Skip to content

gh-145272: Fix data race when accessing func_code in PyFunctionObject #145534

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Krishna-web-hub wants to merge 3 commits into
base: main
Choose a base branch
from
+14 −5
Open

gh-145272: Fix data race when accessing func_code in PyFunctionObject #145534

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d926271
gh-142572: Fix data race when accessing func_code in PyFunctionObject
Krishna-web-hub Mar 5, 2026
7b10320
Fix data race on func_code in free-threaded Python
Krishna-web-hub Mar 6, 2026
e703995
Fixing the issues
Krishna-web-hub Mar 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions Include/cpython/funcobject.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,10 +88,14 @@ PyAPI_FUNC(int) PyFunction_SetAnnotations(PyObject *, PyObject *);
/* Static inline functions for direct access to these values.
Type checks are *not* done, so use with care. */
static inline PyObject* PyFunction_GET_CODE(PyObject *func) {
return _PyFunction_CAST(func)->func_code;
PyFunctionObject *op = _PyFunction_CAST(func);
#ifdef Py_GIL_DISABLED
return (PyObject *)_Py_atomic_load_ptr(&op->func_code);
Copy link
Member

@picnixz picnixz Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't all attributes of function objects subject to this issue then?

#else
return op->func_code;
#endif
}
#define PyFunction_GET_CODE(func) PyFunction_GET_CODE(_PyObject_CAST(func))

static inline PyObject* PyFunction_GET_GLOBALS(PyObject *func) {
return _PyFunction_CAST(func)->func_globals;
}
Expand Down
1 change: 1 addition & 0 deletions Misc/NEWS.d/next/Core_and_Builtins/2026-03-05-12-01-44.gh-issue-145272.MeSSbg.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fixing race condition in PyFunctionObject.func_code
Copy link
Member

@picnixz picnixz Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should be less precise in terms of implementation and rather mention __func__.__code__ directly.

10 changes: 7 additions & 3 deletions Objects/funcobject.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -631,7 +631,8 @@ func_get_code(PyObject *self, void *Py_UNUSED(ignored))
return NULL;
}

return Py_NewRef(op->func_code);
PyCodeObject *code = _Py_atomic_load_ptr(&op->func_code);
return Py_NewRef(code);
Comment on lines +634 to +635
Copy link
Contributor

@da-woods da-woods Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't right.

code might have been deallocated by the time you do Py_NewRef

}

static int
Expand Down Expand Up @@ -664,7 +665,7 @@ func_set_code(PyObject *self, PyObject *value, void *Py_UNUSED(ignored))
return -1;
}

PyObject *func_code = PyFunction_GET_CODE(op);
PyCodeObject *func_code = (PyCodeObject *)PyFunction_GET_CODE(op);
Copy link
Member

@picnixz picnixz Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this change?

int old_flags = ((PyCodeObject *)func_code)->co_flags;
int new_flags = ((PyCodeObject *)value)->co_flags;
int mask = CO_GENERATOR | CO_COROUTINE | CO_ASYNC_GENERATOR;
Expand All @@ -679,7 +680,10 @@ func_set_code(PyObject *self, PyObject *value, void *Py_UNUSED(ignored))

handle_func_event(PyFunction_EVENT_MODIFY_CODE, op, value);
_PyFunction_ClearVersion(op);
Py_XSETREF(op->func_code, Py_NewRef(value));
PyCodeObject *new = (PyCodeObject *)Py_NewRef(value);
Copy link
Member

@picnixz picnixz Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be GIL_DISABLED-guarded

Copy link
Member

@picnixz picnixz Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, don't we have a FT-helper alterantive to Py_XSETREF?

PyCodeObject *old =
(PyCodeObject *)_Py_atomic_exchange_ptr(&op->func_code, new);
Py_XDECREF(old);
return 0;
}

Expand Down
Loading