* Pick target depending on preconditions
* Clarify the news fragment
* Add test capturing missed expectation.
* Add more idiomatic safe realpath helper
* Restore logic where existance and directoriness are checked on realpath.
* Link GH issue to test.
* Extract a function to check the target. Remove the _safe_realpath, now no longer needed.
* Extract method for replacing sys_path, and isolate realpath usage there.
* Revert "Extract method for replacing sys_path, and isolate realpath usage there."
This reverts commit 855aac3d28.
* Restore _safe_realpath.
---------
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
For optional arguments with required=True, the ArgumentDefaultsHelpFormatter
would always add a " (default: None)" to the end of the help text.
Since that's a bit misleading, it is removed with this commit.
* bpo-40350: fix namespace package support in modulefinder
Signed-off-by: Filipe LaÃns <lains@riseup.net>
* consider that namespace package specs might have the loader set
Signed-off-by: Filipe LaÃns <lains@riseup.net>
* Revert "consider that namespace package specs might have the loader set"
This reverts commit 23fb4e0de3.
Signed-off-by: Filipe LaÃns <lains@riseup.net>
* Fix load_module and load_package to handle namespace packages
Signed-off-by: Filipe LaÃns <lains@riseup.net>
* Drop _NAMESPACE constant
Signed-off-by: Filipe LaÃns <lains@riseup.net>
* Drop importlib changes
Signed-off-by: Filipe LaÃns <lains@riseup.net>
* Update NamespacePath check
Signed-off-by: Filipe LaÃns <lains@riseup.net>
* Mixed some
Signed-off-by: Filipe LaÃns <lains@riseup.net>
---------
Signed-off-by: Filipe LaÃns <lains@riseup.net>
* Add profiling module documentation structure
PEP 799 introduces a new `profiling` package that reorganizes Python's
profiling tools under a unified namespace. This commit adds the documentation
structure to match: a main entry point (profiling.rst) that helps users choose
between profilers, detailed docs for the tracing profiler (profiling-tracing.rst),
and separated pstats documentation.
The tracing profiler docs note that cProfile remains as a backward-compatible
alias, so existing code continues to work. The pstats module gets its own page
since it's used by both profiler types and deserves focused documentation.
* Add profiling.sampling documentation
The sampling profiler is new in Python 3.15 and works fundamentally differently
from the tracing profiler. It observes programs from outside by periodically
capturing stack snapshots, which means zero overhead on the profiled code. This
makes it practical for production use where you can attach to live servers.
The docs explain the key concepts (statistical vs deterministic profiling),
provide quick examples upfront, document all output formats (pstats, flamegraph,
gecko, heatmap), and cover the live TUI mode. The defaults table helps users
understand what happens without any flags.
* Wire profiling docs into the documentation tree
Add the new profiling module pages to the Debugging and Profiling toctree.
The order places the main profiling.rst entry point first, followed by the
two profiler implementations, then pstats, and finally the deprecated profile
module last.
* Convert profile.rst to deprecation stub
The pure Python profile module is deprecated in 3.15 and scheduled for removal
in 3.17. Users should migrate to profiling.tracing (or use the cProfile alias
which continues to work).
The page now focuses on helping existing users migrate: it shows the old vs new
import style, keeps the shared API reference since both modules have the same
interface, and preserves the calibration docs for anyone still using the pure
Python implementation during the transition period.
* Update CLI module references for profiling restructure
Point cProfile to profiling.tracing docs and add profiling.sampling to the
list of modules with CLI interfaces. The old profile-cli label no longer
exists after the documentation restructure.
* Update whatsnew to link to profiling module docs
Enable cross-references to the new profiling module documentation and update
the CLI examples to use the current syntax with the attach subcommand. Also
reference profiling.tracing instead of cProfile since that's the new canonical
name.
The tests were flaky on slow machines because subprocesses could finish
before enough samples were collected. This adds synchronization similar
to test_external_inspection: test scripts now signal when they start
working, and the profiler waits for this signal before sampling.
Test scripts now run in infinite loops until killed rather than for
fixed iterations, ensuring the profiler always has active work to
sample regardless of machine speed.
This PR implements frame caching in the RemoteUnwinder class to significantly reduce memory reads when profiling remote processes with deep call stacks.
When cache_frames=True, the unwinder stores the frame chain from each sample and reuses unchanged portions in subsequent samples. Since most profiling samples capture similar call stacks (especially the parent frames), this optimization avoids repeatedly reading the same frame data from the target process.
The implementation adds a last_profiled_frame field to the thread state that tracks where the previous sample stopped. On the next sample, if the current frame chain reaches this marker, the cached frames from that point onward are reused instead of being re-read from remote memory.
The sampling profiler now enables frame caching by default.
Extend defect handling via policy to a couple of missed defects.
---------
Co-authored-by: Martin Panter <vadmium@users.noreply.github.com>
Co-authored-by: Ivo Bellin Salarin <ivo@nilleb.com>
The keyword typo suggestion mechanism in traceback would incorrectly
suggest replacements when the extracted source code was merely incomplete
rather than containing an actual typo. For example, when a missing comma
caused a syntax error, the system would suggest replacing 'print' with
'not' because the incomplete code snippet happened to pass validation.
The fix adds a validation step that first checks whether the original
extracted code raises a SyntaxError. If the code compiles successfully
or is simply incomplete (compile_command returns None), the function
returns early since there is no way to verify that a keyword replacement
would actually fix the problem.
RDM: This fixes a subtle folding error that showed up when a token exactly filled a line and was followed by whitespace and a token with no folding whitespace that was longer than a line. In this particular circumstance the whitespace after the first token got pushed on to the next line, and then stolen to go in front of the next unfoldable token...leaving a completely empty line in the line buffer. That line got turned in to a newline, which is RFC illegal, and the newish security check caught it. The fix is to just delete that empty line from the buffer.
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Enhanced the _find_lineno method in doctest to correctly identify and
report line numbers for doctests defined in __test__ dictionaries when
formatted as triple-quoted strings.
Finds a non-blank line in the test string and matches it in the source
file, verifying subsequent lines also match to handle duplicate lines.
Previously, doctest would report "line None" for __test__ dictionary
strings, making it difficult to debug failing tests.
Co-authored-by: Jurjen N.E. Bos <jneb@users.sourceforge.net>
Co-authored-by: R. David Murray <rdmurray@bitdance.com>
Loading a small data which does not even involve arbitrary code execution
could consume arbitrary large amount of memory. There were three issues:
* PUT and LONG_BINPUT with large argument (the C implementation only).
Since the memo is implemented in C as a continuous dynamic array, a single
opcode can cause its resizing to arbitrary size. Now the sparsity of
memo indices is limited.
* BINBYTES, BINBYTES8 and BYTEARRAY8 with large argument. They allocated
the bytes or bytearray object of the specified size before reading into
it. Now they read very large data by chunks.
* BINSTRING, BINUNICODE, LONG4, BINUNICODE8 and FRAME with large
argument. They read the whole data by calling the read() method of
the underlying file object, which usually allocates the bytes object of
the specified size before reading into it. Now they read very large data
by chunks.
Also add comprehensive benchmark suite to measure performance and memory
impact of chunked reading optimization in PR #119204.
Features:
- Normal mode: benchmarks legitimate pickles (time/memory metrics)
- Antagonistic mode: tests malicious pickles (DoS protection)
- Baseline comparison: side-by-side comparison of two Python builds
- Support for truncated data and sparse memo attack vectors
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
