific fixes
     add_compile_options(-Wno-unknown-pragmas -Wno-subobject-linkage)
     # -Wno-subobject-linkage can be removed when we upgrade GCC version to at least 13.3
-elseif(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+elseif(is_clang)
     # Clang-specific fixes
     add_compile_options(-Wno-unknown-warning-option) # Ignore unknown warning options
-elseif(MSVC)
+elseif(is_msvc)
     # MSVC-specific fixes
     add_compile_options(/wd4068) # Ignore unknown pragmas
 endif()
@@ -77,6 +79,7 @@ if (packages_only)
   return ()
 endif ()
 include(XrplCompiler)
+include(XrplSanitizers)
 include(XrplInterface)
 
 option(only_docs "Include only the docs target?" FALSE)

cmake/CompilationEnv.cmake

@@ -0,0 +1,75 @@
+ # Shared detection of compiler, operating system, and architecture.
+ #
+ # This module centralizes environment detection so that other
+ # CMake modules can use the same variables instead of repeating
+ # checks on CMAKE_* and built-in platform variables.
+
+# Only run once per configure step.
+include_guard(GLOBAL)
+
+# --------------------------------------------------------------------
+# Compiler detection (C++)
+# --------------------------------------------------------------------
+set(is_clang FALSE)
+set(is_gcc FALSE)
+set(is_msvc FALSE)
+
+if(CMAKE_CXX_COMPILER_ID MATCHES ".*Clang") # Clang or AppleClang
+  set(is_clang TRUE)
+elseif(CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
+  set(is_gcc TRUE)
+elseif(MSVC)
+  set(is_msvc TRUE)
+else()
+  message(FATAL_ERROR "Unsupported C++ compiler: ${CMAKE_CXX_COMPILER_ID}")
+endif()
+
+# Backwards-compat aliases used in some modules
+set(IS_CLANG ${is_clang})
+set(IS_GCC   ${is_gcc})
+
+# --------------------------------------------------------------------
+# Operating system detection
+# --------------------------------------------------------------------
+set(is_linux FALSE)
+set(is_windows FALSE)
+set(is_macos FALSE)
+
+if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+  set(is_linux TRUE)
+elseif(CMAKE_SYSTEM_NAME STREQUAL "Windows")
+  set(is_windows TRUE)
+elseif(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+  set(is_macos TRUE)
+endif()
+
+# --------------------------------------------------------------------
+# Architecture / pointer size
+# --------------------------------------------------------------------
+set(is_64bit FALSE)
+if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+  set(is_64bit TRUE)
+else()
+  message(FATAL_ERROR "This project should only be built on 64bit architectures.")
+endif()
+set(pointer_size "${CMAKE_SIZEOF_VOID_P}")
+
+set(is_amd64 FALSE)
+set(is_arm64 FALSE)
+if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|AMD64")
+  set(is_amd64 TRUE)
+elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64")
+  set(is_arm64 TRUE)
+else()
+  message(FATAL_ERROR "Unknown architecture: ${CMAKE_SYSTEM_PROCESSOR}")
+endif()
+
+# Keep legacy uppercase alias for existing code
+set(IS_AMD64 ${is_amd64})
+
+# Sanitizer configuration read from environment. We then set appropriate flags in XrplSanitizers.cmake
+if($ENV{SANITIZERS} AND $ENV{SANITIZERS} MATCHES "address|thread|undefinedbehavior")
+  set(SANITIZERS_ENABLED TRUE)
+else()
+  set(SANITIZERS_ENABLED FALSE)
+endif()

cmake/XrplCompiler.cmake

@@ -2,6 +2,8 @@
    setup project-wide compiler settings
 #]===================================================================]
 
+include(CompilationEnv)
+
 #[=========================================================[
    TODO some/most of these common settings belong in a
    toolchain file, especially the ABI-impacting ones
@@ -10,8 +12,12 @@ add_library (common INTERFACE)
 add_library (Xrpl::common ALIAS common)
 # add a single global dependency on this interface lib
 link_libraries (Xrpl::common)
+# Respect CMAKE_POSITION_INDEPENDENT_CODE setting (may be set by Conan toolchain)
+if(NOT DEFINED CMAKE_POSITION_INDEPENDENT_CODE)
+  set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+endif()
 set_target_properties (common
-  PROPERTIES INTERFACE_POSITION_INDEPENDENT_CODE ON)
+  PROPERTIES INTERFACE_POSITION_INDEPENDENT_CODE ${CMAKE_POSITION_INDEPENDENT_CODE})
 set(CMAKE_CXX_EXTENSIONS OFF)
 target_compile_definitions (common
   INTERFACE
@@ -115,8 +121,8 @@ else ()
       # link to static libc/c++ iff:
       #   * static option set and
       #   * NOT APPLE (AppleClang does not support static libc/c++) and
-      #   * NOT san (sanitizers typically don't work with static libc/c++)
-      $<$<AND:$<BOOL:${static}>,$<NOT:$<BOOL:${APPLE}>>,$<NOT:$<BOOL:${san}>>>:
+      #   * NOT SANITIZERS (sanitizers typically don't work with static libc/c++)
+      $<$<AND:$<BOOL:${static}>,$<NOT:$<BOOL:${APPLE}>>,$<NOT:$<BOOL:${SANITIZERS_ENABLED}>>>:
       -static-libstdc++
       -static-libgcc
       >)

cmake/XrplInterface.cmake

@@ -2,6 +2,8 @@
    xrpld compile options/settings via an interface library
 #]===================================================================]
 
+include(CompilationEnv)
+
 add_library (opts INTERFACE)
 add_library (Xrpl::opts ALIAS opts)
 target_compile_definitions (opts
@@ -42,22 +44,6 @@ if(jemalloc)
   target_link_libraries(opts INTERFACE jemalloc::jemalloc)
 endif ()
 
-if (san)
-  target_compile_options (opts
-    INTERFACE
-      # sanitizers recommend minimum of -O1 for reasonable performance
-      $<$<CONFIG:Debug>:-O1>
-      ${SAN_FLAG}
-      -fno-omit-frame-pointer)
-  target_compile_definitions (opts
-    INTERFACE
-      $<$<STREQUAL:${san},address>:SANITIZER=ASAN>
-      $<$<STREQUAL:${san},thread>:SANITIZER=TSAN>
-      $<$<STREQUAL:${san},memory>:SANITIZER=MSAN>
-      $<$<STREQUAL:${san},undefined>:SANITIZER=UBSAN>)
-  target_link_libraries (opts INTERFACE ${SAN_FLAG} ${SAN_LIB})
-endif ()
-
 #[===================================================================[
    xrpld transitive library deps via an interface library
 #]===================================================================]

cmake/XrplSanitizers.cmake

@@ -0,0 +1,156 @@
+#[===================================================================[
+   Configure sanitizers based on environment variables.
+
+   This module reads the following environment variables:
+   - SANITIZERS: The sanitizers to enable. Possible values:
+     - "address"
+     - "address,undefinedbehavior"
+     - "thread"
+     - "thread,undefinedbehavior"
+     - "undefinedbehavior"
+
+	   The compiler type and platform are detected in CompilationEnv.cmake.
+   The sanitizer compile options are applied to the 'common' interface library
+   which is linked to all targets in the project.
+#]===================================================================]
+
+include(CompilationEnv)
+
+# Read environment variable
+set(SANITIZERS $ENV{SANITIZERS})
+
+if(NOT SANITIZERS)
+  return()
+endif()
+
+message(STATUS "Configuring sanitizers: ${SANITIZERS}")
+
+# Parse SANITIZERS value to determine which sanitizers to enable
+set(enable_asan FALSE)
+set(enable_tsan FALSE)
+set(enable_ubsan FALSE)
+
+# Normalize SANITIZERS into a list
+set(san_list "${SANITIZERS}")
+string(REPLACE "," ";" san_list "${san_list}")
+separate_arguments(san_list)
+
+foreach(san IN LISTS san_list)
+    if(san STREQUAL "address")
+        set(enable_asan TRUE)
+    elseif(san STREQUAL "thread")
+        set(enable_tsan TRUE)
+    elseif(san STREQUAL "undefinedbehavior")
+        set(enable_ubsan TRUE)
+    else()
+        message(FATAL_ERROR "Unsupported sanitizer type: ${san}"
+              "Supported: address, thread, undefinedbehavior and their combinations.")
+    endif()
+endforeach()
+
+# Frame pointer is required for meaningful stack traces. Sanitizers recommend minimum of -O1 for reasonable performance
+set(SANITIZERS_COMPILE_FLAGS "-fno-omit-frame-pointer" "-O1")
+
+# Build the sanitizer flags list
+set(SANITIZERS_FLAGS)
+
+if(enable_asan)
+    list(APPEND SANITIZERS_FLAGS "address")
+elseif(enable_tsan)
+    list(APPEND SANITIZERS_FLAGS "thread")
+endif()
+
+if(enable_ubsan)
+    # UB sanitizer flags
+    if(is_clang)
+        # Clang supports additional UB checks. More info here https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
+        list(APPEND SANITIZERS_FLAGS "undefined" "float-divide-by-zero" "unsigned-integer-overflow")
+    else()
+        list(APPEND SANITIZERS_FLAGS "undefined" "float-divide-by-zero")
+    endif()
+endif()
+
+# Configure code model for GCC on amd64
+# Use large code model for ASAN to avoid relocation errors
+# Use medium code model for TSAN (large is not compatible with TSAN)
+set(SANITIZERS_RELOCATION_FLAGS)
+
+# Compiler-specific configuration
+if(is_gcc)
+    # Disable mold, gold and lld linkers for GCC with sanitizers
+    # Use default linker (bfd/ld) which is more lenient with mixed code models
+    set(use_mold OFF CACHE BOOL "Use mold linker" FORCE)
+    set(use_gold OFF CACHE BOOL "Use gold linker" FORCE)
+    set(use_lld OFF CACHE BOOL "Use lld linker" FORCE)
+    message(STATUS "  Disabled mold, gold, and lld linkers for GCC with sanitizers")
+
+    # Suppress false positive warnings in GCC with stringop-overflow
+    list(APPEND SANITIZERS_COMPILE_FLAGS "-Wno-stringop-overflow")
+
+    if(is_amd64 AND enable_asan)
+        message(STATUS "  Using large code model (-mcmodel=large)")
+        list(APPEND SANITIZERS_COMPILE_FLAGS "-mcmodel=large")
+        list(APPEND SANITIZERS_RELOCATION_FLAGS "-mcmodel=large")
+    elseif(enable_tsan)
+        # GCC doesn't support atomic_thread_fence with tsan. Suppress warnings.
+        list(APPEND SANITIZERS_COMPILE_FLAGS "-Wno-tsan")
+        message(STATUS "  Using medium code model (-mcmodel=medium)")
+        list(APPEND SANITIZERS_COMPILE_FLAGS "-mcmodel=medium")
+        list(APPEND SANITIZERS_RELOCATION_FLAGS "-mcmodel=medium")
+    endif()
+
+    # Join sanitizer flags with commas for -fsanitize option
+    list(JOIN SANITIZERS_FLAGS "," SANITIZERS_FLAGS_STR)
+
+    # Add sanitizer to compile and link flags
+    list(APPEND SANITIZERS_COMPILE_FLAGS "-fsanitize=${SANITIZERS_FLAGS_STR}")
+	    set(SANITIZERS_LINK_FLAGS "${SANITIZERS_RELOCATION_FLAGS}" "-fsanitize=${SANITIZERS_FLAGS_STR}")
+
+elseif(is_clang)
+    # Add ignorelist for Clang (GCC doesn't support this)
+    # Use CMAKE_SOURCE_DIR to get the path to the ignorelist
+    set(IGNORELIST_PATH "${CMAKE_SOURCE_DIR}/sanitizers/suppressions/sanitizer-ignorelist.txt")
+    if(NOT EXISTS "${IGNORELIST_PATH}")
+        message(FATAL_ERROR "Sanitizer ignorelist not found: ${IGNORELIST_PATH}")
+    endif()
+
+    list(APPEND SANITIZERS_COMPILE_FLAGS "-fsanitize-ignorelist=${IGNORELIST_PATH}")
+    message(STATUS "  Using sanitizer ignorelist: ${IGNORELIST_PATH}")
+
+    # Join sanitizer flags with commas for -fsanitize option
+    list(JOIN SANITIZERS_FLAGS "," SANITIZERS_FLAGS_STR)
+
+    # Add sanitizer to compile and link flags
+    list(APPEND SANITIZERS_COMPILE_FLAGS "-fsanitize=${SANITIZERS_FLAGS_STR}")
+    set(SANITIZERS_LINK_FLAGS "-fsanitize=${SANITIZERS_FLAGS_STR}")
+endif()
+
+message(STATUS "  Compile flags: ${SANITIZERS_COMPILE_FLAGS}")
+message(STATUS "  Link flags: ${SANITIZERS_LINK_FLAGS}")
+
+# Apply the sanitizer flags to the 'common' interface library
+# This is the same library used by XrplCompiler.cmake
+target_compile_options(common INTERFACE
+    $<$<COMPILE_LANGUAGE:CXX>:${SANITIZERS_COMPILE_FLAGS}>
+    $<$<COMPILE_LANGUAGE:C>:${SANITIZERS_COMPILE_FLAGS}>
+)
+
+# Apply linker flags
+target_link_options(common INTERFACE ${SANITIZERS_LINK_FLAGS})
+
+# Define SANITIZERS macro for BuildInfo.cpp
+set(sanitizers_list)
+if(enable_asan)
+    list(APPEND sanitizers_list "ASAN")
+endif()
+if(enable_tsan)
+    list(APPEND sanitizers_list "TSAN")
+endif()
+if(enable_ubsan)
+    list(APPEND sanitizers_list "UBSAN")
+endif()
+
+if(sanitizers_list)
+    list(JOIN sanitizers_list "." sanitizers_str)
+    target_compile_definitions(common INTERFACE SANITIZERS=${sanitizers_str})
+endif()

cmake/XrplSanity.cmake

@@ -2,6 +2,8 @@
    sanity checks
 #]===================================================================]
 
+include(CompilationEnv)
+
 get_property(is_multiconfig GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
 
 set (CMAKE_CONFIGURATION_TYPES "Debug;Release" CACHE STRING "" FORCE)
@@ -16,14 +18,12 @@ if (NOT is_multiconfig)
   endif ()
 endif ()
 
-if ("${CMAKE_CXX_COMPILER_ID}" MATCHES ".*Clang") # both Clang and AppleClang
-  set (is_clang TRUE)
+if (is_clang) # both Clang and AppleClang
   if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang" AND
          CMAKE_CXX_COMPILER_VERSION VERSION_LESS 16.0)
     message (FATAL_ERROR "This project requires clang 16 or later")
   endif ()
-elseif ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
-  set (is_gcc TRUE)
+elseif (is_gcc)
   if (CMAKE_CXX_COMPILER_VERSION VERSION_LESS 12.0)
     message (FATAL_ERROR "This project requires GCC 12 or later")
   endif ()
@@ -40,7 +40,7 @@ if (MSVC AND CMAKE_GENERATOR_PLATFORM STREQUAL "Win32")
   message (FATAL_ERROR "Visual Studio 32-bit build is not supported.")
 endif ()
 
-if (NOT CMAKE_SIZEOF_VOID_P EQUAL 8)
+if (NOT is_64bit)
   message (FATAL_ERROR "Xrpld requires a 64 bit target architecture.\n"
     "The most likely cause of this warning is trying to build xrpld with a 32-bit OS.")
 endif ()

cmake/XrplSettings.cmake

@@ -2,11 +2,7 @@
    declare options and variables
 #]===================================================================]
 
-if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
-  set (is_linux TRUE)
-else()
-  set(is_linux FALSE)
-endif()
+include(CompilationEnv)
 
 if("$ENV{CI}" STREQUAL "true" OR "$ENV{CONTINUOUS_INTEGRATION}" STREQUAL "true")
   set(is_ci TRUE)
@@ -62,7 +58,7 @@ else()
   set(wextra OFF CACHE BOOL "gcc/clang only" FORCE)
 endif()
 
-if(is_linux)
+if(is_linux AND NOT SANITIZER)
   option(BUILD_SHARED_LIBS "build shared xrpl libraries" OFF)
   option(static "link protobuf, openssl, libc++, and boost statically" ON)
   option(perf "Enables flags that assist with perf recording" OFF)
@@ -92,33 +88,6 @@ option(local_protobuf
 option(local_grpc
   "Force a local build of gRPC instead of looking for an installed version." OFF)
 
-# this one is a string and therefore can't be an option
-set(san "" CACHE STRING "On gcc & clang, add sanitizer instrumentation")
-set_property(CACHE san PROPERTY STRINGS ";undefined;memory;address;thread")
-if(san)
-  string(TOLOWER ${san} san)
-  set(SAN_FLAG "-fsanitize=${san}")
-  set(SAN_LIB "")
-  if(is_gcc)
-    if(san STREQUAL "address")
-      set(SAN_LIB "asan")
-    elseif(san STREQUAL "thread")
-      set(SAN_LIB "tsan")
-    elseif(san STREQUAL "memory")
-      set(SAN_LIB "msan")
-    elseif(san STREQUAL "undefined")
-      set(SAN_LIB "ubsan")
-    endif()
-  endif()
-  set(_saved_CRL ${CMAKE_REQUIRED_LIBRARIES})
-  set(CMAKE_REQUIRED_LIBRARIES "${SAN_FLAG};${SAN_LIB}")
-  check_cxx_compiler_flag(${SAN_FLAG} COMPILER_SUPPORTS_SAN)
-  set(CMAKE_REQUIRED_LIBRARIES ${_saved_CRL})
-  if(NOT COMPILER_SUPPORTS_SAN)
-    message(FATAL_ERROR "${san} sanitizer does not seem to be supported by your compiler")
-  endif()
-endif()
-
 # the remaining options are obscure and rarely used
 option(beast_no_unit_test_inline
   "Prevents unit test definitions from being inserted into global table"

cmake/deps/Boost.cmake

@@ -1,3 +1,5 @@
+include(CompilationEnv)
+
 find_package(Boost 1.82 REQUIRED
   COMPONENTS
     chrono
@@ -32,7 +34,7 @@ target_link_libraries(xrpl_boost
 if(Boost_COMPILER)
   target_link_libraries(xrpl_boost INTERFACE Boost::disable_autolinking)
 endif()
-if(san AND is_clang)
+if(SANITIZERS_ENABLED AND is_clang)
   # TODO: gcc does not support -fsanitize-blacklist...can we do something else
   # for gcc ?
   if(NOT Boost_INCLUDE_DIRS AND TARGET Boost::headers)

conan.lock

@@ -24,7 +24,7 @@
         "c-ares/1.34.5#5581c2b62a608b40bb85d965ab3ec7c8%1764175359.429",
         "bzip2/1.0.8#c470882369c2d95c5c77e970c0c7e321%1764175359.429",
         "boost/1.88.0#8852c0b72ce8271fb8ff7c53456d4983%1756223752.326",
-        "abseil/20250127.0#9e8e8cfc89a1324139fc0ee3bd4d8c8c%1753819045.301"
+        "abseil/20250127.0#a0d8dd431284426b64c9f9a384d53dfc%1765817471.75"
     ],
     "build_requires": [
         "zlib/1.3.1#b8bc2603263cf7eccbd6e17e66b0ed76%1756234269.497",
@@ -38,7 +38,7 @@
         "b2/5.3.3#107c15377719889654eb9a162a673975%1756234226.28",
         "automake/1.16.5#b91b7c384c3deaa9d535be02da14d04f%1755524470.56",
         "autoconf/2.71#51077f068e61700d65bb05541ea1e4b0%1731054366.86",
-        "abseil/20250127.0#9e8e8cfc89a1324139fc0ee3bd4d8c8c%1753819045.301"
+        "abseil/20250127.0#a0d8dd431284426b64c9f9a384d53dfc%1765817471.75"
     ],
     "python_requires": [],
     "overrides": {

conan/profiles/ci

@@ -0,0 +1 @@
+ include(sanitizers)

conan/profiles/sanitizers

@@ -0,0 +1,59 @@
+include(default)
+{% set compiler, version, compiler_exe = detect_api.detect_default_compiler() %}
+{% set sanitizers = os.getenv("SANITIZERS") %}
+
+[conf]
+{% if sanitizers %}
+    {% if compiler == "gcc" %}
+        {% if "address" in sanitizers or "thread" in sanitizers or "undefinedbehavior" in sanitizers %}
+            {% set sanitizer_list = [] %}
+            {% set model_code = "" %}
+            {% set extra_cxxflags = ["-fno-omit-frame-pointer", "-O1", "-Wno-stringop-overflow"] %}
+
+            {% if "address" in sanitizers %}
+                {% set _ = sanitizer_list.append("address") %}
+                {% set model_code = "-mcmodel=large" %}
+            {% elif "thread" in sanitizers %}
+                {% set _ = sanitizer_list.append("thread") %}
+                {% set model_code = "-mcmodel=medium" %}
+                {% set _ = extra_cxxflags.append("-Wno-tsan") %}
+            {% endif %}
+
+            {% if "undefinedbehavior" in sanitizers %}
+                {% set _ = sanitizer_list.append("undefined") %}
+                {% set _ = sanitizer_list.append("float-divide-by-zero") %}
+            {% endif %}
+
+            {% set sanitizer_flags = "-fsanitize=" ~ ",".join(sanitizer_list) ~ " " ~ model_code %}
+
+            tools.build:cxxflags+=['{{sanitizer_flags}} {{" ".join(extra_cxxflags)}}']
+            tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
+            tools.build:exelinkflags+=['{{sanitizer_flags}}']
+        {% endif %}
+    {% elif compiler == "apple-clang" or compiler == "clang" %}
+        {% if "address" in sanitizers or "thread" in sanitizers or "undefinedbehavior" in sanitizers %}
+            {% set sanitizer_list = [] %}
+            {% set extra_cxxflags = ["-fno-omit-frame-pointer", "-O1"] %}
+
+            {% if "address" in sanitizers %}
+                {% set _ = sanitizer_list.append("address") %}
+            {% elif "thread" in sanitizers %}
+                {% set _ = sanitizer_list.append("thread") %}
+            {% endif %}
+
+            {% if "undefinedbehavior" in sanitizers %}
+                {% set _ = sanitizer_list.append("undefined") %}
+                {% set _ = sanitizer_list.append("float-divide-by-zero") %}
+                {% set _ = sanitizer_list.append("unsigned-integer-overflow") %}
+            {% endif %}
+
+            {% set sanitizer_flags = "-fsanitize=" ~ ",".join(sanitizer_list) %}
+
+            tools.build:cxxflags+=['{{sanitizer_flags}} {{" ".join(extra_cxxflags)}}']
+            tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
+            tools.build:exelinkflags+=['{{sanitizer_flags}}']
+        {% endif %}
+    {% endif %}
+{% endif %}
+
+tools.info.package_id:confs+=["tools.build:cxxflags", "tools.build:exelinkflags", "tools.build:sharedlinkflags"]

conanfile.py

@@ -1,4 +1,5 @@
 import re
+import os
 
 from conan.tools.cmake import CMake, CMakeToolchain, cmake_layout
 
@@ -120,6 +121,12 @@ class Xrpl(ConanFile):
         if self.settings.compiler in ["clang", "gcc"]:
             self.options["boost"].without_cobalt = True
 
+        # Check if environment variable exists
+        if "SANITIZERS" in os.environ:
+            sanitizers = os.environ["SANITIZERS"]
+            if "Address" in sanitizers:
+                self.default_options["fPIC"] = False
+
     def requirements(self):
         # Conan 2 requires transitive headers to be specified
         transitive_headers_opt = (

docs/build/sanitizers.md

@@ -0,0 +1,206 @@
+# Sanitizer Configuration for Rippled
+
+This document explains how to properly configure and run sanitizers (AddressSanitizer, undefinedbehaviorSanitizer, ThreadSanitizer) with the xrpld project.
+Corresponding suppression files are located in the `sanitizers/suppressions` directory.
+
+- [Sanitizer Configuration for Rippled](#sanitizer-configuration-for-rippled)
+  - [Building with Sanitizers](#building-with-sanitizers)
+    - [Summary](#summary)
+    - [Build steps:](#build-steps)
+      - [Install dependencies](#install-dependencies)
+      - [Call CMake](#call-cmake)
+      - [Build](#build)
+  - [Running Tests with Sanitizers](#running-tests-with-sanitizers)
+    - [AddressSanitizer (ASAN)](#addresssanitizer-asan)
+    - [ThreadSanitizer (TSan)](#threadsanitizer-tsan)
+    - [LeakSanitizer (LSan)](#leaksanitizer-lsan)
+    - [undefinedbehaviorSanitizer (UBSan)](#undefinedbehaviorsanitizer-ubsan)
+  - [Suppression Files](#suppression-files)
+    - [`asan.supp`](#asansupp)
+    - [`lsan.supp`](#lsansupp)
+    - [`ubsan.supp`](#ubsansupp)
+    - [`tsan.supp`](#tsansupp)
+    - [`sanitizer-ignorelist.txt`](#sanitizer-ignorelisttxt)
+  - [Troubleshooting](#troubleshooting)
+    - ["ASAN is ignoring requested \_\_asan_handle_no_return" warnings](#asan-is-ignoring-requested-__asan_handle_no_return-warnings)
+    - [Sanitizer Mismatch Errors](#sanitizer-mismatch-errors)
+  - [References](#references)
+
+## Building with Sanitizers
+
+### Summary
+
+Follow the same instructions as mentioned in [BUILD.md](../../BUILD.md) but with the following changes:
+
+1. Make sure you have a clean build directory.
+2. Set the `SANITIZERS` environment variable before calling conan install and cmake. Only set it once. Make sure both conan and cmake read the same values.
+   Example: `export SANITIZERS=address,undefinedbehavior`
+3. Optionally use `--profile:all sanitizers` with Conan to build dependencies with sanitizer instrumentation. [!NOTE]Building with sanitizer-instrumented dependencies is slower but produces fewer false positives.
+4. Set `ASAN_OPTIONS`, `LSAN_OPTIONS`, `UBSAN_OPTIONS` and `TSAN_OPTIONS` environment variables to configure sanitizer behavior when running executables. [More details below](#running-tests-with-sanitizers).
+
+---
+
+### Build steps:
+
+```bash
+cd /path/to/rippled
+rm -rf .build
+mkdir .build
+cd .build
+```
+
+#### Install dependencies
+
+The `SANITIZERS` environment variable is used by both Conan and CMake.
+
+```bash
+export SANITIZERS=address,undefinedbehavior
+# Standard build (without instrumenting dependencies)
+conan install .. --output-folder . --build missing --settings build_type=Debug
+
+# Or with sanitizer-instrumented dependencies (takes longer but fewer false positives)
+conan install .. --output-folder . --profile:all sanitizers --build missing --settings build_type=Debug
+```
+
+[!CAUTION]
+Do not mix Address and Thread sanitizers - they are incompatible.
+
+Since you already set the `SANITIZERS` environment variable when running Conan, same values will be read for the next part.
+
+#### Call CMake
+
+```bash
+cmake .. -G Ninja \
+    -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
+    -DCMAKE_BUILD_TYPE=Debug \
+    -Dtests=ON -Dxrpld=ON
+```
+
+#### Build
+
+```bash
+cmake --build . --parallel 4
+```
+
+## Running Tests with Sanitizers
+
+### AddressSanitizer (ASAN)
+
+**IMPORTANT**: ASAN with Boost produces many false positives. Use these options:
+
+```bash
+export ASAN_OPTIONS="detect_container_overflow=0:suppressions=path/to/asan.supp:halt_on_error=0:log_path=asan.log"
+export LSAN_OPTIONS="suppressions=path/to/lsan.supp:halt_on_error=0:log_path=lsan.log"
+
+# Run tests
+./xrpld --unittest --unittest-jobs=5
+```
+
+**Why `detect_container_overflow=0`?**
+
+- Boost intrusive containers (used in `aged_unordered_container`) trigger false positives
+- Boost context switching (used in `Workers.cpp`) confuses ASAN's stack tracking
+- Since we usually don't build Boost(because we don't want to instrument Boost and detect issues in Boost code) with ASAN but use Boost containers in ASAN instrumented rippled code, it generates false positives. Building dependencies with ASAN instrumentation reduces false positives.
+- See: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow
+- More such flags are detailed [here](https://github.com/google/sanitizers/wiki/AddressSanitizerFlags)
+
+### ThreadSanitizer (TSan)
+
+```bash
+export TSAN_OPTIONS="suppressions=path/to/tsan.supp halt_on_error=0 log_path=tsan.log"
+
+# Run tests
+./xrpld --unittest --unittest-jobs=5
+```
+
+More details [here](https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual).
+
+### LeakSanitizer (LSan)
+
+LSan is automatically enabled with ASAN. To disable it:
+
+```bash
+export ASAN_OPTIONS="detect_leaks=0"
+```
+
+More details [here](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer).
+
+### undefinedbehaviorSanitizer (UBSan)
+
+```bash
+export UBSAN_OPTIONS="suppressions=path/to/ubsan.supp:print_stacktrace=1:halt_on_error=0:log_path=ubsan.log"
+
+# Run tests
+./xrpld --unittest --unittest-jobs=5
+```
+
+More details [here](https://clang.llvm.org/docs/undefinedbehaviorSanitizer.html).
+
+## Suppression Files
+
+[!NOTE] Attached files contain more details.
+
+### [`asan.supp`](../../sanitizers/suppressions/asan.supp)
+
+- **Purpose**: Suppress AddressSanitizer (ASAN) errors only
+- **Format**: `interceptor_name:<pattern>` where pattern matches file names. Supported suppression types are:
+  - interceptor_name
+  - interceptor_via_fun
+  - interceptor_via_lib
+  - odr_violation
+- **More info**: [AddressSanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer)
+- **Note**: Cannot suppress stack-buffer-overflow, container-overflow, etc.
+
+### [`lsan.supp`](../../sanitizers/suppressions/lsan.supp)
+
+- **Purpose**: Suppress LeakSanitizer (LSan) errors only
+- **Format**: `leak:<pattern>` where pattern matches function/file names
+- **More info**: [LeakSanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer)
+
+### [`ubsan.supp`](../../sanitizers/suppressions/ubsan.supp)
+
+- **Purpose**: Suppress undefinedbehaviorSanitizer errors
+- **Format**: `<error_type>:<pattern>` (e.g., `unsigned-integer-overflow:protobuf`)
+- **Covers**: Intentional overflows in sanitizers/suppressions libraries (protobuf, gRPC, stdlib)
+- More info [UBSan suppressions](https://clang.llvm.org/docs/SanitizerSpecialCaseList.html).
+
+### [`tsan.supp`](../../sanitizers/suppressions/tsan.supp)
+
+- **Purpose**: Suppress ThreadSanitizer data race warnings
+- **Format**: `race:<pattern>` where pattern matches function/file names
+- **More info**: [ThreadSanitizer suppressions](https://github.com/google/sanitizers/wiki/ThreadSanitizerSuppressions)
+
+### [`sanitizer-ignorelist.txt`](../../sanitizers/suppressions/sanitizer-ignorelist.txt)
+
+- **Purpose**: Compile-time ignorelist for all sanitizers
+- **Usage**: Passed via `-fsanitize-ignorelist=absolute/path/to/sanitizer-ignorelist.txt`
+- **Format**: `<level>:<pattern>` (e.g., `src:Workers.cpp`)
+
+## Troubleshooting
+
+### "ASAN is ignoring requested \_\_asan_handle_no_return" warnings
+
+These warnings appear when using Boost context switching and are harmless. They indicate potential false positives.
+
+### Sanitizer Mismatch Errors
+
+If you see undefined symbols like `___tsan_atomic_load` when building with ASAN:
+
+**Problem**: Dependencies were built with a different sanitizer than the main project.
+
+**Solution**: Rebuild everything with the same sanitizer:
+
+```bash
+rm -rf .build
+# Then follow the build instructions above
+```
+
+Then review the log files: `asan.log.*`, `ubsan.log.*`, `tsan.log.*`
+
+## References
+
+- [AddressSanitizer Wiki](https://github.com/google/sanitizers/wiki/AddressSanitizer)
+- [AddressSanitizer Flags](https://github.com/google/sanitizers/wiki/AddressSanitizerFlags)
+- [Container Overflow Detection](https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow)
+- [UndefinedBehavior Sanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html)
+- [ThreadSanitizer](https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual)

include/xrpl/basics/DecayingSample.h

@@ -69,8 +69,11 @@ private:
             }
             else
             {
-                while (elapsed--)
+                while (elapsed > 0)
+                {
+                    --elapsed;
                     m_value -= (m_value + Window - 1) / Window;
+                }
             }
         }
 

include/xrpl/beast/test/yield_to.h

@@ -47,7 +47,7 @@ public:
         : work_(boost::asio::make_work_guard(ios_))
     {
         threads_.reserve(concurrency);
-        while (concurrency--)
+        for (std::size_t i = 0; i < concurrency; ++i)
             threads_.emplace_back([&] { ios_.run(); });
     }
 

include/xrpl/nodestore/detail/varint.h

@@ -54,8 +54,9 @@ read_varint(void const* buf, std::size_t buflen, std::size_t& t)
         return 1;
     }
     auto const used = n;
-    while (n--)
+    while (n > 0)
     {
+        --n;
         auto const d = p[n];
         auto const t0 = t;
         t *= 127;

include/xrpl/protocol/nft.h

@@ -82,7 +82,12 @@ cipheredTaxon(std::uint32_t tokenSeq, Taxon taxon)
     // **IMPORTANT** Changing these numbers would be a breaking change requiring
     //               an amendment along with a way to distinguish token IDs that
     //               were generated with the old code.
-    return taxon ^ toTaxon(((384160001 * tokenSeq) + 2459));
+    // Note: The multiplication is intentionally allowed to overflow (wrap
+    // around) as part of the linear congruential generator algorithm.
+    return taxon ^
+        toTaxon(static_cast<std::uint32_t>(
+            (static_cast<std::uint64_t>(384160001) * tokenSeq + 2459) &
+            0xFFFFFFFF));
 }
 
 inline Taxon

sanitizers/suppressions/asan.supp

@@ -0,0 +1,29 @@
+# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
+#
+# ASAN_OPTIONS="detect_container_overflow=0:suppressions=sanitizers/suppressions/asan.supp:halt_on_error=0"
+#
+# The detect_container_overflow=0 option disables false positives from:
+# - Boost intrusive containers (slist_iterator.hpp, hashtable.hpp, aged_unordered_container.h)
+# - Boost context/coroutine stack switching (Workers.cpp, thread.h)
+#
+# See: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow
+
+# Boost
+interceptor_name:boost/asio
+
+# Leaks in Doctest tests: xrpl.test.*
+interceptor_name:src/libxrpl/net/HTTPClient.cpp
+interceptor_name:src/libxrpl/net/RegisterSSLCerts.cpp
+interceptor_name:src/tests/libxrpl/net/HTTPClient.cpp
+interceptor_name:xrpl/net/AutoSocket.h
+interceptor_name:xrpl/net/HTTPClient.h
+interceptor_name:xrpl/net/HTTPClientSSLContext.h
+interceptor_name:xrpl/net/RegisterSSLCerts.h
+
+# Suppress false positive stack-buffer errors in thread stack allocation
+# Related to ASan's __asan_handle_no_return warnings (github.com/google/sanitizers/issues/189)
+# These occur during multi-threaded test initialization on macOS
+interceptor_name:memcpy
+interceptor_name:__bzero
+interceptor_name:__asan_memset
+interceptor_name:__asan_memcpy

sanitizers/suppressions/lsan.supp

@@ -0,0 +1,16 @@
+# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
+
+# Suppress leaks detected by asan in rippled code.
+leak:src/libxrpl/net/HTTPClient.cpp
+leak:src/libxrpl/net/RegisterSSLCerts.cpp
+leak:src/tests/libxrpl/net/HTTPClient.cpp
+leak:xrpl/net/AutoSocket.h
+leak:xrpl/net/HTTPClient.h
+leak:xrpl/net/HTTPClientSSLContext.h
+leak:xrpl/net/RegisterSSLCerts.h
+leak:ripple::HTTPClient
+leak:ripple::HTTPClientImp
+
+# Suppress leaks detected by asan in boost code.
+leak:boost::asio
+leak:boost/asio

sanitizers/suppressions/sanitizer-ignorelist.txt

@@ -0,0 +1,32 @@
+# We were seeing some false positives and some repeated errors(since these are library files) in following files.
+# Clang will skip instrumenting the files added here.
+# We should fix the underlying issues(if any) and remove these entries.
+
+deadlock:libxrpl/beast/utility/beast_Journal.cpp
+deadlock:libxrpl/beast/utility/beast_Journal.cpp
+deadlock:libxrpl/beast/utility/beast_PropertyStream.cpp
+deadlock:test/beast/beast_PropertyStream_test.cpp
+deadlock:xrpld/core/detail/Workers.cpp
+deadlock:xrpld/core/JobQueue.cpp
+
+race:libxrpl/beast/utility/beast_Journal.cpp
+race:libxrpl/beast/utility/beast_Journal.cpp
+race:libxrpl/beast/utility/beast_PropertyStream.cpp
+race:test/beast/beast_PropertyStream_test.cpp
+race:xrpld/core/detail/Workers.cpp
+race:xrpld/core/JobQueue.cpp
+
+signal:libxrpl/beast/utility/beast_Journal.cpp
+signal:libxrpl/beast/utility/beast_Journal.cpp
+signal:libxrpl/beast/utility/beast_PropertyStream.cpp
+signal:test/beast/beast_PropertyStream_test.cpp
+signal:xrpld/core/detail/Workers.cpp
+signal:xrpld/core/JobQueue.cpp
+
+src:beast/utility/beast_Journal.cpp
+src:beast/utility/beast_PropertyStream.cpp
+src:core/detail/Workers.cpp
+src:core/JobQueue.cpp
+src:libxrpl/beast/utility/beast_Journal.cpp
+src:test/beast/beast_PropertyStream_test.cpp
+src:src/test/app/Invariants_test.cpp

sanitizers/suppressions/tsan.supp

@@ -0,0 +1,102 @@
+# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
+
+# Suppress race in Boost ASIO scheduler detected by GCC-15
+# This is a false positive in Boost's internal pipe() synchronization
+race:boost/asio/
+race:boost/context/
+race:boost/asio/executor.hpp
+race:boost::asio
+
+# Suppress tsan related issues in rippled code.
+race:src/libxrpl/basics/make_SSLContext.cpp
+race:src/libxrpl/basics/Number.cpp
+race:src/libxrpl/json/json_value.cpp
+race:src/libxrpl/json/to_string.cpp
+race:src/libxrpl/ledger/OpenView.cpp
+race:src/libxrpl/net/HTTPClient.cpp
+race:src/libxrpl/nodestore/backend/NuDBFactory.cpp
+race:src/libxrpl/protocol/InnerObjectFormats.cpp
+race:src/libxrpl/protocol/STParsedJSON.cpp
+race:src/libxrpl/resource/ResourceManager.cpp
+race:src/test/app/Flow_test.cpp
+race:src/test/app/LedgerReplay_test.cpp
+race:src/test/app/NFToken_test.cpp
+race:src/test/app/Offer_test.cpp
+race:src/test/app/ValidatorSite_test.cpp
+race:src/test/consensus/NegativeUNL_test.cpp
+race:src/test/jtx/impl/Env.cpp
+race:src/test/jtx/impl/JSONRPCClient.cpp
+race:src/test/jtx/impl/pay.cpp
+race:src/test/jtx/impl/token.cpp
+race:src/test/rpc/Book_test.cpp
+race:src/xrpld/app/ledger/detail/InboundTransactions.cpp
+race:src/xrpld/app/main/Application.cpp
+race:src/xrpld/app/main/BasicApp.cpp
+race:src/xrpld/app/main/GRPCServer.cpp
+race:src/xrpld/app/misc/detail/AmendmentTable.cpp
+race:src/xrpld/app/misc/FeeVoteImpl.cpp
+race:src/xrpld/app/rdb/detail/Wallet.cpp
+race:src/xrpld/overlay/detail/OverlayImpl.cpp
+race:src/xrpld/peerfinder/detail/PeerfinderManager.cpp
+race:src/xrpld/peerfinder/detail/SourceStrings.cpp
+race:src/xrpld/rpc/detail/ServerHandler.cpp
+race:xrpl/server/detail/Door.h
+race:xrpl/server/detail/Spawn.h
+race:xrpl/server/detail/ServerImpl.h
+race:xrpl/nodestore/detail/DatabaseNodeImp.h
+race:src/libxrpl/beast/utility/beast_Journal.cpp
+race:src/test/beast/LexicalCast_test.cpp
+race:ripple::ServerHandler
+
+# More suppressions in external library code.
+race:crtstuff.c
+race:pipe
+
+# Deadlock / lock-order-inversion suppressions
+# Note: GCC's TSAN may not fully support all deadlock suppression patterns
+deadlock:src/libxrpl/beast/utility/beast_Journal.cpp
+deadlock:src/libxrpl/beast/utility/beast_PropertyStream.cpp
+deadlock:src/test/beast/beast_PropertyStream_test.cpp
+deadlock:src/xrpld/core/detail/Workers.cpp
+deadlock:src/xrpld/app/misc/detail/Manifest.cpp
+deadlock:src/xrpld/app/misc/detail/ValidatorList.cpp
+deadlock:src/xrpld/app/misc/detail/ValidatorSite.cpp
+
+signal:src/libxrpl/beast/utility/beast_Journal.cpp
+signal:src/xrpld/core/detail/Workers.cpp
+signal:src/xrpld/core/JobQueue.cpp
+signal:ripple::Workers::Worker
+
+# Aggressive suppressing of deadlock tsan errors
+deadlock:pthread_create
+deadlock:pthread_rwlock_rdlock
+deadlock:boost::asio
+
+# Suppress SEGV crashes in TSAN itself during stringbuf operations
+# This appears to be a GCC-15 TSAN instrumentation issue with basic_stringbuf::str()
+# Commonly triggered in beast::Journal::ScopedStream destructor
+signal:std::__cxx11::basic_stringbuf
+signal:basic_stringbuf
+signal:basic_ostringstream
+
+called_from_lib:libclang_rt
+race:ostreambuf_iterator
+race:basic_ostream
+
+# Suppress SEGV in Boost ASIO memory allocation with GCC-15 TSAN
+signal:boost::asio::aligned_new
+signal:boost::asio::detail::memory
+
+# Suppress SEGV in execute_native_thread_routine
+signal:execute_native_thread_routine
+
+# Suppress data race in Boost Context fiber management
+# This is a false positive in Boost's exception state management during fiber context switching
+race:__cxxabiv1::manage_exception_state
+race:boost::context::fiber::resume
+race:boost::asio::detail::spawned_fiber_thread
+race:boost::asio::detail::spawned_fiber_thread::suspend_with
+race:boost::asio::detail::spawned_fiber_thread::destroy
+
+# Suppress data race in __tsan_memcpy called from Boost fiber operations
+race:__tsan_memcpy

sanitizers/suppressions/ubsan.supp

@@ -0,0 +1,209 @@
+# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
+
+# Suppress UBSan errors in external code by source file path
+# This matches any source file under the external/ directory
+alignment:external
+bool:external
+bounds:external
+cfi:external
+enum:external
+float-cast-overflow:external
+float-divide-by-zero:external
+function:external
+implicit-integer-sign-change:external
+implicit-signed-integer-truncation:external
+implicit-unsigned-integer-truncation:external
+integer-divide-by-zero:external
+invalid-builtin-use:external
+invalid-objc-cast:external
+nonnull-attribute:external
+null:external
+nullability-arg:external
+nullability-assign:external
+nullability-return:external
+object-size:external
+pointer-overflow:external
+return:external
+returns-nonnull-attribute:external
+shift-base:external
+shift-exponent:external
+signed-integer-overflow:external
+undefined:external
+unreachable:external
+unsigned-integer-overflow:external
+vla-bound:external
+vptr_check:external
+vptr:external
+
+# Suppress all UBSan errors in Boost libraries
+# This matches any files containing "boost" in its path or name
+alignment:boost
+bool:boost
+bounds:boost
+cfi:boost
+enum:boost
+float-cast-overflow:boost
+float-divide-by-zero:boost
+function:boost
+implicit-integer-sign-change:boost
+implicit-signed-integer-truncation:boost
+implicit-unsigned-integer-truncation:boost
+integer-divide-by-zero:boost
+invalid-builtin-use:boost
+invalid-objc-cast:boost
+nonnull-attribute:boost
+null:boost
+nullability-arg:boost
+nullability-assign:boost
+nullability-return:boost
+object-size:boost
+pointer-overflow:boost
+return:boost
+returns-nonnull-attribute:boost
+shift-base:boost
+shift-exponent:boost
+signed-integer-overflow:boost
+undefined:boost
+unreachable:boost
+unsigned-integer-overflow:boost
+vla-bound:boost
+vptr_check:boost
+vptr:boost
+
+# Google protobuf - intentional overflows in hash functions
+undefined:protobuf
+unsigned-integer-overflow:google/protobuf/stubs/stringpiece.h
+
+# gRPC intentional overflows in timer calculations
+unsigned-integer-overflow:grpc
+unsigned-integer-overflow:timer_manager.cc
+
+# RocksDB intentional unsigned integer overflows in hash functions and CRC calculations
+unsigned-integer-overflow:rocks*/*/util/xxhash.h
+unsigned-integer-overflow:rocks*/*/util/xxph3.h
+unsigned-integer-overflow:rocks*/*/util/hash.cc
+unsigned-integer-overflow:rocks*/*/util/crc32c.cc
+unsigned-integer-overflow:rocks*/*/util/crc32c.h
+unsigned-integer-overflow:rocks*/*/include/rocksdb/utilities/options_type.h
+unsigned-integer-overflow:rocks*/*/table/format.h
+unsigned-integer-overflow:rocks*/*/table/format.cc
+unsigned-integer-overflow:rocks*/*/table/block_based/block_based_table_builder.cc
+unsigned-integer-overflow:rocks*/*/table/block_based/reader_common.cc
+unsigned-integer-overflow:rocks*/*/db/version_set.cc
+alignment:rocks*/*/util/crc32c_arm64.cc
+undefined:rocks.*/*/util/crc32c_arm64.cc
+undefined:rocks.*/*/util/xxhash.h
+
+# nudb intentional overflows in hash functions
+unsigned-integer-overflow:nudb/detail/xxhash.hpp
+alignment:nudb/detail/xxhash.hpp
+undefined:nudb
+
+# Snappy compression library intentional overflows
+unsigned-integer-overflow:snappy.cc
+
+# Abseil intentional overflows
+unsigned-integer-overflow:absl/strings/numbers.cc
+unsigned-integer-overflow:absl/strings/internal/cord_rep_flat.h
+unsigned-integer-overflow:absl/base/internal/low_level_alloc.cc
+unsigned-integer-overflow:absl/hash/internal/hash.h
+unsigned-integer-overflow:absl/container/internal/raw_hash_set.h
+
+# Standard library intentional overflows
+unsigned-integer-overflow:basic_string.h
+unsigned-integer-overflow:bits/chrono.h
+unsigned-integer-overflow:bits/random.h
+unsigned-integer-overflow:bits/random.tcc
+unsigned-integer-overflow:bits/stl_algobase.h
+unsigned-integer-overflow:bits/uniform_int_dist.h
+unsigned-integer-overflow:string_view
+unsigned-integer-overflow:__random/seed_seq.h
+unsigned-integer-overflow:__charconv/traits.h
+unsigned-integer-overflow:__chrono/duration.h
+
+# =============================================================================
+# Rippled code suppressions
+# =============================================================================
+
+# Intentional overflows and wraparound arithmetic in rippled code
+# These are by design and mathematically correct for their use cases
+
+# STAmount uses intentional negation of INT64_MIN and overflow in arithmetic
+signed-integer-overflow:src/libxrpl/protocol/STAmount.cpp
+unsigned-integer-overflow:src/libxrpl/protocol/STAmount.cpp
+
+# base_uint.h: Increment/decrement operators intentionally wrap around
+unsigned-integer-overflow:xrpl/basics/base_uint.h
+
+# Test files with intentional overflows to test edge cases
+signed-integer-overflow:src/test/basics/XRPAmount_test.cpp
+signed-integer-overflow:src/test/beast/LexicalCast_test.cpp
+unsigned-integer-overflow:src/test/basics/XRPAmount_test.cpp
+unsigned-integer-overflow:src/test/beast/LexicalCast_test.cpp
+
+# Safe loop patterns that trigger UBSAN (e.g., while(len-- && ...))
+# These are mathematically sound patterns where underflow is handled correctly
+unsigned-integer-overflow:src/libxrpl/basics/base64.cpp
+unsigned-integer-overflow:src/libxrpl/basics/Number.cpp
+unsigned-integer-overflow:src/libxrpl/crypto/RFC1751.cpp
+unsigned-integer-overflow:src/libxrpl/json/json_value.cpp
+unsigned-integer-overflow:src/libxrpl/ledger/ApplyView.cpp
+unsigned-integer-overflow:src/libxrpl/ledger/View.cpp
+unsigned-integer-overflow:src/libxrpl/protocol/Permissions.cpp
+unsigned-integer-overflow:src/libxrpl/protocol/STPathSet.cpp
+unsigned-integer-overflow:src/libxrpl/protocol/tokens.cpp
+unsigned-integer-overflow:src/libxrpl/shamap/SHAMap.cpp
+unsigned-integer-overflow:src/test/app/Batch_test.cpp
+unsigned-integer-overflow:src/test/app/Invariants_test.cpp
+unsigned-integer-overflow:src/test/app/NFToken_test.cpp
+unsigned-integer-overflow:src/test/app/Offer_test.cpp
+unsigned-integer-overflow:src/test/app/Path_test.cpp
+unsigned-integer-overflow:src/test/jtx/impl/acctdelete.cpp
+unsigned-integer-overflow:src/test/ledger/SkipList_test.cpp
+unsigned-integer-overflow:src/test/rpc/Subscribe_test.cpp
+unsigned-integer-overflow:src/tests/libxrpl/basics/RangeSet.cpp
+unsigned-integer-overflow:src/xrpld/app/misc/detail/AmendmentTable.cpp
+unsigned-integer-overflow:src/xrpld/app/misc/NetworkOPs.cpp
+unsigned-integer-overflow:src/xrpld/app/paths/detail/StrandFlow.h
+unsigned-integer-overflow:src/xrpld/app/tx/detail/NFTokenMint.cpp
+unsigned-integer-overflow:src/xrpld/app/tx/detail/SetOracle.cpp
+unsigned-integer-overflow:src/xrpld/rpc/detail/Role.cpp
+unsigned-integer-overflow:src/xrpld/rpc/handlers/GetAggregatePrice.cpp
+unsigned-integer-overflow:xrpl/beast/xor_shift_engine.h
+
+# General undefined behavior suppressions for rippled code
+# These files have patterns that UBSAN flags but are safe in context
+undefined:src/libxrpl/basics/base64.cpp
+undefined:src/libxrpl/basics/Number.cpp
+undefined:src/libxrpl/beast/utility/beast_Journal.cpp
+undefined:src/libxrpl/crypto/RFC1751.cpp
+undefined:src/libxrpl/json/json_value.cpp
+undefined:src/libxrpl/ledger/ApplyView.cpp
+undefined:src/libxrpl/ledger/View.cpp
+undefined:src/libxrpl/protocol/Permissions.cpp
+undefined:src/libxrpl/protocol/STAmount.cpp
+undefined:src/libxrpl/protocol/STPathSet.cpp
+undefined:src/libxrpl/protocol/tokens.cpp
+undefined:src/libxrpl/shamap/SHAMap.cpp
+undefined:src/test/app/Batch_test.cpp
+undefined:src/test/app/Invariants_test.cpp
+undefined:src/test/app/NFToken_test.cpp
+undefined:src/test/app/Offer_test.cpp
+undefined:src/test/app/Path_test.cpp
+undefined:src/test/basics/XRPAmount_test.cpp
+undefined:src/test/beast/LexicalCast_test.cpp
+undefined:src/test/jtx/impl/acctdelete.cpp
+undefined:src/test/ledger/SkipList_test.cpp
+undefined:src/test/rpc/Subscribe_test.cpp
+undefined:src/tests/libxrpl/basics/RangeSet.cpp
+undefined:src/xrpld/app/misc/detail/AmendmentTable.cpp
+undefined:src/xrpld/app/misc/NetworkOPs.cpp
+undefined:src/xrpld/app/paths/detail/StrandFlow.h
+undefined:src/xrpld/app/tx/detail/NFTokenMint.cpp
+undefined:src/xrpld/app/tx/detail/SetOracle.cpp
+undefined:src/xrpld/core/detail/JobQueue.cpp
+undefined:src/xrpld/core/detail/Workers.cpp
+undefined:src/xrpld/rpc/detail/Role.cpp
+undefined:src/xrpld/rpc/handlers/GetAggregatePrice.cpp
+undefined:xrpl/basics/base_uint.h
+undefined:xrpl/beast/xor_shift_engine.h

src/libxrpl/ledger/View.cpp

@@ -450,9 +450,8 @@ getTrustLineBalance(
         amount.clear(Issue{currency, issuer});
     }
 
-    JLOG(j.trace()) << "getTrustLineBalance:"
-                    << " account=" << to_string(account)
-                    << " amount=" << amount.getFullText();
+    JLOG(j.trace()) << "getTrustLineBalance:" << " account="
+                    << to_string(account) << " amount=" << amount.getFullText();
 
     return view.balanceHook(account, issuer, amount);
 }
@@ -744,8 +743,7 @@ xrpLiquid(
     STAmount const amount =
         (balance < reserve) ? STAmount{0} : balance - reserve;
 
-    JLOG(j.trace()) << "accountHolds:"
-                    << " account=" << to_string(id)
+    JLOG(j.trace()) << "accountHolds:" << " account=" << to_string(id)
                     << " amount=" << amount.getFullText()
                     << " fullBalance=" << fullBalance.getFullText()
                     << " balance=" << balance.getFullText()
@@ -1151,7 +1149,7 @@ adjustOwnerCount(
 std::function<void(SLE::ref)>
 describeOwnerDir(AccountID const& account)
 {
-    return [&account](std::shared_ptr<SLE> const& sle) {
+    return [account](std::shared_ptr<SLE> const& sle) {
         (*sle)[sfOwner] = account;
     };
 }

src/libxrpl/protocol/BuildInfo.cpp

@@ -3,6 +3,8 @@
 #include <xrpl/beast/core/SemanticVersion.h>
 #include <xrpl/protocol/BuildInfo.h>
 
+#include <boost/preprocessor/stringize.hpp>
+
 #include <algorithm>
 #include <cstdint>
 #include <string>
@@ -20,7 +22,7 @@ namespace BuildInfo {
 char const* const versionString = "3.2.0-b0"
 // clang-format on
 
-#if defined(DEBUG) || defined(SANITIZER)
+#if defined(DEBUG) || defined(SANITIZERS)
     "+"
 #ifdef GIT_COMMIT_HASH
     GIT_COMMIT_HASH
@@ -28,13 +30,13 @@ char const* const versionString = "3.2.0-b0"
 #endif
 #ifdef DEBUG
     "DEBUG"
-#ifdef SANITIZER
+#ifdef SANITIZERS
     "."
 #endif
 #endif
 
-#ifdef SANITIZER
-    BOOST_PP_STRINGIZE(SANITIZER)
+#ifdef SANITIZERS
+    BOOST_PP_STRINGIZE(SANITIZERS)
 #endif
 #endif
 

src/xrpld/app/main/BasicApp.cpp

@@ -9,11 +9,10 @@ BasicApp::BasicApp(std::size_t numberOfThreads)
     work_.emplace(boost::asio::make_work_guard(io_context_));
     threads_.reserve(numberOfThreads);
 
-    while (numberOfThreads--)
+    for (std::size_t i = 0; i < numberOfThreads; ++i)
     {
-        threads_.emplace_back([this, numberOfThreads]() {
-            beast::setCurrentThreadName(
-                "io svc #" + std::to_string(numberOfThreads));
+        threads_.emplace_back([this, i]() {
+            beast::setCurrentThreadName("io svc #" + std::to_string(i));
             this->io_context_.run();
         });
     }

src/xrpld/peerfinder/detail/Counts.h

@@ -231,15 +231,25 @@ public:
 
     //--------------------------------------------------------------------------
 private:
+    // Helper to safely adjust a size_t counter by a signed value
+    static void
+    adjustCounter(std::size_t& counter, int const n)
+    {
+        if (n >= 0)
+            counter += static_cast<std::size_t>(n);
+        else
+            counter -= static_cast<std::size_t>(-n);
+    }
+
     // Adjusts counts based on the specified slot, in the direction indicated.
     void
     adjust(Slot const& s, int const n)
     {
         if (s.fixed())
-            m_fixed += n;
+            adjustCounter(m_fixed, n);
 
         if (s.reserved())
-            m_reserved += n;
+            adjustCounter(m_reserved, n);
 
         switch (s.state())
         {
@@ -261,15 +271,15 @@ private:
 
             case Slot::active:
                 if (s.fixed())
-                    m_fixed_active += n;
+                    adjustCounter(m_fixed_active, n);
                 if (!s.fixed() && !s.reserved())
                 {
                     if (s.inbound())
-                        m_in_active += n;
+                        adjustCounter(m_in_active, n);
                     else
-                        m_out_active += n;
+                        adjustCounter(m_out_active, n);
                 }
-                m_active += n;
+                adjustCounter(m_active, n);
                 break;
 
             case Slot::closing: