Merge branch 'develop' into ximinez/online-delete-gaps

* upstream/develop:
  chore: Remove codecov token check to support tokenless uploads on forks (5722)
  Set version to 2.6.0-rc3
  Revert "perf: Move mutex to the partition level (5486)"
  chore: Update clang-format and prettier with pre-commit (5709)
  fix(test): handle null metadata for unvalidated tx in Env::meta (5715)
  chore: Workaround for CI build errors on arm64 (5717)
  chore: Fix file formatting (5718)
  fix: Skip notify-clio when running in a fork, reorder config fields (5712)
  chore: Reverts formatting changes to external files, adds formatting changes to proto files (5711)

.github/actions/build-deps/action.yml

@@ -21,10 +21,6 @@ inputs:
     description: "The logging verbosity."
     required: false
     default: "verbose"
-  sanitizers:
-    description: "The sanitizers to enable ('Address', 'Thread')."
-    required: false
-    default: ""
 
 runs:
   using: composite
@@ -37,13 +33,11 @@ runs:
         BUILD_OPTION: ${{ inputs.force_build == 'true' && '*' || 'missing' }}
         BUILD_TYPE: ${{ inputs.build_type }}
         LOG_VERBOSITY: ${{ inputs.log_verbosity }}
-        SANITIZERS: ${{ inputs.sanitizers }}
       run: |
         echo 'Installing dependencies.'
         mkdir -p "${BUILD_DIR}"
         cd "${BUILD_DIR}"
         conan install \
-          --profile ci \
           --output-folder . \
           --build="${BUILD_OPTION}" \
           --options:host='&:tests=True' \

.github/actions/setup-conan/action.yml

@@ -28,7 +28,7 @@ runs:
       shell: bash
       run: |
         echo 'Installing profile.'
-        conan config install conan/profiles/ -tf $(conan config home)/profiles/
+        conan config install conan/profiles/default -tf $(conan config home)/profiles/
 
         echo 'Conan profile:'
         conan profile show

.github/scripts/strategy-matrix/generate.py

@@ -209,17 +209,15 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         ):
             continue
 
-        cxx_flags = "-g"
-        # Enable code coverage for Debian Bookworm using GCC 14 in Debug and no
+        # Enable code coverage for Debian Bookworm using GCC 15 in Debug and no
         # Unity on linux/amd64
         if (
-            f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-14"
+            f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-15"
             and build_type == "Debug"
             and "-Dunity=OFF" in cmake_args
             and architecture["platform"] == "linux/amd64"
         ):
-            cmake_args = f"-Dcoverage=ON -Dcoverage_format=xml -DCODE_COVERAGE_VERBOSE=ON -DCMAKE_C_FLAGS=-O0 {cmake_args}"
-            cxx_flags = f"-O0 {cxx_flags}"
+            cmake_args = f"-Dcoverage=ON -Dcoverage_format=xml -DCODE_COVERAGE_VERBOSE=ON -DCMAKE_C_FLAGS=-O0 -DCMAKE_CXX_FLAGS=-O0 {cmake_args}"
 
         # Generate a unique name for the configuration, e.g. macos-arm64-debug
         # or debian-bookworm-gcc-12-amd64-release-unity.
@@ -231,7 +229,7 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         if (n := os["compiler_version"]) != "":
             config_name += f"-{n}"
         config_name += (
-            f"-{architecture['platform'][architecture['platform'].find('/')+1:]}"
+            f"-{architecture['platform'][architecture['platform'].find('/') + 1 :]}"
         )
         config_name += f"-{build_type.lower()}"
         if "-Dunity=ON" in cmake_args:
@@ -240,145 +238,21 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         # Add the configuration to the list, with the most unique fields first,
         # so that they are easier to identify in the GitHub Actions UI, as long
         # names get truncated.
-        # Add Address and Thread (both coupled with UB) sanitizers when the distro is bookworm.
-        if os[
-            "distro_version"
-        ] == "bookworm" and f"{os['compiler_name']}-{os['compiler_version']}" in {
-            "gcc-15",
-            "clang-20",
-        }:
-            configs = addSanitizerConfigs(architecture, os, cmake_args, cxx_flags)
-            if "asan_ubsan" in configs:
-                configurations.append(
-                    {
-                        "config_name": config_name + "-asan-ubsan",
-                        "cmake_args": configs["asan_ubsan"],
-                        "cmake_target": cmake_target,
-                        "build_only": build_only,
-                        "build_type": build_type,
-                        "os": os,
-                        "architecture": architecture,
-                        "sanitizers": "Address,UndefinedBehavior",
-                    }
-                )
-            if "tsan_ubsan" in configs:
-                configurations.append(
-                    {
-                        "config_name": config_name + "-tsan-ubsan",
-                        "cmake_args": configs["tsan_ubsan"],
-                        "cmake_target": cmake_target,
-                        "build_only": build_only,
-                        "build_type": build_type,
-                        "os": os,
-                        "architecture": architecture,
-                        "sanitizers": "Thread,UndefinedBehavior",
-                    }
-                )
-        else:
-            configurations.append(
-                {
-                    "config_name": config_name,
-                    "cmake_args": cmake_args,
-                    "cmake_target": cmake_target,
-                    "build_only": build_only,
-                    "build_type": build_type,
-                    "os": os,
-                    "architecture": architecture,
-                }
-            )
+        configurations.append(
+            {
+                "config_name": config_name,
+                "cmake_args": cmake_args,
+                "cmake_target": cmake_target,
+                "build_only": build_only,
+                "build_type": build_type,
+                "os": os,
+                "architecture": architecture,
+            }
+        )
 
     return configurations
 
 
-def addSanitizerConfigs(
-    architecture: dict,
-    os: dict,
-    cmake_args: str,
-    cxx_flags: str,
-) -> dict:
-    extra_warning_flags = ""
-    linker_relocation_flags = ""
-    linker_flags = ""
-
-    # Use large code model to avoid relocation errors with large binaries
-    # Only for x86-64 (amd64) - ARM64 doesn't support -mcmodel=large
-    if architecture["platform"] == "linux/amd64" and os["compiler_name"] == "gcc":
-        # Add -mcmodel=large to both compiler AND linker flags
-        # This is needed because sanitizers create very large binaries and
-        # large model removes the 2GB limitation that medium model has
-        cxx_flags += " -mcmodel=large -fno-PIC"
-        linker_relocation_flags += " -mcmodel=large -fno-PIC"
-
-    # Create default sanitizer flags
-    sanitizers_flags = "undefined,float-divide-by-zero"
-
-    if os["compiler_name"] == "gcc":
-        # Suppress false positive warnings in GCC with stringop-overflow
-        extra_warning_flags += " -Wno-stringop-overflow"
-        # Disable mold, gold and lld linkers.
-        # Use default linker (bfd/ld) which is more lenient with mixed code models
-        cmake_args += " -Duse_mold=OFF -Duse_gold=OFF -Duse_lld=OFF"
-        # Add linker flags for Sanitizers
-        linker_flags += f" -DCMAKE_EXE_LINKER_FLAGS='{linker_relocation_flags} -fsanitize=address,{sanitizers_flags}'"
-        linker_flags += f" -DCMAKE_SHARED_LINKER_FLAGS='{linker_relocation_flags} -fsanitize=address,{sanitizers_flags}'"
-    elif os["compiler_name"] == "clang":
-        # Note: We use $GITHUB_WORKSPACE environment variable which will be expanded by the shell
-        # before CMake processes it. This ensures the compiler receives an absolute path.
-        # CMAKE_SOURCE_DIR won't work here because it's inside CMAKE_CXX_FLAGS string.
-        # GCC doesn't support ignorelist.
-        cxx_flags += " -fsanitize-ignorelist=$GITHUB_WORKSPACE/sanitizers/suppressions/sanitizer-ignorelist.txt"
-        sanitizers_flags = f"{sanitizers_flags},unsigned-integer-overflow"
-        linker_flags += (
-            f" -DCMAKE_EXE_LINKER_FLAGS='-fsanitize=address,{sanitizers_flags}'"
-        )
-        linker_flags += (
-            f" -DCMAKE_SHARED_LINKER_FLAGS='-fsanitize=address,{sanitizers_flags}'"
-        )
-
-    # Sanitizers recommend minimum of -O1 for reasonable performance
-    cxx_flags += " -O1"
-
-    # First create config for asan
-    cmake_args_flags = f'{cmake_args} -DCMAKE_CXX_FLAGS="-fsanitize=address,{sanitizers_flags} -fno-omit-frame-pointer {cxx_flags} {extra_warning_flags}" {linker_flags}'
-
-    # Add config with asan+ubsan
-    configs = {}
-    configs["asan_ubsan"] = cmake_args_flags
-
-    # Since TSAN runs are crashing with seg faults(could be compatibility issues with latest compilers)
-    # We deactivate it for now. But I would keep the code, since it took some effort to find the correct set of config needed to run this.
-    # This will be useful when we decide to activate it again in future.
-    activateTSAN = False
-    if activateTSAN:
-        linker_flags = ""
-        # Update configs for tsan
-        # gcc doesn't supports atomic_thread_fence with tsan. Suppress warnings.
-        # Also tsan doesn't work well with mcmode=large and bfd linker
-        if os["compiler_name"] == "gcc":
-            extra_warning_flags += " -Wno-tsan"
-            cxx_flags = cxx_flags.replace("-mcmodel=large", "-mcmodel=medium")
-            linker_relocation_flags = linker_relocation_flags.replace(
-                "-mcmodel=large", "-mcmodel=medium"
-            )
-            # Add linker flags for Sanitizers
-            linker_flags += f" -DCMAKE_EXE_LINKER_FLAGS='{linker_relocation_flags} -fsanitize=thread,{sanitizers_flags}'"
-            linker_flags += f" -DCMAKE_SHARED_LINKER_FLAGS='{linker_relocation_flags} -fsanitize=thread,{sanitizers_flags}'"
-        elif os["compiler_name"] == "clang":
-            linker_flags += (
-                f" -DCMAKE_EXE_LINKER_FLAGS='-fsanitize=thread,{sanitizers_flags}'"
-            )
-            linker_flags += (
-                f" -DCMAKE_SHARED_LINKER_FLAGS='-fsanitize=thread,{sanitizers_flags}'"
-            )
-
-        cmake_args_flags = f"{cmake_args} -DCMAKE_CXX_FLAGS='-fsanitize=thread,{sanitizers_flags} -fno-omit-frame-pointer {cxx_flags} {extra_warning_flags}' {linker_flags}"
-
-        # Add config with tsan+ubsan
-        configs["tsan_ubsan"] = cmake_args_flags
-
-    return configs
-
-
 def read_config(file: Path) -> Config:
     config = json.loads(file.read_text())
     if (

.github/workflows/reusable-build-test-config.yml

@@ -50,12 +50,6 @@ on:
         type: number
         default: 2
 
-      sanitizers:
-        description: "The sanitizers to enable ('Address+UndefinedBehavior' or 'Thread+UndefinedBehavior')."
-        required: false
-        type: string
-        default: ""
-
     secrets:
       CODECOV_TOKEN:
         description: "The Codecov token to use for uploading coverage reports."
@@ -74,7 +68,6 @@ jobs:
     env:
       ENABLED_VOIDSTAR: ${{ contains(inputs.cmake_args, '-Dvoidstar=ON') }}
       ENABLED_COVERAGE: ${{ contains(inputs.cmake_args, '-Dcoverage=ON') }}
-      ENABLED_SANITIZERS: ${{ contains(inputs.cmake_args, '-fsanitize') }}
     steps:
       - name: Cleanup workspace (macOS and Windows)
         if: ${{ runner.os == 'macOS' || runner.os == 'Windows' }}
@@ -109,18 +102,19 @@ jobs:
           # Set the verbosity to "quiet" for Windows to avoid an excessive
           # amount of logs. For other OSes, the "verbose" logs are more useful.
           log_verbosity: ${{ runner.os == 'Windows' && 'quiet' || 'verbose' }}
-          sanitizers: ${{ inputs.sanitizers }}
 
       - name: Configure CMake
         working-directory: ${{ inputs.build_dir }}
         env:
           BUILD_TYPE: ${{ inputs.build_type }}
+          CMAKE_ARGS: ${{ inputs.cmake_args }}
         run: |
-          cmake .. \
+          cmake \
             -G '${{ runner.os == 'Windows' && 'Visual Studio 17 2022' || 'Ninja' }}' \
             -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
             -DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \
-            ${{ inputs.cmake_args }}
+            ${CMAKE_ARGS} \
+            ..
 
       - name: Build the binary
         working-directory: ${{ inputs.build_dir }}
@@ -147,7 +141,7 @@ jobs:
           if-no-files-found: error
 
       - name: Check linking (Linux)
-        if: ${{ runner.os == 'Linux' && env.ENABLED_SANITIZERS == 'false' }}
+        if: ${{ runner.os == 'Linux' }}
         working-directory: ${{ inputs.build_dir }}
         run: |
           ldd ./rippled
@@ -172,10 +166,6 @@ jobs:
           BUILD_TYPE: ${{ inputs.build_type }}
           PARALLELISM: ${{ runner.os == 'Windows' && '1' || steps.nproc.outputs.nproc }}
         run: |
-          export ASAN_OPTIONS="detect_container_overflow=0 suppressions=$GITHUB_WORKSPACE/sanitizers/suppressions/asan.supp"
-          export TSAN_OPTIONS="second_deadlock_stack=1 halt_on_error=0 suppressions=$GITHUB_WORKSPACE/sanitizers/suppressions/tsan.supp"
-          export UBSAN_OPTIONS="suppressions=$GITHUB_WORKSPACE/sanitizers/suppressions/ubsan.supp"
-          export LSAN_OPTIONS="suppressions=$GITHUB_WORKSPACE/sanitizers/suppressions/lsan.supp"
           ctest \
             --output-on-failure \
             -C "${BUILD_TYPE}" \
@@ -187,10 +177,6 @@ jobs:
         env:
           BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
         run: |
-          export ASAN_OPTIONS="detect_container_overflow=0 suppressions=$GITHUB_WORKSPACE/sanitizers/suppressions/asan.supp"
-          export TSAN_OPTIONS="second_deadlock_stack=1 halt_on_error=0 suppressions=$GITHUB_WORKSPACE/sanitizers/suppressions/tsan.supp"
-          export UBSAN_OPTIONS="suppressions=$GITHUB_WORKSPACE/sanitizers/suppressions/ubsan.supp"
-          export LSAN_OPTIONS="suppressions=$GITHUB_WORKSPACE/sanitizers/suppressions/lsan.supp"
           ./rippled --unittest --unittest-jobs "${BUILD_NPROC}"
 
       - name: Debug failure (Linux)

.github/workflows/reusable-build-test.yml

@@ -54,6 +54,5 @@ jobs:
       runs_on: ${{ toJSON(matrix.architecture.runner) }}
       image: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-{4}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version, matrix.os.image_sha) || '' }}
       config_name: ${{ matrix.config_name }}
-      sanitizers: ${{ matrix.sanitizers }}
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

BUILD.md

@@ -370,20 +370,6 @@ tools.build:cxxflags=['-DBOOST_ASIO_DISABLE_CONCEPTS']
    conan install .. --output-folder . --build missing --settings build_type=Debug
    ```
 
-   If you would like to activate `asan`(`Address`) or `tsan`(`Thread`) or `ubsan`(`UndefinedBehavior`) for the build,
-   declare an environment variable as follows(with values: `Address`, `Thread`, `UndefinedBehavior`) and use the `sanitizers`
-   profile in the `conan install` command.
-
-   ```
-   SANITIZERS=Address conan install .. --output-folder . --profile:all sanitizers --build missing --settings build_type=Debug
-   # or if you want asan+ubsan
-   SANITIZERS=Address,UndefinedBehavior conan install .. --output-folder . --profile:all sanitizers --build missing --settings build_type=Debug
-   ```
-
-   Note: Do not mix Address and Thread, that's incompatible.
-
-   More details here: [sanitizers](./docs/build/sanitizers.md)
-
    To build Debug, in the next step, be sure to set `-DCMAKE_BUILD_TYPE=Debug`
 
    For a single-configuration generator, e.g. `Unix Makefiles` or `Ninja`,

cfg/rippled-example.cfg

@@ -1051,10 +1051,11 @@
 #                           The online delete process checks periodically
 #                           that rippled is still in sync with the network,
 #                           and that the validated ledger is less than
-#                           'age_threshold_seconds' old. If not, then continue
+#                           'age_threshold_seconds' old, and that all
+#                           recent ledgers are available. If not, then continue
 #                           sleeping for this number of seconds and
 #                           checking until healthy.
-#                           Default is 5.
+#                           Default is 1.
 #
 #   Notes:
 #       The 'node_db' entry configures the primary, persistent storage.

conan/profiles/ci

@@ -1 +0,0 @@
- include(sanitizers)

conan/profiles/sanitizers

@@ -1,59 +0,0 @@
-include(default)
-{% set compiler, version, compiler_exe = detect_api.detect_default_compiler() %}
-{% set sanitizers = os.getenv("SANITIZERS") %}
-
-[conf]
-{% if sanitizers %}
-    {% if compiler == "gcc" %}
-        {% if "Address" in sanitizers or "Thread" in sanitizers or "UndefinedBehavior" in sanitizers %}
-            {% set sanitizer_list = [] %}
-            {% set model_code = "" %}
-            {% set extra_cxxflags = "-fno-omit-frame-pointer -fno-PIC -O1 -Wno-stringop-overflow" %}
-
-            {% if "Address" in sanitizers %}
-                {% set _ = sanitizer_list.append("address") %}
-                {% set model_code = "-mcmodel=large" %}
-            {% elif "Thread" in sanitizers %}
-                {% set _ = sanitizer_list.append("thread") %}
-                {% set model_code = "-mcmodel=medium" %}
-                {% set extra_cxxflags = extra_cxxflags ~ " -Wno-tsan" %}
-            {% endif %}
-
-            {% if "UndefinedBehavior" in sanitizers or "UndefinedBehavior" in sanitizers %}
-                {% set _ = sanitizer_list.append("undefined") %}
-                {% set _ = sanitizer_list.append("float-divide-by-zero") %}
-            {% endif %}
-
-            {% set sanitizer_flags = "-fsanitize=" ~ ",".join(sanitizer_list) ~ " " ~ model_code %}
-
-            tools.build:cxxflags+=['{{sanitizer_flags}} {{extra_cxxflags}}']
-            tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
-            tools.build:exelinkflags+=['{{sanitizer_flags}}']
-        {% endif %}
-    {% elif compiler == "apple-clang" or compiler == "clang" %}
-        {% if "Address" in sanitizers or "Thread" in sanitizers or "UndefinedBehavior" in sanitizers %}
-            {% set sanitizer_list = [] %}
-            {% set extra_cxxflags = "-fno-omit-frame-pointer -fno-PIC -O1" %}
-
-            {% if "Address" in sanitizers %}
-                {% set _ = sanitizer_list.append("address") %}
-            {% elif "Thread" in sanitizers %}
-                {% set _ = sanitizer_list.append("thread") %}
-            {% endif %}
-
-            {% if "UndefinedBehavior" in sanitizers %}
-                {% set _ = sanitizer_list.append("undefined") %}
-                {% set _ = sanitizer_list.append("float-divide-by-zero") %}
-                {% set _ = sanitizer_list.append("unsigned-integer-overflow") %}
-            {% endif %}
-
-            {% set sanitizer_flags = "-fsanitize=" ~ ",".join(sanitizer_list) %}
-
-            tools.build:cxxflags+=['{{sanitizer_flags}} {{extra_cxxflags}}']
-            tools.build:sharedlinkflags+=['{{sanitizer_flags}}']
-            tools.build:exelinkflags+=['{{sanitizer_flags}}']
-        {% endif %}
-    {% endif %}
-{% endif %}
-
-tools.info.package_id:confs+=["tools.build:cxxflags", "tools.build:exelinkflags", "tools.build:sharedlinkflags"]

docs/build/sanitizers.md

@@ -1,183 +0,0 @@
-# Sanitizer Configuration for Rippled
-
-This document explains how to properly configure and run sanitizers (AddressSanitizer, UndefinedBehaviorSanitizer, ThreadSanitizer) with the rippled project.
-Corresponding suppression files are located in the `sanitizers/suppressions` directory.
-
-- [Sanitizer Configuration for Rippled](#sanitizer-configuration-for-rippled)
-  - [Building with Sanitizers](#building-with-sanitizers)
-    - [AddressSanitizer (ASan) + UndefinedBehaviorSanitizer (UBSan)](#addresssanitizer-asan--undefinedbehaviorsanitizer-ubsan)
-    - [ThreadSanitizer (TSan) + UndefinedBehaviorSanitizer (UBSan)](#threadsanitizer-tsan--undefinedbehaviorsanitizer-ubsan)
-    - [Just UndefinedBehaviorSanitizer (UBSan)](#just-undefinedbehaviorsanitizer-ubsan)
-- [Running Tests with Sanitizers](#running-tests-with-sanitizers)
-  - [AddressSanitizer (ASan)](#addresssanitizer-asan)
-  - [ThreadSanitizer (TSan)](#threadsanitizer-tsan)
-  - [LeakSanitizer (LSan)](#leaksanitizer-lsan)
-- [Suppression Files](#suppression-files)
-  - [asan.supp](#asansupp)
-  - [lsan.supp](#lsansupp)
-  - [ubsan.supp](#ubsansupp)
-  - [tsan.supp](#tsansupp)
-  - [Ignorelist](#sanitizer-ignorelisttxt)
-- [Known False Positives](#known-false-positives)
-- [References](#references)
-
-## Building with Sanitizers
-
-### Summary
-
-Follow the same instructions as mentioned in [BUILD.md](../../BUILD.md) but with following changes:
-
-1. Make sure you have clean build directory.
-2. Use `--profile sanitizers` to configure build options to include sanitizer flags. [sanitizes](../../conan/profiles/sanitizers) profile contains settings for all sanitizers.
-3. Set `ASAN_OPTIONS`, `LSAN_OPTIONS` ,`UBSAN_OPTIONS` and `TSAN_OPTIONS` environment variables to configure sanitizer behavior when running executables.
-
----
-
-### Build steps:
-
-```bash
-  cd /path/to/rippled
-  rm -rf .build
-  mkdir .build
-  cd .build
-```
-
-#### AddressSanitizer (ASan) + UndefinedBehaviorSanitizer (UBSan)
-
-Build with AddressSanitizer+UndefinedBehavior sanitizers (or you can choose just one of them).
-
-```bash
-SANITIZERS=Address,UndefinedBehavior conan install .. --output-folder . --profile sanitizers --build missing --settings build_type=Release
-```
-
-#### ThreadSanitizer (TSan) + UndefinedBehaviorSanitizer (UBSan)
-
-```bash
-# Build dependencies with Thread sanitizer
-SANITIZERS=Thread,UndefinedBehavior conan install .. --output-folder . --profile sanitizers --build missing --settings build_type=Release
-```
-
-#### Just UndefinedBehaviorSanitizer (UBSan)
-
-```bash
-# Build dependencies with Thread sanitizer
-SANITIZERS=UndefinedBehavior conan install .. --output-folder . --profile sanitizers --build missing --settings build_type=Release
-```
-
-Use `--profile:all sanitizers` if you would like to build all dependencies and libraries (boost etc.) with sanitizers. This might take long time but you won't see some false-positives on sanitizer reports since whole binary will be instrumented.
-
-To build with Thread+UndefinedBehavior Sanitizer, replace `SANITIZERS=Address` with `SANITIZERS=Thread`.
-
-# Configure CMake
-
-```bash
-cmake .. -G Ninja -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake -Dunity=ON -Dtests=ON -Dxrpld=ON
-
-# Build
-cmake --build . --parallel 4
-```
-
-## Running Tests with Sanitizers
-
-### AddressSanitizer (ASan)
-
-**IMPORTANT**: ASan with Boost produces many false positives. Use these options:
-
-```bash
-export ASAN_OPTIONS="detect_container_overflow=0 suppressions=path/to/asan.supp halt_on_error=0 log_path=asan.log"
-export UBSAN_OPTIONS="suppressions=path/to/ubsan.supp print_stacktrace=1 halt_on_error=0 log_path=ubsan.log"
-export LSAN_OPTIONS="suppressions=path/to/lsan.supp halt_on_error=0 log_path=lsan.log"
-
-# Run tests
-./rippled --unittest --unittest-jobs=5
-```
-
-**Why `detect_container_overflow=0`?**
-
-- Boost intrusive containers (used in `aged_unordered_container`) trigger false positives
-- Boost context switching (used in `Workers.cpp`) confuses ASan's stack tracking
-- Since we usually don't build boost(because we don't want to instrument boost and detect issues in boost code) with asan but use boost containers in ASAN instrumented rippled code, it generates false positives.
-- See: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow
-
-### ThreadSanitizer (TSan) + UndefinedBehaviorSanitizer (UBSan)
-
-```bash
-export TSAN_OPTIONS="suppressions=path/to/tsan.supp halt_on_error=0 log_path=tsan.log"
-
-# Run tests
-./rippled --unittest --unittest-jobs=5
-```
-
-### LeakSanitizer (LSan)
-
-LSan is automatically enabled with ASan. To disable it:
-
-```bash
-export ASAN_OPTIONS="detect_leaks=0"
-```
-
-## Suppression Files
-
-### `asan.supp`
-
-- **Purpose**: Suppress AddressSanitizer (ASan) errors only
-- **Format**: `interceptor_name:<pattern>` where pattern matches file names. Supported suppression types are:
-  - interceptor_name
-  - interceptor_via_fun
-  - interceptor_via_lib
-  - odr_violation
-- **More info**: [AddressSanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer)
-- **Note**: Cannot suppress stack-buffer-overflow, container-overflow, etc.
-
-### `lsan.supp`
-
-- **Purpose**: Suppress LeakSanitizer (LSan) errors only
-- **Format**: `leak:<pattern>` where pattern matches function/file names
-- **More info**: [LeakSanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer)
-
-### `ubsan.supp`
-
-- **Purpose**: Suppress UndefinedBehaviorSanitizer errors
-- **Format**: `<error_type>:<pattern>` (e.g., `unsigned-integer-overflow:protobuf`)
-- **Covers**: Intentional overflows in sanitizers/suppressions libraries (protobuf, gRPC, stdlib)
-
-### `tsan.supp`
-
-- **Purpose**: Suppress ThreadSanitizer data race warnings
-- **Format**: `race:<pattern>` where pattern matches function/file names
-- **More info**: [ThreadSanitizerSuppressions](https://github.com/google/sanitizers/wiki/ThreadSanitizerSuppressions)
-
-### `sanitizer-ignorelist.txt`
-
-- **Purpose**: Compile-time ignorelist for all sanitizers
-- **Usage**: Passed via `-fsanitize-ignorelist=absolute/path/to/sanitizer-ignorelist.txt`
-- **Format**: `<level>:<pattern>` (e.g., `src:Workers.cpp`)
-
-## Troubleshooting
-
-### "ASan is ignoring requested \_\_asan_handle_no_return" warnings
-
-These warnings appear when using Boost context switching and are harmless. They indicate potential false positives.
-
-### Sanitizer Mismatch Errors
-
-If you see undefined symbols like `___tsan_atomic_load` when building with ASan:
-
-**Problem**: Dependencies were built with a different sanitizer than the main project.
-
-**Solution**: Rebuild everything with the same sanitizer:
-
-```bash
-rm -rf .build
-# Then follow the build instructions above
-```
-
-Then review the log files: `asan.log.*`, `ubsan.log.*`, `tsan.log.*`
-
-## References
-
-- [AddressSanitizer Wiki](https://github.com/google/sanitizers/wiki/AddressSanitizer)
-- [AddressSanitizer Flags](https://github.com/google/sanitizers/wiki/AddressSanitizerFlags)
-- [Container Overflow Detection](https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow)
-- [UndefinedBehaviorSanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html)
-- [ThreadSanitizer](https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual)

sanitizers/suppressions/asan.supp

@@ -1,32 +0,0 @@
-# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
-#
-# ASAN_OPTIONS="detect_container_overflow=0 suppressions=sanitizers/suppressions/asan.supp halt_on_error=0"
-#
-# The detect_container_overflow=0 option disables false positives from:
-# - Boost intrusive containers (slist_iterator.hpp, hashtable.hpp, aged_unordered_container.h)
-# - Boost context/coroutine stack switching (Workers.cpp, thread.h)
-#
-# See: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow
-
-# Suprpress voilations in sanitizers/suppressions code
-interceptor_name:^sanitizers/suppressions
-
-# Boost
-interceptor_name:boost/asio
-
-# Leaks in Doctest tests: xrpl.test.*
-interceptor_name:src/libxrpl/net/HTTPClient.cpp
-interceptor_name:src/libxrpl/net/RegisterSSLCerts.cpp
-interceptor_name:src/tests/libxrpl/net/HTTPClient.cpp
-interceptor_name:xrpl/net/AutoSocket.h
-interceptor_name:xrpl/net/HTTPClient.h
-interceptor_name:xrpl/net/HTTPClientSSLContext.h
-interceptor_name:xrpl/net/RegisterSSLCerts.h
-
-# Suppress false positive stack-buffer errors in thread stack allocation
-# Related to ASan's __asan_handle_no_return warnings (github.com/google/sanitizers/issues/189)
-# These occur during multi-threaded test initialization on macOS
-interceptor_name:memcpy
-interceptor_name:__bzero
-interceptor_name:__asan_memset
-interceptor_name:__asan_memcpy

sanitizers/suppressions/lsan.supp

@@ -1,16 +0,0 @@
-# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
-
-# Suppress leaks detected by asan in rippled code.
-leak:src/libxrpl/net/HTTPClient.cpp
-leak:src/libxrpl/net/RegisterSSLCerts.cpp
-leak:src/tests/libxrpl/net/HTTPClient.cpp
-leak:xrpl/net/AutoSocket.h
-leak:xrpl/net/HTTPClient.h
-leak:xrpl/net/HTTPClientSSLContext.h
-leak:xrpl/net/RegisterSSLCerts.h
-leak:ripple::HTTPClient
-leak:ripple::HTTPClientImp
-
-# Suppress leaks detected by asan in boost code.
-leak:boost::asio
-leak:boost/asio

sanitizers/suppressions/sanitizer-ignorelist.txt

@@ -1,27 +0,0 @@
-deadlock:libxrpl/beast/utility/beast_Journal.cpp
-deadlock:libxrpl/beast/utility/beast_Journal.cpp
-deadlock:libxrpl/beast/utility/beast_PropertyStream.cpp
-deadlock:test/beast/beast_PropertyStream_test.cpp
-deadlock:xrpld/core/detail/Workers.cpp
-deadlock:xrpld/core/JobQueue.cpp
-
-race:libxrpl/beast/utility/beast_Journal.cpp
-race:libxrpl/beast/utility/beast_Journal.cpp
-race:libxrpl/beast/utility/beast_PropertyStream.cpp
-race:test/beast/beast_PropertyStream_test.cpp
-race:xrpld/core/detail/Workers.cpp
-race:xrpld/core/JobQueue.cpp
-
-signal:libxrpl/beast/utility/beast_Journal.cpp
-signal:libxrpl/beast/utility/beast_Journal.cpp
-signal:libxrpl/beast/utility/beast_PropertyStream.cpp
-signal:test/beast/beast_PropertyStream_test.cpp
-signal:xrpld/core/detail/Workers.cpp
-signal:xrpld/core/JobQueue.cpp
-
-src:beast/utility/beast_Journal.cpp
-src:beast/utility/beast_PropertyStream.cpp
-src:core/detail/Workers.cpp
-src:core/JobQueue.cpp
-src:libxrpl/beast/utility/beast_Journal.cpp
-src:test/beast/beast_PropertyStream_test.cpp

sanitizers/suppressions/tsan.supp

@@ -1,102 +0,0 @@
-# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
-
-# Suppress race in Boost ASIO scheduler detected by GCC-15
-# This is a false positive in Boost's internal pipe() synchronization
-race:boost/asio/
-race:boost/context/
-race:boost/asio/executor.hpp
-race:boost::asio
-
-# Suppress tsan related issues in rippled code.
-race:src/libxrpl/basics/make_SSLContext.cpp
-race:src/libxrpl/basics/Number.cpp
-race:src/libxrpl/json/json_value.cpp
-race:src/libxrpl/json/to_string.cpp
-race:src/libxrpl/ledger/OpenView.cpp
-race:src/libxrpl/net/HTTPClient.cpp
-race:src/libxrpl/nodestore/backend/NuDBFactory.cpp
-race:src/libxrpl/protocol/InnerObjectFormats.cpp
-race:src/libxrpl/protocol/STParsedJSON.cpp
-race:src/libxrpl/resource/ResourceManager.cpp
-race:src/test/app/Flow_test.cpp
-race:src/test/app/LedgerReplay_test.cpp
-race:src/test/app/NFToken_test.cpp
-race:src/test/app/Offer_test.cpp
-race:src/test/app/ValidatorSite_test.cpp
-race:src/test/consensus/NegativeUNL_test.cpp
-race:src/test/jtx/impl/Env.cpp
-race:src/test/jtx/impl/JSONRPCClient.cpp
-race:src/test/jtx/impl/pay.cpp
-race:src/test/jtx/impl/token.cpp
-race:src/test/rpc/Book_test.cpp
-race:src/xrpld/app/ledger/detail/InboundTransactions.cpp
-race:src/xrpld/app/main/Application.cpp
-race:src/xrpld/app/main/BasicApp.cpp
-race:src/xrpld/app/main/GRPCServer.cpp
-race:src/xrpld/app/misc/detail/AmendmentTable.cpp
-race:src/xrpld/app/misc/FeeVoteImpl.cpp
-race:src/xrpld/app/rdb/detail/Wallet.cpp
-race:src/xrpld/overlay/detail/OverlayImpl.cpp
-race:src/xrpld/peerfinder/detail/PeerfinderManager.cpp
-race:src/xrpld/peerfinder/detail/SourceStrings.cpp
-race:src/xrpld/rpc/detail/ServerHandler.cpp
-race:xrpl/server/detail/Door.h
-race:xrpl/server/detail/Spawn.h
-race:xrpl/server/detail/ServerImpl.h
-race:xrpl/nodestore/detail/DatabaseNodeImp.h
-race:src/libxrpl/beast/utility/beast_Journal.cpp
-race:src/test/beast/LexicalCast_test.cpp
-race:ripple::ServerHandler
-
-# More suppressions in external library code.
-race:crtstuff.c
-race:pipe
-
-# Deadlock / lock-order-inversion suppressions
-# Note: GCC's TSAN may not fully support all deadlock suppression patterns
-deadlock:src/libxrpl/beast/utility/beast_Journal.cpp
-deadlock:src/libxrpl/beast/utility/beast_PropertyStream.cpp
-deadlock:src/test/beast/beast_PropertyStream_test.cpp
-deadlock:src/xrpld/core/detail/Workers.cpp
-deadlock:src/xrpld/app/misc/detail/Manifest.cpp
-deadlock:src/xrpld/app/misc/detail/ValidatorList.cpp
-deadlock:src/xrpld/app/misc/detail/ValidatorSite.cpp
-
-signal:src/libxrpl/beast/utility/beast_Journal.cpp
-signal:src/xrpld/core/detail/Workers.cpp
-signal:src/xrpld/core/JobQueue.cpp
-signal:ripple::Workers::Worker
-
-# Aggressive suppressing of deadlock tsan errors
-deadlock:pthread_create
-deadlock:pthread_rwlock_rdlock
-deadlock:boost::asio
-
-# Suppress SEGV crashes in TSAN itself during stringbuf operations
-# This appears to be a GCC-15 TSAN instrumentation issue with basic_stringbuf::str()
-# Commonly triggered in beast::Journal::ScopedStream destructor
-signal:std::__cxx11::basic_stringbuf
-signal:basic_stringbuf
-signal:basic_ostringstream
-
-called_from_lib:libclang_rt
-race:ostreambuf_iterator
-race:basic_ostream
-
-# Suppress SEGV in Boost ASIO memory allocation with GCC-15 TSAN
-signal:boost::asio::aligned_new
-signal:boost::asio::detail::memory
-
-# Suppress SEGV in execute_native_thread_routine
-signal:execute_native_thread_routine
-
-# Suppress data race in Boost Context fiber management
-# This is a false positive in Boost's exception state management during fiber context switching
-race:__cxxabiv1::manage_exception_state
-race:boost::context::fiber::resume
-race:boost::asio::detail::spawned_fiber_thread
-race:boost::asio::detail::spawned_fiber_thread::suspend_with
-race:boost::asio::detail::spawned_fiber_thread::destroy
-
-# Suppress data race in __tsan_memcpy called from Boost fiber operations
-race:__tsan_memcpy

sanitizers/suppressions/ubsan.supp

@@ -1,234 +0,0 @@
-# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
-
-# Suppress UBSan errors in external code by source file path
-# This matches any source file under the external/ directory
-alignment:external
-bool:external
-bounds:external
-cfi:external
-enum:external
-float-cast-overflow:external
-float-divide-by-zero:external
-function:external
-implicit-integer-sign-change:external
-implicit-signed-integer-truncation::external
-implicit-signed-integer-truncation:external
-implicit-unsigned-integer-truncation:external
-integer-divide-by-zero:external
-invalid-builtin-use:external
-invalid-objc-cast:external
-nonnull-attribute:external
-null:external
-nullability-arg:external
-nullability-assign:external
-nullability-return:external
-object-size:external
-pointer-overflow:external
-return:external
-returns-nonnull-attribute:external
-shift-base:external
-shift-exponent:external
-signed-integer-overflow:external
-undefined:external
-unreachable:external
-unsigned-integer-overflow:external
-vla-bound:external
-vptr_check:external
-vptr:external
-
-# Suppress all UBSan errors in Boost libraries
-# This matches any files containing "boost" in its path or name
-alignment:boost
-bool:boost
-bounds:boost
-cfi:boost
-enum:boost
-float-cast-overflow:boost
-float-divide-by-zero:boost
-function:boost
-implicit-integer-sign-change:boost
-implicit-signed-integer-truncation:boost
-implicit-unsigned-integer-truncation:boost
-integer-divide-by-zero:boost
-invalid-builtin-use:boost
-invalid-objc-cast:boost
-nonnull-attribute:boost
-null:boost
-nullability-arg:boost
-nullability-assign:boost
-nullability-return:boost
-object-size:boost
-pointer-overflow:boost
-return:boost
-returns-nonnull-attribute:boost
-shift-base:boost
-shift-exponent:boost
-signed-integer-overflow:boost
-undefined:boost
-unreachable:boost
-unsigned-integer-overflow:boost
-vla-bound:boost
-vptr_check:boost
-vptr:boost
-
-# Google protobuf
-undefined:protobuf
-
-# Suppress UBSan errors in rippled code by source file path
-undefined:src/libxrpl/basics/base64.cpp
-undefined:src/libxrpl/basics/Number.cpp
-undefined:src/libxrpl/beast/utility/beast_Journal.cpp
-undefined:src/libxrpl/crypto/RFC1751.cpp
-undefined:src/libxrpl/ledger/ApplyView.cpp
-undefined:src/libxrpl/ledger/View.cpp
-undefined:src/libxrpl/protocol/Permissions.cpp
-undefined:src/libxrpl/protocol/STAmount.cpp
-undefined:src/libxrpl/protocol/STPathSet.cpp
-undefined:src/libxrpl/protocol/tokens.cpp
-undefined:src/libxrpl/shamap/SHAMap.cpp
-undefined:src/test/app/Batch_test.cpp
-undefined:src/test/app/Invariants_test.cpp
-undefined:src/test/app/NFToken_test.cpp
-undefined:src/test/app/Offer_test.cpp
-undefined:src/test/app/Path_test.cpp
-undefined:src/test/basics/XRPAmount_test.cpp
-undefined:src/test/beast/LexicalCast_test.cpp
-undefined:src/test/jtx/impl/acctdelete.cpp
-undefined:src/test/ledger/SkipList_test.cpp
-undefined:src/test/rpc/Subscribe_test.cpp
-undefined:src/tests/libxrpl/basics/RangeSet.cpp
-undefined:src/xrpld/app/main/BasicApp.cpp
-undefined:src/xrpld/app/main/BasicApp.cpp
-undefined:src/xrpld/app/misc/detail/AmendmentTable.cpp
-undefined:src/xrpld/app/misc/NetworkOPs.cpp
-undefined:src/libxrpl/json/json_value.cpp
-undefined:src/xrpld/app/paths/detail/StrandFlow.h
-undefined:src/xrpld/app/tx/detail/NFTokenMint.cpp
-undefined:src/xrpld/app/tx/detail/SetOracle.cpp
-undefined:src/xrpld/core/detail/JobQueue.cpp
-undefined:src/xrpld/core/detail/Workers.cpp
-undefined:src/xrpld/rpc/detail/Role.cpp
-undefined:src/xrpld/rpc/handlers/GetAggregatePrice.cpp
-undefined:xrpl/basics/base_uint.h
-undefined:xrpl/basics/DecayingSample.h
-undefined:xrpl/beast/test/yield_to.h
-undefined:xrpl/beast/xor_shift_engine.h
-undefined:xrpl/nodestore/detail/varint.h
-undefined:xrpl/peerfinder/detail/Counts.h
-undefined:xrpl/protocol/nft.h
-
-# basic_string.h:483:51: runtime error: unsigned integer overflow
-unsigned-integer-overflow:basic_string.h
-unsigned-integer-overflow:bits/chrono.h
-unsigned-integer-overflow:bits/random.h
-unsigned-integer-overflow:bits/random.tcc
-unsigned-integer-overflow:bits/stl_algobase.h
-unsigned-integer-overflow:bits/uniform_int_dist.h
-unsigned-integer-overflow:string_view
-
-# runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'std::size_t' (aka 'unsigned long')
-unsigned-integer-overflow:src/libxrpl/basics/base64.cpp
-unsigned-integer-overflow:src/libxrpl/basics/Number.cpp
-unsigned-integer-overflow:src/libxrpl/crypto/RFC1751.cpp
-unsigned-integer-overflow:rc/libxrpl/json/json_value.cpp
-unsigned-integer-overflow:src/libxrpl/ledger/ApplyView.cpp
-unsigned-integer-overflow:src/libxrpl/ledger/View.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/Permissions.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/STAmount.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/STPathSet.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/tokens.cpp
-unsigned-integer-overflow:src/libxrpl/shamap/SHAMap.cpp
-unsigned-integer-overflow:src/test/app/Batch_test.cpp
-unsigned-integer-overflow:src/test/app/Invariants_test.cpp
-unsigned-integer-overflow:src/test/app/NFToken_test.cpp
-unsigned-integer-overflow:src/test/app/Offer_test.cpp
-unsigned-integer-overflow:src/test/app/Path_test.cpp
-unsigned-integer-overflow:src/test/basics/XRPAmount_test.cpp
-unsigned-integer-overflow:src/test/beast/LexicalCast_test.cpp
-unsigned-integer-overflow:src/test/jtx/impl/acctdelete.cpp
-unsigned-integer-overflow:src/test/ledger/SkipList_test.cpp
-unsigned-integer-overflow:src/test/rpc/Subscribe_test.cpp
-unsigned-integer-overflow:src/tests/libxrpl/basics/RangeSet.cpp
-unsigned-integer-overflow:src/xrpld/app/main/BasicApp.cpp
-unsigned-integer-overflow:src/xrpld/app/misc/detail/AmendmentTable.cpp
-unsigned-integer-overflow:src/xrpld/app/misc/NetworkOPs.cpp
-unsigned-integer-overflow:src/xrpld/app/paths/detail/StrandFlow.h
-unsigned-integer-overflow:src/xrpld/app/tx/detail/NFTokenMint.cpp
-unsigned-integer-overflow:src/xrpld/app/tx/detail/SetOracle.cpp
-unsigned-integer-overflow:src/xrpld/rpc/detail/Role.cpp
-unsigned-integer-overflow:src/xrpld/rpc/handlers/GetAggregatePrice.cpp
-unsigned-integer-overflow:xrpl/basics/base_uint.h
-unsigned-integer-overflow:xrpl/basics/DecayingSample.h
-unsigned-integer-overflow:xrpl/beast/test/yield_to.h
-unsigned-integer-overflow:xrpl/beast/xor_shift_engine.h
-unsigned-integer-overflow:xrpl/nodestore/detail/varint.h
-unsigned-integer-overflow:xrpl/peerfinder/detail/Counts.h
-unsigned-integer-overflow:xrpl/protocol/nft.h
-
-# Rippled intentional overflows and operations
-# STAmount uses intentional negation of INT64_MIN and overflow in arithmetic
-signed-integer-overflow:src/libxrpl/protocol/STAmount.cpp
-unsigned-integer-overflow:src/libxrpl/protocol/STAmount.cpp
-
-# XRPAmount test intentional overflows
-signed-integer-overflow:src/test/basics/XRPAmount_test.cpp
-
-# Peerfinder intentional overflow in counter arithmetic
-unsigned-integer-overflow:src/xrpld/peerfinder/detail/Counts.h
-
-# Signed integer overflow suppressions
-signed-integer-overflow:src/test/beast/LexicalCast_test.cpp
-
-# External library suppressions
-unsigned-integer-overflow:nudb/detail/xxhash.hpp
-
-# Protobuf intentional overflows in hash functions
-# Protobuf uses intentional unsigned overflow for hash computation (stringpiece.h:393)
-unsigned-integer-overflow:google/protobuf/stubs/stringpiece.h
-
-# gRPC intentional overflows
-# gRPC uses intentional overflow in timer calculations
-unsigned-integer-overflow:grpc
-unsigned-integer-overflow:timer_manager.cc
-
-# Standard library intentional overflows
-# These are intentional overflows in random number generation and character conversion
-unsigned-integer-overflow:__random/seed_seq.h
-unsigned-integer-overflow:__charconv/traits.h
-
-
-# Suppress errors in RocksDB
-# RocksDB uses intentional unsigned integer overflows in hash functions and CRC calculations
-unsigned-integer-overflow:rocks*/b/src/util/xxhash.h
-unsigned-integer-overflow:rocks*/b/src/util/xxph3.h
-unsigned-integer-overflow:rocks*/b/src/util/hash.cc
-unsigned-integer-overflow:rocks*/b/src/util/crc32c.cc
-unsigned-integer-overflow:rocks*/b/src/util/crc32c.h
-unsigned-integer-overflow:rocks*/b/src/include/rocksdb/utilities/options_type.h
-unsigned-integer-overflow:rocks*/b/src/table/format.h
-unsigned-integer-overflow:rocks*/b/src/table/format.cc
-unsigned-integer-overflow:rocks*/b/src/table/block_based/block_based_table_builder.cc
-unsigned-integer-overflow:rocks*/b/src/table/block_based/reader_common.cc
-unsigned-integer-overflow:rocks*/b/src/db/version_set.cc
-
-# RocksDB misaligned loads (intentional for performance on ARM64)
-alignment:rocks*/b/src/util/crc32c_arm64.cc
-
-# nudb intentional overflows in hash functions
-unsigned-integer-overflow:nudb/detail/xxhash.hpp
-alignment:nudb/detail/xxhash.hpp
-
-# Snappy compression library intentional overflows
-unsigned-integer-overflow:snapp*/b/src/snappy.cc
-
-# Abseil intentional overflows
-unsigned-integer-overflow:abse*/b/src/absl/strings/numbers.cc
-unsigned-integer-overflow:abse*/b/src/absl/strings/internal/cord_rep_flat.h
-
-# Standard library intentional overflows in chrono duration arithmetic
-unsigned-integer-overflow:__chrono/duration.h
-
-# Suppress undefined errors in RocksDB and nudb
-undefined:rocks.*/b/src/util/crc32c_arm64.cc
-undefined:rocks.*/b/src/util/xxhash.h
-undefined:nudb

src/test/app/LedgerMaster_test.cpp

@@ -2,6 +2,7 @@
 #include <test/jtx/Env.h>
 
 #include <xrpld/app/ledger/LedgerMaster.h>
+#include <xrpld/app/misc/SHAMapStore.h>
 
 namespace ripple {
 namespace test {
@@ -100,6 +101,88 @@ class LedgerMaster_test : public beast::unit_test::suite
         }
     }
 
+    void
+    testCompleteLedgerRange(FeatureBitset features)
+    {
+        // Note that this test is intentionally very similar to
+        // SHAMapStore_test::testLedgerGaps, but has a different
+        // focus.
+
+        testcase("Complete Ledger operations");
+
+        using namespace test::jtx;
+
+        auto const deleteInterval = 8;
+
+        Env env{*this, envconfig([](auto cfg) {
+                    return online_delete(std::move(cfg), deleteInterval);
+                })};
+
+        auto const alice = Account("alice");
+        env.fund(XRP(1000), alice);
+        env.close();
+
+        auto& lm = env.app().getLedgerMaster();
+        LedgerIndex minSeq = 2;
+        LedgerIndex maxSeq = env.closed()->info().seq;
+        auto& store = env.app().getSHAMapStore();
+        store.rendezvous();
+        LedgerIndex lastRotated = store.getLastRotated();
+        BEAST_EXPECTS(maxSeq == 3, to_string(maxSeq));
+        BEAST_EXPECTS(
+            lm.getCompleteLedgers() == "2-3", lm.getCompleteLedgers());
+        BEAST_EXPECTS(lastRotated == 3, to_string(lastRotated));
+        BEAST_EXPECT(lm.missingFromCompleteLedgerRange(minSeq, maxSeq) == 0);
+        BEAST_EXPECT(
+            lm.missingFromCompleteLedgerRange(minSeq + 1, maxSeq - 1) == 0);
+        BEAST_EXPECT(
+            lm.missingFromCompleteLedgerRange(minSeq - 1, maxSeq + 1) == 2);
+        BEAST_EXPECT(
+            lm.missingFromCompleteLedgerRange(minSeq - 2, maxSeq - 2) == 2);
+        BEAST_EXPECT(
+            lm.missingFromCompleteLedgerRange(minSeq + 2, maxSeq + 2) == 2);
+
+        // Close enough ledgers to rotate a few times
+        for (int i = 0; i < 24; ++i)
+        {
+            for (int t = 0; t < 3; ++t)
+            {
+                env(noop(alice));
+            }
+            env.close();
+            store.rendezvous();
+
+            ++maxSeq;
+
+            if (maxSeq == lastRotated + deleteInterval)
+            {
+                minSeq = lastRotated;
+                lastRotated = maxSeq;
+            }
+            BEAST_EXPECTS(
+                env.closed()->info().seq == maxSeq,
+                to_string(env.closed()->info().seq));
+            BEAST_EXPECTS(
+                store.getLastRotated() == lastRotated,
+                to_string(store.getLastRotated()));
+            std::stringstream expectedRange;
+            expectedRange << minSeq << "-" << maxSeq;
+            BEAST_EXPECTS(
+                lm.getCompleteLedgers() == expectedRange.str(),
+                lm.getCompleteLedgers());
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq, maxSeq) == 0);
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq + 1, maxSeq - 1) == 0);
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq - 1, maxSeq + 1) == 2);
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq - 2, maxSeq - 2) == 2);
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq + 2, maxSeq + 2) == 2);
+        }
+    }
+
 public:
     void
     run() override
@@ -113,6 +196,7 @@ public:
     testWithFeats(FeatureBitset features)
     {
         testTxnIdFromIndex(features);
+        testCompleteLedgerRange(features);
     }
 };
 

src/test/app/SHAMapStore_test.cpp

@@ -1,6 +1,7 @@
 #include <test/jtx.h>
 #include <test/jtx/envconfig.h>
 
+#include <xrpld/app/ledger/LedgerMaster.h>
 #include <xrpld/app/main/Application.h>
 #include <xrpld/app/main/NodeStoreScheduler.h>
 #include <xrpld/app/misc/SHAMapStore.h>
@@ -10,6 +11,8 @@
 #include <xrpl/nodestore/detail/DatabaseRotatingImp.h>
 #include <xrpl/protocol/jss.h>
 
+#include <thread>
+
 namespace ripple {
 namespace test {
 
@@ -20,10 +23,8 @@ class SHAMapStore_test : public beast::unit_test::suite
     static auto
     onlineDelete(std::unique_ptr<Config> cfg)
     {
-        cfg->LEDGER_HISTORY = deleteInterval;
-        auto& section = cfg->section(ConfigSection::nodeDatabase());
-        section.set("online_delete", std::to_string(deleteInterval));
-        return cfg;
+        using namespace jtx;
+        return online_delete(std::move(cfg), deleteInterval);
     }
 
     static auto
@@ -626,6 +627,184 @@ public:
         BEAST_EXPECT(dbr->getName() == "3");
     }
 
+    void
+    testLedgerGaps()
+    {
+        // Note that this test is intentionally very similar to
+        // LedgerMaster_test::testCompleteLedgerRange, but has a different
+        // focus.
+
+        testcase("Wait for ledger gaps to fill in");
+
+        using namespace test::jtx;
+
+        Env env{*this, envconfig(onlineDelete)};
+
+        std::map<LedgerIndex, uint256> hashes;
+
+        auto failureMessage = [&](char const* label,
+                                  auto expected,
+                                  auto actual) {
+            std::stringstream ss;
+            ss << label << ": Expected: " << expected << ", Got: " << actual;
+            return ss.str();
+        };
+
+        auto const alice = Account("alice");
+        env.fund(XRP(1000), alice);
+        env.close();
+
+        auto& lm = env.app().getLedgerMaster();
+        LedgerIndex minSeq = 2;
+        LedgerIndex maxSeq = env.closed()->info().seq;
+        auto& store = env.app().getSHAMapStore();
+        store.rendezvous();
+        LedgerIndex lastRotated = store.getLastRotated();
+        BEAST_EXPECTS(maxSeq == 3, to_string(maxSeq));
+        BEAST_EXPECTS(
+            lm.getCompleteLedgers() == "2-3", lm.getCompleteLedgers());
+        BEAST_EXPECTS(lastRotated == 3, to_string(lastRotated));
+        BEAST_EXPECT(lm.missingFromCompleteLedgerRange(minSeq, maxSeq) == 0);
+        BEAST_EXPECT(
+            lm.missingFromCompleteLedgerRange(minSeq + 1, maxSeq - 1) == 0);
+        BEAST_EXPECT(
+            lm.missingFromCompleteLedgerRange(minSeq - 1, maxSeq + 1) == 2);
+        BEAST_EXPECT(
+            lm.missingFromCompleteLedgerRange(minSeq - 2, maxSeq - 2) == 2);
+        BEAST_EXPECT(
+            lm.missingFromCompleteLedgerRange(minSeq + 2, maxSeq + 2) == 2);
+
+        // Close enough ledgers to rotate a few times
+        while (maxSeq < 20)
+        {
+            for (int t = 0; t < 3; ++t)
+            {
+                env(noop(alice));
+            }
+            env.close();
+            store.rendezvous();
+
+            ++maxSeq;
+
+            if (maxSeq + 1 == lastRotated + deleteInterval)
+            {
+                using namespace std::chrono_literals;
+
+                // The next ledger will trigger a rotation. Delete the
+                // current ledger from LedgerMaster.
+                std::this_thread::sleep_for(100ms);
+                LedgerIndex const deleteSeq = maxSeq;
+                while (!lm.haveLedger(deleteSeq))
+                {
+                    std::this_thread::sleep_for(100ms);
+                }
+                lm.clearLedger(deleteSeq);
+
+                auto expectedRange =
+                    [](auto minSeq, auto deleteSeq, auto maxSeq) {
+                        std::stringstream expectedRange;
+                        expectedRange << minSeq << "-" << (deleteSeq - 1);
+                        if (deleteSeq + 1 == maxSeq)
+                            expectedRange << "," << maxSeq;
+                        else if (deleteSeq < maxSeq)
+                            expectedRange << "," << (deleteSeq + 1) << "-"
+                                          << maxSeq;
+                        return expectedRange.str();
+                    };
+                BEAST_EXPECTS(
+                    lm.getCompleteLedgers() ==
+                        expectedRange(minSeq, deleteSeq, maxSeq),
+                    failureMessage(
+                        "Complete ledgers",
+                        expectedRange(minSeq, deleteSeq, maxSeq),
+                        lm.getCompleteLedgers()));
+                BEAST_EXPECT(
+                    lm.missingFromCompleteLedgerRange(minSeq, maxSeq) == 1);
+
+                // Close another ledger, which will trigger a rotation, but the
+                // rotation will be stuck until the missing ledger is filled in.
+                env.close();
+                // DO NOT CALL rendezvous()! You'll end up with a deadlock.
+                ++maxSeq;
+
+                // Nothing has changed
+                BEAST_EXPECTS(
+                    store.getLastRotated() == lastRotated,
+                    failureMessage(
+                        "lastRotated", lastRotated, store.getLastRotated()));
+                BEAST_EXPECTS(
+                    lm.getCompleteLedgers() ==
+                        expectedRange(minSeq, deleteSeq, maxSeq),
+                    failureMessage(
+                        "Complete ledgers",
+                        expectedRange(minSeq, deleteSeq, maxSeq),
+                        lm.getCompleteLedgers()));
+
+                // Close 5 more ledgers, waiting one second in between to
+                // simulate the ledger making progress while online delete waits
+                // for the missing ledger to be filled in.
+                // This ensures the healthWait check has time to run and
+                // detect the gap.
+                for (int l = 0; l < 5; ++l)
+                {
+                    env.close();
+                    // DO NOT CALL rendezvous()! You'll end up with a deadlock.
+                    ++maxSeq;
+                    // Nothing has changed
+                    BEAST_EXPECTS(
+                        store.getLastRotated() == lastRotated,
+                        failureMessage(
+                            "lastRotated",
+                            lastRotated,
+                            store.getLastRotated()));
+                    BEAST_EXPECTS(
+                        lm.getCompleteLedgers() ==
+                            expectedRange(minSeq, deleteSeq, maxSeq),
+                        failureMessage(
+                            "Complete Ledgers",
+                            expectedRange(minSeq, deleteSeq, maxSeq),
+                            lm.getCompleteLedgers()));
+                    std::this_thread::sleep_for(1s);
+                }
+
+                // Put the missing ledger back in LedgerMaster
+                lm.setLedgerRangePresent(deleteSeq, deleteSeq);
+
+                // Wait for the rotation to finish
+                store.rendezvous();
+
+                minSeq = lastRotated;
+                lastRotated = deleteSeq + 1;
+            }
+            BEAST_EXPECT(maxSeq != lastRotated + deleteInterval);
+            BEAST_EXPECTS(
+                env.closed()->info().seq == maxSeq,
+                failureMessage("maxSeq", maxSeq, env.closed()->info().seq));
+            BEAST_EXPECTS(
+                store.getLastRotated() == lastRotated,
+                failureMessage(
+                    "lastRotated", lastRotated, store.getLastRotated()));
+            std::stringstream expectedRange;
+            expectedRange << minSeq << "-" << maxSeq;
+            BEAST_EXPECTS(
+                lm.getCompleteLedgers() == expectedRange.str(),
+                failureMessage(
+                    "CompleteLedgers",
+                    expectedRange.str(),
+                    lm.getCompleteLedgers()));
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq, maxSeq) == 0);
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq + 1, maxSeq - 1) == 0);
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq - 1, maxSeq + 1) == 2);
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq - 2, maxSeq - 2) == 2);
+            BEAST_EXPECT(
+                lm.missingFromCompleteLedgerRange(minSeq + 2, maxSeq + 2) == 2);
+        }
+    }
+
     void
     run() override
     {
@@ -633,6 +812,7 @@ public:
         testAutomatic();
         testCanDelete();
         testRotate();
+        testLedgerGaps();
     }
 };
 

src/test/jtx/envconfig.h

@@ -58,6 +58,17 @@ envconfig(F&& modfunc, Args&&... args)
     return modfunc(envconfig(), std::forward<Args>(args)...);
 }
 
+/// @brief adjust config to enable online_delete
+///
+/// @param cfg config instance to be modified
+///
+/// @param deleteInterval how many new ledgers should be available before
+/// rotating. Defaults to 8, because the standalone minimum is 8.
+///
+/// @return unique_ptr to Config instance
+std::unique_ptr<Config>
+online_delete(std::unique_ptr<Config> cfg, std::uint32_t deleteInterval = 8);
+
 /// @brief adjust config so no admin ports are enabled
 ///
 /// this is intended for use with envconfig, as in

src/test/jtx/impl/envconfig.cpp

@@ -53,6 +53,15 @@ setupConfigForUnitTests(Config& cfg)
 
 namespace jtx {
 
+std::unique_ptr<Config>
+online_delete(std::unique_ptr<Config> cfg, std::uint32_t deleteInterval)
+{
+    cfg->LEDGER_HISTORY = deleteInterval;
+    auto& section = cfg->section(ConfigSection::nodeDatabase());
+    section.set("online_delete", std::to_string(deleteInterval));
+    return cfg;
+}
+
 std::unique_ptr<Config>
 no_admin(std::unique_ptr<Config> cfg)
 {

src/xrpld/app/ledger/LedgerMaster.h

@@ -108,7 +108,10 @@ public:
     failedSave(std::uint32_t seq, uint256 const& hash);
 
     std::string
-    getCompleteLedgers();
+    getCompleteLedgers() const;
+
+    std::size_t
+    missingFromCompleteLedgerRange(LedgerIndex first, LedgerIndex last) const;
 
     /** Apply held transactions to the open ledger
         This is normally called as we close the ledger.
@@ -325,7 +328,7 @@ private:
     // A set of transactions to replay during the next close
     std::unique_ptr<LedgerReplay> replayData;
 
-    std::recursive_mutex mCompleteLock;
+    std::recursive_mutex mutable mCompleteLock;
     RangeSet<std::uint32_t> mCompleteLedgers;
 
     // Publish thread is running.

src/xrpld/app/ledger/detail/LedgerMaster.cpp

@@ -1571,12 +1571,36 @@ LedgerMaster::getPublishedLedger()
 }
 
 std::string
-LedgerMaster::getCompleteLedgers()
+LedgerMaster::getCompleteLedgers() const
 {
     std::lock_guard sl(mCompleteLock);
     return to_string(mCompleteLedgers);
 }
 
+std::size_t
+LedgerMaster::missingFromCompleteLedgerRange(
+    LedgerIndex first,
+    LedgerIndex last) const
+{
+    // Make a copy of the range to avoid holding the lock
+    auto const range = [&] {
+        std::lock_guard sl(mCompleteLock);
+        return mCompleteLedgers;
+    }();
+
+    std::size_t missing = 0;
+
+    for (LedgerIndex idx = first; idx <= last; ++idx)
+    {
+        if (!boost::icl::contains(range, idx))
+        {
+            ++missing;
+        }
+    }
+
+    return missing;
+}
+
 std::optional<NetClock::time_point>
 LedgerMaster::getCloseTimeBySeq(LedgerIndex ledgerIndex)
 {

src/xrpld/app/misc/SHAMapStoreImp.cpp

@@ -289,6 +289,18 @@ SHAMapStoreImp::run()
             validatedSeq >= lastRotated + deleteInterval_ &&
             canDelete_ >= lastRotated - 1 && healthWait() == keepGoing;
 
+        JLOG(journal_.debug())
+            << "run: Setting lastGoodValidatedLedger_ to " << validatedSeq;
+
+        {
+            // Note that this is set after the healthWait() check, so that we
+            // don't start the rotation until the validated ledger is fully
+            // processed. It is not guaranteed to be done at this point. It also
+            // allows the testLedgerGaps unit test to work.
+            std::unique_lock<std::mutex> lock(mutex_);
+            lastGoodValidatedLedger_ = validatedSeq;
+        }
+
         // will delete up to (not including) lastRotated
         if (readyToRotate)
         {
@@ -297,7 +309,9 @@ SHAMapStoreImp::run()
                 << lastRotated << " deleteInterval " << deleteInterval_
                 << " canDelete_ " << canDelete_ << " state "
                 << app_.getOPs().strOperatingMode(false) << " age "
-                << ledgerMaster_->getValidatedLedgerAge().count() << 's';
+                << ledgerMaster_->getValidatedLedgerAge().count()
+                << "s. Complete ledgers: "
+                << ledgerMaster_->getCompleteLedgers();
 
             clearPrior(lastRotated);
             if (healthWait() == stopping)
@@ -360,7 +374,10 @@ SHAMapStoreImp::run()
                     clearCaches(validatedSeq);
                 });
 
-            JLOG(journal_.warn()) << "finished rotation " << validatedSeq;
+            JLOG(journal_.warn())
+                << "finished rotation. validatedSeq: " << validatedSeq
+                << ", lastRotated: " << lastRotated << ". Complete ledgers: "
+                << ledgerMaster_->getCompleteLedgers();
         }
     }
 }
@@ -615,22 +632,47 @@ SHAMapStoreImp::clearPrior(LedgerIndex lastRotated)
 SHAMapStoreImp::HealthResult
 SHAMapStoreImp::healthWait()
 {
+    auto index = ledgerMaster_->getValidLedgerIndex();
     auto age = ledgerMaster_->getValidatedLedgerAge();
     OperatingMode mode = netOPs_->getOperatingMode();
     std::unique_lock lock(mutex_);
-    while (!stop_ && (mode != OperatingMode::FULL || age > ageThreshold_))
+
+    auto numMissing = ledgerMaster_->missingFromCompleteLedgerRange(
+        lastGoodValidatedLedger_, index);
+    while (
+        !stop_ &&
+        (mode != OperatingMode::FULL || age > ageThreshold_ || numMissing > 0))
     {
+        // this value shouldn't change, so grab it while we have the
+        // lock
+        auto const lastGood = lastGoodValidatedLedger_;
+
         lock.unlock();
-        JLOG(journal_.warn()) << "Waiting " << recoveryWaitTime_.count()
-                              << "s for node to stabilize. state: "
-                              << app_.getOPs().strOperatingMode(mode, false)
-                              << ". age " << age.count() << 's';
+
+        auto const stream = mode != OperatingMode::FULL || age > ageThreshold_
+            ? journal_.warn()
+            : journal_.info();
+        JLOG(stream) << "Waiting " << recoveryWaitTime_.count()
+                     << "s for node to stabilize. state: "
+                     << app_.getOPs().strOperatingMode(mode, false) << ". age "
+                     << age.count() << "s. Missing ledgers: " << numMissing
+                     << ". Expect: " << lastGood << "-" << index
+                     << ". Complete ledgers: "
+                     << ledgerMaster_->getCompleteLedgers();
         std::this_thread::sleep_for(recoveryWaitTime_);
+        index = ledgerMaster_->getValidLedgerIndex();
         age = ledgerMaster_->getValidatedLedgerAge();
         mode = netOPs_->getOperatingMode();
+        numMissing =
+            ledgerMaster_->missingFromCompleteLedgerRange(lastGood, index);
+
         lock.lock();
     }
 
+    JLOG(journal_.debug()) << "healthWait: Setting lastGoodValidatedLedger_ to "
+                           << index;
+    lastGoodValidatedLedger_ = index;
+
     return stop_ ? stopping : keepGoing;
 }
 

src/xrpld/app/misc/SHAMapStoreImp.h

@@ -71,6 +71,11 @@ private:
     std::thread thread_;
     bool stop_ = false;
     bool healthy_ = true;
+    // Used to prevent ledger gaps from forming during online deletion. Keeps
+    // track of the last validated ledger that was processed without gaps. There
+    // are no guarantees about gaps while online delete is not running. For
+    // that, use advisory_delete and check for gaps externally.
+    LedgerIndex lastGoodValidatedLedger_ = 0;
     mutable std::condition_variable cond_;
     mutable std::condition_variable rendezvous_;
     mutable std::mutex mutex_;
@@ -84,11 +89,11 @@ private:
     std::uint32_t deleteBatch_ = 100;
     std::chrono::milliseconds backOff_{100};
     std::chrono::seconds ageThreshold_{60};
-    /// If  the node is out of sync during an online_delete healthWait()
-    /// call, sleep the thread for this time, and continue checking until
-    /// recovery.
+    /// If  the node is out of sync, or any recent ledgers are not
+    /// available during an online_delete healthWait() call, sleep
+    /// the thread for this time, and continue checking until recovery.
     /// See also: "recovery_wait_seconds" in rippled-example.cfg
-    std::chrono::seconds recoveryWaitTime_{5};
+    std::chrono::seconds recoveryWaitTime_{1};
 
     // these do not exist upon SHAMapStore creation, but do exist
     // as of run() or before
@@ -212,6 +217,8 @@ private:
     enum HealthResult { stopping, keepGoing };
     [[nodiscard]] HealthResult
     healthWait();
+    bool
+    hasCompleteRange(LedgerIndex first, LedgerIndex last);
 
 public:
     void