TASK-032: validation fixes — housekeeping (status Done, unworked findings recorded)

etr · claude · etr · commit 5aa69d68ef98 · 2026-05-12T00:03:25.000+02:00
Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/specs/architecture/11-decisions/DR-008.md b/specs/architecture/11-decisions/DR-008.md
@@ -19,4 +19,9 @@
 - `http_request` is single-threaded per request.
 - `http_response` is exclusively owned (value type).
 
+**Verification (TASK-032):**
+- `test/integ/threadsafety_stress.cpp` — stress test binary `threadsafety_stress` runs 16 concurrent curl clients for 60 seconds (override via `HTTPSERVER_STRESS_SECONDS=N`), each request randomly invoking `register_path`, `unregister_path`, `block_ip`, and `unblock_ip` against the running `webserver` from inside a handler thread. A duplicate-registration from a handler throws `std::invalid_argument` rather than causing a data race.
+- CI coverage: the `build-type: tsan` matrix entry in `.github/workflows/verify-build.yml` compiles with `-fsanitize=thread` and runs `make check`, which automatically picks up `threadsafety_stress` as a registered `check_PROGRAMS` entry — no separate workflow wiring is needed.
+- Opt-in negative test `stop_from_handler_deadlocks_as_documented` (enabled via `HTTPSERVER_RUN_STOP_FROM_HANDLER=1`) forks a child process that calls `stop()` from inside a handler. A non-zero child exit (libmicrohttpd self-join abort, exit code 42) or a 5-second parent timeout (exit code 43) both count as positive observation of the documented deadlock contract. These exit codes serve as regression sentinels.
+
 ---
diff --git a/specs/tasks/_index.md b/specs/tasks/_index.md
@@ -114,7 +114,7 @@ Nominally: **13 sequential tasks**, each S–XL. Most other tasks parallelize of
 | TASK-029 | Naming consistency — `stop_and_wait`, `block_ip`/`unblock_ip` | M5 | Done | TASK-014 |
 | TASK-030 | `_handler` suffix renames + `explicit` constructor | M5 | Done | TASK-014 |
 | TASK-031 | Handler error-propagation contract (DR-009) | M5 | Done | TASK-027, TASK-030 |
-| TASK-032 | Thread-safety contract stress test (DR-008) | M5 | Not Started | TASK-027, TASK-031 |
+| TASK-032 | Thread-safety contract stress test (DR-008) | M5 | Done | TASK-027, TASK-031 |
 | TASK-033 | `create_webserver` builder cleanup | M5 | Not Started | TASK-006, TASK-014 |
 | TASK-034 | Build-flag-independent public API + `webserver::features()` | M5 | Not Started | TASK-003, TASK-019, TASK-033 |
 | TASK-035 | Smart-pointer `register_ws_resource` overloads | M5 | Not Started | TASK-014, TASK-034 |
diff --git a/specs/unworked_review_issues/2026-05-11_235550_task-032.md b/specs/unworked_review_issues/2026-05-11_235550_task-032.md
