gh-120671: Fix PY_CHECK_CC_WARNING() in configure.ac (GH-120822)
Add missing space in AS_VAR_APPEND() on CFLAGS.
(cherry picked from commit 2106c9bef0)
Co-authored-by: Michael Allwright <allsey87@gmail.com>
GH-115983: skip building shared modules for testing under WASI (GH-116528)
(cherry picked from commit 8c094c3095)
Co-authored-by: Brett Cannon <brett@python.org>
gh-120154: Fix Emscripten/WASI pattern in case statement for LDSHARED (#120173)
Fix Emscripten/WASI pattern in case statement for LDSHARED
(cherry picked from commit 47816f465e)
Co-authored-by: Michael Allwright <contact@allwright.io>
Force the compiler to issue an error if the flag is not supported.
(cherry picked from commit 49fc1414b5)
Co-authored-by: Erlend E. Aasland <erlend@python.org>
This prevents spurious 'env changed' and llvm-profdata merge errors.
(cherry picked from commit 396b831850)
Co-authored-by: Erlend E. Aasland <erlend@python.org>
* [3.12] gh-112536: Add support for thread sanitizer (TSAN) (gh-112648)
(cherry picked from commit 88cb972000)
* Remove doc for configure option (leave it hidden in this branch)
---------
Co-authored-by: Samet YASLAN <sametyaslan@gmail.com>
gh-110459: Make sure --with-openssl-rpath works on macOS (GH-113441)
* gh-110459: Make sure --with-openssl-rpath works on macOS
On macOS the `-rpath` linker flag is spelled differently
than on on platforms.
(cherry picked from commit cc13eabc7c)
Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
gh-112088: Run autoreconf in GHA check_generated_files (#112090)
The "Check if generated files are up to date" job of GitHub Actions
now runs the "autoreconf -ivf -Werror" command instead of the "make
regen-configure" command to avoid depending on the external quay.io
server.
Add Tools/build/regen-configure.sh script to regenerate the configure
with an Ubuntu container image. The
"quay.io/tiran/cpython_autoconf:271" container image
(https://github.com/tiran/cpython_autoconf) is no longer used.
(cherry picked from commit d9fd33a869)
gh-111046: for wasi-threads, export memory as well via the linker (GH-111099)
(cherry picked from commit 5dfa71769f)
Co-authored-by: YAMAMOTO Takashi <yamamoto@midokura.com>
* Check for linux/limits.h before including it
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
(cherry picked from commit 11c055f5ff)
Don't let autoconf mistake MPI compilers for Intel compilers;
filter out the MPI case to prevent Intel specific options from being applied.
(cherry picked from commit 9a6b278769)
Co-authored-by: Lukas van de Wiel <30800501+LukasvdWiel@users.noreply.github.com>
Quoting autoconf (v2.71):
All current systems provide time.h; it need not be checked for.
Not all systems provide sys/time.h, but those that do, all allow
you to include it and time.h simultaneously.
(cherry picked from commit 9ab587b714)
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Apply BOLT optimizations to libpython for shared builds. Most of the C
code is in libpython so it is critical to apply BOLT there fully realize
BOLT benefits.
This change also reworks how BOLT instrumentation is applied. It
effectively removes the readelf based logic added in gh-101525 and
replaces it with a mechanism that saves a copy of the pre-bolt binary
and restores that copy when necessary. This allows us to perform BOLT
optimizations without having to manually delete the output binary to
force a new bolt run.
Also:
- add a clean-bolt target for purging BOLT files and hook that up to the
clean target
- .gitignore BOLT related files
Before and after this refactor, `make` will no-op after a previous run.
Both versions should also share common make DAG deficiencies where
targets fail to trigger as often as they need to or can trigger
prematurely in certain scenarios. e.g. after this change you may need to
`rm profile-bolt-stamp` to force a BOLT run because there aren't
appropriate non-phony targets for BOLT's make target to depend on.
To make it easier to iterate on custom BOLT settings, the flags to pass
to instrumentation and application are now defined in configure and can
be overridden by passing BOLT_INSTRUMENT_FLAGS and BOLT_APPLY_FLAGS.
This merges their code. They're backed by the same single HACL* static library, having them be a single module simplifies maintenance.
This should unbreak the wasm enscripten builds that currently fail due to linking in --whole-archive mode and the HACL* library appearing twice.
Long unnoticed error fixed: _sha512.SHA384Type was doubly assigned and was actually SHA512Type. Nobody depends on those internal names.
Also rename LIBHACL_ make vars to LIBHACL_SHA2_ in preperation for other future HACL things.
Replace the builtin hashlib implementations of SHA2-384 and SHA2-512
originally from LibTomCrypt with formally verified, side-channel resistant
code from the [HACL*](https://github.com/hacl-star/hacl-star/) project.
The builtins remain a fallback only used when OpenSSL does not provide them.
replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224.
This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree.
@franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost!
```
---------------------------------------------------------------
Benchmark Time CPU Iterations
---------------------------------------------------------------
Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR
LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently
```
The changes in this PR are as follows:
- import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl`
- rewire sha256module.c to use the HACL* implementation
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Fix the gdbm_compat library detection logic to actually check for
-lgdbm_compat independently of the ndbm detection.
This fixes the build failure with `--with-dbmliborder=gdbm`,
and implicit fallback to ndbm with the default value.
When cross-compiling, the compile/run test for -pthread always fails so -pthread
will never be automatically set without an override from the cache. ac_cv_pthread
can already be overridden, so do the same thing for ac_cv_cxx_thread.
It has had no effect on non-macOS platforms for a long time, and has had
the non-obvious effect of invoking `pkg_config` and not setting
`-DUSING_APPLE_OS_LIBFFI` on macOS since GH-22855.