What
All 7 ecosystem projects currently run ASan, TSan, and UBSan sanitizer jobs in CI with continue-on-error: true (labeled "Phase 0"). This means sanitizer failures are collected but do not block merges. Multiple project READMEs claim "zero sanitizer issues" and "ThreadSanitizer clean" but these claims are not enforced by CI.
Current state across ecosystem:
| Project |
ASan |
TSan |
UBSan |
Blocking? |
| common_system |
ctest || true |
ctest || true |
ctest || true |
No |
| thread_system |
continue-on-error: true |
continue-on-error: true |
continue-on-error: true |
No |
| logger_system |
continue-on-error: true |
continue-on-error: true |
continue-on-error: true |
No |
| container_system |
continue-on-error: true |
continue-on-error: true |
continue-on-error: true |
No |
| monitoring_system |
continue-on-error: true |
continue-on-error: true |
continue-on-error: true |
No |
| database_system |
continue-on-error: true |
continue-on-error: true |
continue-on-error: true |
No |
| network_system |
continue-on-error: true |
continue-on-error: true |
continue-on-error: true |
No |
Why
- False confidence: README claims of "zero issues" without CI enforcement create a misleading quality signal
- Regression risk: New code can introduce data races, UB, or memory errors without any CI gate
- Production safety: These are C++ libraries handling threading, networking, and database operations — sanitizer clean builds are essential
- Ecosystem credibility: Users evaluating these libraries for production use will check CI enforcement
Where
- Each project's
.github/workflows/ci.yml or .github/workflows/sanitizers.yml
- Specific lines vary per project but all use
continue-on-error: true or || true
How
Phase 1 (this issue): Make sanitizers blocking for new regressions
- Remove
continue-on-error: true from sanitizer jobs in all 7 projects
- Replace
ctest ... || true with ctest ... (allow failures to propagate)
- Add suppression files for any known pre-existing issues that cannot be fixed immediately
- Document known suppressions in each project's
docs/KNOWN_ISSUES.md
Phase 2 (follow-up): Eliminate all suppressions
- Address each suppressed issue and remove suppressions one by one
- Target: zero sanitizer suppressions across all projects
Recommended rollout order (by dependency tier):
common_system (Tier 0 — foundation, fewest suppressions expected)
thread_system, container_system (Tier 1)
logger_system (Tier 2)
monitoring_system, database_system (Tier 3)
network_system (Tier 4 — most complex, likely most suppressions)
Acceptance Criteria
What
All 7 ecosystem projects currently run ASan, TSan, and UBSan sanitizer jobs in CI with
continue-on-error: true(labeled "Phase 0"). This means sanitizer failures are collected but do not block merges. Multiple project READMEs claim "zero sanitizer issues" and "ThreadSanitizer clean" but these claims are not enforced by CI.Current state across ecosystem:
ctest || truectest || truectest || truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: truecontinue-on-error: trueWhy
Where
.github/workflows/ci.ymlor.github/workflows/sanitizers.ymlcontinue-on-error: trueor|| trueHow
Phase 1 (this issue): Make sanitizers blocking for new regressions
continue-on-error: truefrom sanitizer jobs in all 7 projectsctest ... || truewithctest ...(allow failures to propagate)docs/KNOWN_ISSUES.mdPhase 2 (follow-up): Eliminate all suppressions
Recommended rollout order (by dependency tier):
common_system(Tier 0 — foundation, fewest suppressions expected)thread_system,container_system(Tier 1)logger_system(Tier 2)monitoring_system,database_system(Tier 3)network_system(Tier 4 — most complex, likely most suppressions)Acceptance Criteria
continue-on-error: trueor|| trueon sanitizer-related CI stepscommon_systemandcontainer_systemrun clean (zero suppressions)