Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-04-20 02:40:59 +00:00
Code Issues Projects Releases Packages Wiki Activity

gh-146261: JIT: protect against function version changes (#146300)

Browse source 
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
This commit is contained in:
Ken Jin 2026-04-13 02:23:47 +08:00 committed by GitHub
parent 1e79bf6c05
commit 6f7bb297db
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 64 additions and 189 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Python/optimizer_analysis.c
View file

@ -283,8 +283,6 @@ add_op(JitOptContext *ctx, _PyUOpInstruction *this_instr,
#define sym_get_probable_func_code _Py_uop_sym_get_probable_func_code
#define sym_get_probable_value _Py_uop_sym_get_probable_value
#define sym_set_stack_depth(DEPTH, SP) _Py_uop_sym_set_stack_depth(ctx, DEPTH, SP)
#define sym_get_func_version _Py_uop_sym_get_func_version
#define sym_set_func_version _Py_uop_sym_set_func_version
/* Comparison oparg masks */
#define COMPARE_LT_MASK 2

19
Python/optimizer_bytecodes.c
View file

@ -1001,12 +1001,15 @@ dummy_func(void) {
}
op(_CHECK_FUNCTION_VERSION, (func_version/2, callable, self_or_null, unused[oparg] -- callable, self_or_null, unused[oparg])) {
if (sym_get_func_version(callable) == func_version) {
REPLACE_OP(this_instr, _NOP, 0, 0);
}
else {
sym_set_func_version(ctx, callable, func_version);
PyObject *func = sym_get_probable_value(callable);
if (func == NULL || !PyFunction_Check(func) || ((PyFunctionObject *)func)->func_version != func_version) {
ctx->contradiction = true;
ctx->done = true;
break;
}
// Guarded on this, so it can be promoted.
sym_set_const(callable, func);
_Py_BloomFilter_Add(dependencies, func);
}
op(_CHECK_METHOD_VERSION, (func_version/2, callable, null, unused[oparg] -- callable, null, unused[oparg])) {
@ -2229,7 +2232,8 @@ dummy_func(void) {
if (co->co_version == version) {
_Py_BloomFilter_Add(dependencies, co);
// Functions derive their version from code objects.
if (sym_get_func_version(ctx->frame->callable) == version) {
PyFunctionObject *func = (PyFunctionObject *)sym_get_const(ctx, ctx->frame->callable);
if (func != NULL && func->func_version == version) {
REPLACE_OP(this_instr, _NOP, 0, 0);
}
}
@ -2262,7 +2266,8 @@ dummy_func(void) {
op(_GUARD_IP__PUSH_FRAME, (ip/4 --)) {
(void)ip;
stack_pointer = sym_set_stack_depth((int)this_instr->operand1, stack_pointer);
if (sym_get_func_version(ctx->frame->callable) != 0 &&
PyFunctionObject *func = (PyFunctionObject *)sym_get_const(ctx, ctx->frame->callable);
if (func != NULL && func->func_version != 0 &&
// We can remove this guard for simple function call targets.
(((PyCodeObject *)ctx->frame->func->func_code)->co_flags &
(CO_GENERATOR | CO_COROUTINE | CO_ASYNC_GENERATOR)) == 0) {

18
Python/optimizer_cases.c.h generated
View file

@ -3619,12 +3619,14 @@
JitOptRef callable;
callable = stack_pointer[-2 - oparg];
uint32_t func_version = (uint32_t)this_instr->operand0;
if (sym_get_func_version(callable) == func_version) {
REPLACE_OP(this_instr, _NOP, 0, 0);
}
else {
sym_set_func_version(ctx, callable, func_version);
PyObject *func = sym_get_probable_value(callable);
if (func == NULL || !PyFunction_Check(func) || ((PyFunctionObject *)func)->func_version != func_version) {
ctx->contradiction = true;
ctx->done = true;
break;
}
sym_set_const(callable, func);
_Py_BloomFilter_Add(dependencies, func);
break;
}
@ -5057,7 +5059,8 @@
PyCodeObject *co = get_current_code_object(ctx);
if (co->co_version == version) {
_Py_BloomFilter_Add(dependencies, co);
if (sym_get_func_version(ctx->frame->callable) == version) {
PyFunctionObject *func = (PyFunctionObject *)sym_get_const(ctx, ctx->frame->callable);
if (func != NULL && func->func_version == version) {
REPLACE_OP(this_instr, _NOP, 0, 0);
}
}
@ -5098,7 +5101,8 @@
PyObject *ip = (PyObject *)this_instr->operand0;
(void)ip;
stack_pointer = sym_set_stack_depth((int)this_instr->operand1, stack_pointer);
if (sym_get_func_version(ctx->frame->callable) != 0 &&
PyFunctionObject *func = (PyFunctionObject *)sym_get_const(ctx, ctx->frame->callable);
if (func != NULL && func->func_version != 0 &&
// We can remove this guard for simple function call targets.
(((PyCodeObject *)ctx->frame->func->func_code)->co_flags &
(CO_GENERATOR | CO_COROUTINE | CO_ASYNC_GENERATOR)) == 0) {

169
Python/optimizer_symbols.c
View file

@ -35,12 +35,12 @@ NULL | | RECORDED_VALUE*
| TYPE_VERSION | | |
| | | | | <- Anything below this level has a known type.
| KNOWN_CLASS--+ | | |
| | | | | | PREDICATE RECORDED_VALUE(known type)
| | | INT* | | | |
| | | | | | | | <- Anything below this level has a known truthiness.
| | | | FUNC_VERSION | | |
| TUPLE | | | TRUTHINESS | |
| | | | | | | | <- Anything below this level is a known constant.
| | | | | PREDICATE RECORDED_VALUE(known type)
| | | INT* | | |
| | | | | | | <- Anything below this level has a known truthiness.
| | | | | | |
| TUPLE | | TRUTHINESS | |
| | | | | | | <- Anything below this level is a known constant.
| KNOWN_VALUE--+-------+----+------+
| | <- Anything below this level is unreachable.
BOTTOM
@ -101,9 +101,6 @@ _PyUOpSymPrint(JitOptRef ref)
case JIT_SYM_TYPE_VERSION_TAG:
printf("<v%u at %p>", sym->version.version, (void *)sym);
break;
case JIT_SYM_FUNC_VERSION_TAG:
printf("<function version=%u>", sym->func_version.func_version);
break;
case JIT_SYM_KNOWN_CLASS_TAG:
printf("<%s at %p>", sym->cls.type->tp_name, (void *)sym);
break;
@ -325,11 +322,6 @@ _Py_uop_sym_set_type(JitOptContext *ctx, JitOptRef ref, PyTypeObject *typ)
sym_set_bottom(ctx, sym);
}
return;
case JIT_SYM_FUNC_VERSION_TAG:
if (typ != &PyFunction_Type) {
sym_set_bottom(ctx, sym);
}
return;
case JIT_SYM_KNOWN_VALUE_TAG:
if (Py_TYPE(sym->value.value) != typ) {
Py_CLEAR(sym->value.value);
@ -433,12 +425,6 @@ _Py_uop_sym_set_type_version(JitOptContext *ctx, JitOptRef ref, unsigned int ver
return false;
}
return true;
case JIT_SYM_FUNC_VERSION_TAG:
if (version != PyFunction_Type.tp_version_tag) {
sym_set_bottom(ctx, sym);
return false;
}
return true;
case JIT_SYM_BOTTOM_TAG:
return false;
case JIT_SYM_NON_NULL_TAG:
@ -486,87 +472,6 @@ _Py_uop_sym_set_type_version(JitOptContext *ctx, JitOptRef ref, unsigned int ver
Py_UNREACHABLE();
}
bool
_Py_uop_sym_set_func_version(JitOptContext *ctx, JitOptRef ref, uint32_t version)
{
JitOptSymbol *sym = PyJitRef_Unwrap(ref);
JitSymType tag = sym->tag;
switch(tag) {
case JIT_SYM_NULL_TAG:
sym_set_bottom(ctx, sym);
return false;
case JIT_SYM_KNOWN_CLASS_TAG:
if (sym->cls.type != &PyFunction_Type) {
sym_set_bottom(ctx, sym);
return false;
}
sym->tag = JIT_SYM_FUNC_VERSION_TAG;
sym->version.version = version;
return true;
case JIT_SYM_KNOWN_VALUE_TAG:
if (Py_TYPE(sym->value.value) != &PyFunction_Type ||
((PyFunctionObject *)sym->value.value)->func_version != version) {
Py_CLEAR(sym->value.value);
sym_set_bottom(ctx, sym);
return false;
}
return true;
case JIT_SYM_TYPE_VERSION_TAG:
if (sym->version.version != PyFunction_Type.tp_version_tag) {
sym_set_bottom(ctx, sym);
return false;
}
sym->tag = JIT_SYM_FUNC_VERSION_TAG;
sym->version.version = version;
return true;
case JIT_SYM_FUNC_VERSION_TAG:
if (sym->func_version.func_version != version) {
sym_set_bottom(ctx, sym);
return false;
}
return true;
case JIT_SYM_BOTTOM_TAG:
return false;
case JIT_SYM_NON_NULL_TAG:
case JIT_SYM_UNKNOWN_TAG:
sym->tag = JIT_SYM_FUNC_VERSION_TAG;
sym->func_version.func_version = version;
return true;
case JIT_SYM_RECORDED_GEN_FUNC_TAG:
case JIT_SYM_COMPACT_INT:
case JIT_SYM_TUPLE_TAG:
case JIT_SYM_PREDICATE_TAG:
case JIT_SYM_TRUTHINESS_TAG:
sym_set_bottom(ctx, sym);
return false;
case JIT_SYM_RECORDED_VALUE_TAG: {
PyObject *val = sym->recorded_value.value;
if (Py_TYPE(val) != &PyFunction_Type ||
((PyFunctionObject *)sym->recorded_value.value)->func_version != version) {
sym_set_bottom(ctx, sym);
return false;
}
// Promote to known value, as we have guarded/checked on it.
sym->tag = JIT_SYM_KNOWN_VALUE_TAG;
// New ownership. We need to NewRef here, as
// it's originally kept alive by the trace buffer.
sym->value.value = Py_NewRef(val);
return true;
}
case JIT_SYM_RECORDED_TYPE_TAG:
if (sym->recorded_type.type == &PyFunction_Type) {
sym->tag = JIT_SYM_FUNC_VERSION_TAG;
sym->func_version.func_version = version;
return true;
}
else {
sym_set_bottom(ctx, sym);
return false;
}
}
Py_UNREACHABLE();
}
void
_Py_uop_sym_set_const(JitOptContext *ctx, JitOptRef ref, PyObject *const_val)
{
@ -612,14 +517,6 @@ _Py_uop_sym_set_const(JitOptContext *ctx, JitOptRef ref, PyObject *const_val)
}
make_const(sym, const_val);
return;
case JIT_SYM_FUNC_VERSION_TAG:
if (Py_TYPE(const_val) != &PyFunction_Type ||
((PyFunctionObject *)const_val)->func_version != sym->func_version.func_version) {
sym_set_bottom(ctx, sym);
return;
}
make_const(sym, const_val);
return;
case JIT_SYM_BOTTOM_TAG:
return;
case JIT_SYM_RECORDED_VALUE_TAG:
@ -796,8 +693,6 @@ _Py_uop_sym_get_type(JitOptRef ref)
return Py_TYPE(sym->value.value);
case JIT_SYM_TYPE_VERSION_TAG:
return _PyType_LookupByVersion(sym->version.version);
case JIT_SYM_FUNC_VERSION_TAG:
return &PyFunction_Type;
case JIT_SYM_TUPLE_TAG:
return &PyTuple_Type;
case JIT_SYM_PREDICATE_TAG:
@ -820,7 +715,6 @@ _Py_uop_sym_get_probable_type(JitOptRef ref)
case JIT_SYM_NON_NULL_TAG:
case JIT_SYM_UNKNOWN_TAG:
case JIT_SYM_TYPE_VERSION_TAG:
case JIT_SYM_FUNC_VERSION_TAG:
case JIT_SYM_TUPLE_TAG:
case JIT_SYM_PREDICATE_TAG:
case JIT_SYM_TRUTHINESS_TAG:
@ -853,8 +747,6 @@ _Py_uop_sym_get_type_version(JitOptRef ref)
return 0;
case JIT_SYM_TYPE_VERSION_TAG:
return sym->version.version;
case JIT_SYM_FUNC_VERSION_TAG:
return PyFunction_Type.tp_version_tag;
case JIT_SYM_KNOWN_CLASS_TAG:
return sym->cls.version;
case JIT_SYM_KNOWN_VALUE_TAG:
@ -872,37 +764,6 @@ _Py_uop_sym_get_type_version(JitOptRef ref)
Py_UNREACHABLE();
}
uint32_t
_Py_uop_sym_get_func_version(JitOptRef ref)
{
JitOptSymbol *sym = PyJitRef_Unwrap(ref);
JitSymType tag = sym->tag;
switch(tag) {
case JIT_SYM_NULL_TAG:
case JIT_SYM_BOTTOM_TAG:
case JIT_SYM_NON_NULL_TAG:
case JIT_SYM_UNKNOWN_TAG:
case JIT_SYM_RECORDED_VALUE_TAG:
case JIT_SYM_RECORDED_TYPE_TAG:
case JIT_SYM_TYPE_VERSION_TAG:
case JIT_SYM_KNOWN_CLASS_TAG:
case JIT_SYM_TUPLE_TAG:
case JIT_SYM_PREDICATE_TAG:
case JIT_SYM_TRUTHINESS_TAG:
case JIT_SYM_COMPACT_INT:
case JIT_SYM_RECORDED_GEN_FUNC_TAG:
return 0;
case JIT_SYM_FUNC_VERSION_TAG:
return sym->func_version.func_version;
case JIT_SYM_KNOWN_VALUE_TAG:
if (Py_TYPE(sym->value.value) == &PyFunction_Type) {
return ((PyFunctionObject *)sym->value.value)->func_version;
}
return 0;
}
Py_UNREACHABLE();
}
bool
_Py_uop_sym_has_type(JitOptRef sym)
@ -935,7 +796,6 @@ _Py_uop_sym_get_probable_value(JitOptRef ref)
case JIT_SYM_UNKNOWN_TAG:
case JIT_SYM_RECORDED_TYPE_TAG:
case JIT_SYM_TYPE_VERSION_TAG:
case JIT_SYM_FUNC_VERSION_TAG:
case JIT_SYM_TUPLE_TAG:
case JIT_SYM_PREDICATE_TAG:
case JIT_SYM_TRUTHINESS_TAG:
@ -1005,8 +865,6 @@ _Py_uop_sym_truthiness(JitOptContext *ctx, JitOptRef ref)
return -1;
case JIT_SYM_KNOWN_VALUE_TAG:
break;
case JIT_SYM_FUNC_VERSION_TAG:
return 1;
case JIT_SYM_TUPLE_TAG:
return sym->tuple.length != 0;
case JIT_SYM_TRUTHINESS_TAG:
@ -1155,7 +1013,6 @@ _Py_uop_sym_set_compact_int(JitOptContext *ctx, JitOptRef ref)
sym_set_bottom(ctx, sym);
}
return;
case JIT_SYM_FUNC_VERSION_TAG:
case JIT_SYM_TUPLE_TAG:
case JIT_SYM_PREDICATE_TAG:
case JIT_SYM_TRUTHINESS_TAG:
@ -1343,7 +1200,6 @@ _Py_uop_sym_set_recorded_value(JitOptContext *ctx, JitOptRef ref, PyObject *valu
case JIT_SYM_PREDICATE_TAG:
case JIT_SYM_TRUTHINESS_TAG:
case JIT_SYM_COMPACT_INT:
case JIT_SYM_FUNC_VERSION_TAG:
return;
}
Py_UNREACHABLE();
@ -1367,9 +1223,6 @@ _Py_uop_sym_set_recorded_gen_func(JitOptContext *ctx, JitOptRef ref, PyFunctionO
case JIT_SYM_PREDICATE_TAG:
case JIT_SYM_TRUTHINESS_TAG:
case JIT_SYM_COMPACT_INT:
case JIT_SYM_FUNC_VERSION_TAG:
sym_set_bottom(ctx, sym);
return;
case JIT_SYM_BOTTOM_TAG:
return;
case JIT_SYM_NON_NULL_TAG:
@ -1464,7 +1317,6 @@ _Py_uop_sym_set_recorded_type(JitOptContext *ctx, JitOptRef ref, PyTypeObject *t
case JIT_SYM_TRUTHINESS_TAG:
case JIT_SYM_COMPACT_INT:
case JIT_SYM_RECORDED_GEN_FUNC_TAG:
case JIT_SYM_FUNC_VERSION_TAG:
return;
}
Py_UNREACHABLE();
@ -2128,15 +1980,6 @@ _Py_uop_symbols_test(PyObject *Py_UNUSED(self), PyObject *Py_UNUSED(ignored))
TEST_PREDICATE(_Py_uop_sym_matches_type(ref_int, &PyLong_Type), "43 is not an int");
TEST_PREDICATE(_Py_uop_sym_get_const(ctx, ref_int) == val_43, "43 isn't 43");
// Test func version's important transitions.
JitOptRef func_version = _Py_uop_sym_new_not_null(ctx);
TEST_PREDICATE(_Py_uop_sym_get_func_version(func_version) == 0, "func version should be unset");
_Py_uop_sym_set_func_version(ctx, func_version, 172);
TEST_PREDICATE(_Py_uop_sym_get_func_version(func_version) == 172, "func version should be set");
func_version = _Py_uop_sym_new_type(ctx, &PyFunction_Type);
_Py_uop_sym_set_func_version(ctx, func_version, 192);
TEST_PREDICATE(_Py_uop_sym_get_func_version(func_version) == 192, "func version should be set");
// Test recorded values
/* Test that recorded values aren't treated as known values*/