cpython-asan: add recipe and setup-cpython convenience action.#72
Merged
Merged
Conversation
The existing llvm-asan row catches use-after-free / heap-overflow in CppInterOp's C++ code but never crosses the Python boundary -- cppyy's proxy lifetimes, refcount/ownership in _cppyy.so, and the wrapper-call paths generated from Python type info are reached only from the Python side. Asan-instrumenting Cling under a stock interpreter is not equivalent; the bug class lives in the bindings layer, not the JIT. Recipe scaffold mirrors cpython-debug. The post-install verify resolves __asan_init via ctypes and greps sysconfig.PY_CFLAGS for -fsanitize=undefined, so silently dropping either configure flag fails the build instead of shipping a release Python under a sanitised name. ASAN_OPTIONS=detect_leaks=0 keeps the verify from exiting 23 on Python's intentional interning at shutdown. One cell, ubuntu-24.04 x86_64 at CPython 3.14.3 (matching cpython-debug's pin); Linux only because macOS needs an asan-instrumented libc++ from llvm-asan in scope. setup-cpython hides the consumer-side env wiring behind a setup-llvm-shaped composite. `flavor` selects between cpython-asan and cpython-debug -- required, no default; silent fall-through across two ABI-incompatible flavors would mask a matrix typo. The action delegates to setup-recipe, prepends <prefix>/bin to PATH, and exports LD_LIBRARY_PATH / Python3_ROOT_DIR / PYTHON_EXECUTABLE so cmake's find_package and bare `python<M.N>` invocations need no per-step plumbing; the asan flavor also sets ASAN_OPTIONS=detect_leaks=0. Downstream consumers must match compiler family (gcc-asan vs clang-asan runtimes do not unify); recipe.yaml states the caveat at the contract level.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The existing llvm-asan row catches use-after-free / heap-overflow in CppInterOp's C++ code but never crosses the Python boundary -- cppyy's proxy lifetimes, refcount/ownership in _cppyy.so, and the wrapper-call paths generated from Python type info are reached only from the Python side. Asan-instrumenting Cling under a stock interpreter is not equivalent; the bug class lives in the bindings layer, not the JIT.
Recipe scaffold mirrors cpython-debug. The post-install verify resolves __asan_init via ctypes and greps sysconfig.PY_CFLAGS for -fsanitize=undefined, so silently dropping either configure flag fails the build instead of shipping a release Python under a sanitised name. ASAN_OPTIONS=detect_leaks=0 keeps the verify from exiting 23 on Python's intentional interning at shutdown. One cell, ubuntu-24.04 x86_64 at CPython 3.14.3 (matching cpython-debug's pin); Linux only because macOS needs an asan-instrumented libc++ from llvm-asan in scope.
setup-cpython hides the consumer-side env wiring behind a setup-llvm-shaped composite.
flavorselects between cpython-asan and cpython-debug -- required, no default; silent fall-through across two ABI-incompatible flavors would mask a matrix typo. The action delegates to setup-recipe, prepends /bin to PATH, and exports LD_LIBRARY_PATH / Python3_ROOT_DIR / PYTHON_EXECUTABLE so cmake's find_package and barepython<M.N>invocations need no per-step plumbing; the asan flavor also sets ASAN_OPTIONS=detect_leaks=0. Downstream consumers must match compiler family (gcc-asan vs clang-asan runtimes do not unify); recipe.yaml states the caveat at the contract level.