Bug 610273 - Verify that optimized python is built with -DNDEBUG (i.e. C assertions off), and debug python is built without it (C assertions on)
Verify that optimized python is built with -DNDEBUG (i.e. C assertions off), ...
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: python (Show other bugs)
19
All Linux
low Severity medium
: ---
: ---
Assigned To: Bohuslav "Slavek" Kabrda
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-01 18:03 EDT by Dave Malcolm
Modified: 2015-02-18 06:05 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-02-18 06:05:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
git diff between 18aug2011 head and this fix. not a complete patch? (2.11 KB, patch)
2011-08-22 23:57 EDT, letters.random13
no flags Details | Diff
example compilation before this fix (1.54 KB, application/octet-stream)
2011-08-23 00:12 EDT, letters.random13
no flags Details

  None (edit)
Description Dave Malcolm 2010-07-01 18:03:11 EDT
<mkanat> Hey folks. So, python is built with NDEBUG in Fedora, but I'm tripping an assertion. How is that possible?
<dmalcolm> mkanat: IIRC it isn't built with NDEBUG
<dmalcolm> (perhaps it should be)
<mkanat> [mkanat@es-compy ~]$ python-config --cflags
<mkanat> -I/usr/include/python2.6 -I/usr/include/python2.6 -fno-strict-aliasing -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC
<dmalcolm> fair enough
<mkanat> dmalcolm: Sorry, didn't mean to come off as abrupt. 
<dmalcolm> mkanat: what's the assertion, and what is "rpm -q python"?
<mkanat> dmalcolm: Just figured that would be the fastest way to demonstrate without making you go run the command.
<mkanat> python-2.6.2-4.fc12.x86_64
<dmalcolm> thanks
<dmalcolm> which assertion is failing?
<mkanat> This is the bug: https://bugs.launchpad.net/meliae/+bug/586122
<mkanat> The assertion is: python: Objects/typeobject.c:2672: type_traverse: Assertion `type->tp_flags & (1L<<9)' failed.
<dmalcolm> ah
<dmalcolm> yes
<dmalcolm> sorry
<dmalcolm> I patched that in the fedora python-meliae package
<dmalcolm> I forgot to send it upstream
<dmalcolm> looks like that code as-is will never work if asserts are turned on 
* dmalcolm looks for the patch
<dmalcolm> http://cvs.fedoraproject.org/viewvc/devel/python-meliae/meliae-0.2.0-fix-builtintype-heap-assertion.patch?revision=1.1&content-type=text%2Fplain&view=co
<mkanat> dmalcolm: Cool, I linked your patch from the bug.
<dmalcolm> thanks
<mkanat> dmalcolm: How is *any* assertion tripping with NDEBUG on, though?
<dmalcolm> that's a good quesiton
<dmalcolm> question, even
<dmalcolm> mkanat: do you have the build log for your build of meliae?  was -DNDEBUG definitely passed to the compiler?
<mkanat> dmalcolm: Oh, that's an interesting question. I'll check.
<dmalcolm> (I can't see why not, though)
<mkanat> I can just rebuild it; it's pretty easy.
<mkanat> dmalcolm: But since this is a python assert, shouldn't if it have been ifdef'd out in python itself?
<dmalcolm> is python-meliae up-to-date with upstream BTW?
<dmalcolm> yeah
<dmalcolm> good pooint
<dmalcolm> point
<mkanat> dmalcolm: I don't know, I don't even see a python-meliae in F12. I'm compiling from source.
<dmalcolm> https://bugzilla.redhat.com/show_bug.cgi?id=577398
<dmalcolm> https://admin.fedoraproject.org/updates/python-meliae-0.2.0-3.fc12 is still in "testing"
<mkanat> dmalcolm: Ah, okay. :-)
<dmalcolm> (thanks for bugzilla btw)
<mkanat> dmalcolm: Hey, welcome! :-D
<mkanat> dmalcolm: And yes, NDEBUG gets passed when building meliae.
<mkanat> cc -pthread -fno-strict-aliasing -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fPIC -I/usr/include/python2.6
<dmalcolm> thanks, though it looks like it's python that's at fault here
<mkanat> *Gcc
* dmalcolm checks
<dmalcolm> it ought to match python-config output, but FWIW the build log is at: http://kojipkgs.fedoraproject.org/packages/python/2.6.2/4.fc12/data/logs/x86_64/build.log
<mkanat> And it lacks NDEBUG.
<dmalcolm> yeah
<dmalcolm> the plot thickens
<dmalcolm> aha
<mkanat> It shows up in the F13 build.
<dmalcolm> interesting
<dmalcolm> thanks
<mkanat> It's missing from F11.
<dmalcolm> is it in your /usr/lib64/python2.6/config/Makefile ?
<dmalcolm> e.g. as part og OPT?
<dmalcolm> s/og/of/
<mkanat> dmalcolm: Yep.
<mkanat> dmalcolm: The build log you linked to shows every OPT is being used *except* -DNDEBUG
<dmalcolm> what I _think_ is happening is that upstream Makefile has a value for OPT
<dmalcolm> but then we override it in our invocation of "make" during the rpmbuild:
<dmalcolm> c.f. line 658 of http://cvs.fedoraproject.org/viewvc/devel/python/python.spec?view=markup
<dmalcolm> where:
<dmalcolm> export OPT="$RPM_OPT_FLAGS -D_GNU_SOURCE -fPIC -fwrapv"
<mkanat> Yeah, that looks like a possibility.
<mkanat> But then why isn't it breaking on F13?
<dmalcolm> yeah
<dmalcolm> on an F-13 box, I get:
<dmalcolm> $ rpm --eval "%{optflags}"
<dmalcolm> -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
Comment 1 Dave Malcolm 2010-07-01 18:19:51 EDT
Binary chop search through the builds logs for python on x86_64:
  http://koji.fedoraproject.org/koji/packageinfo?packageID=130

without NDEBUG:
  http://kojipkgs.fedoraproject.org/packages/python/2.6.2/4.fc12/data/logs/x86_64/build.log
  http://kojipkgs.fedoraproject.org/packages/python/2.6.4/13.fc13/data/logs/x86_64/build.log
  http://kojipkgs.fedoraproject.org/packages/python/2.6.4/15.fc13/data/logs/x86_64/build.log
  http://kojipkgs.fedoraproject.org/packages/python/2.6.4/16.fc13/data/logs/x86_64/build.log

with partial usage of NDEBUG:
  http://kojipkgs.fedoraproject.org/packages/python/2.6.4/17.fc13/data/logs/x86_64/build.log
  http://kojipkgs.fedoraproject.org/packages/python/2.6.4/20.fc13/data/logs/x86_64/build.log
  http://kojipkgs.fedoraproject.org/packages/python/2.6.4/21.fc14/data/logs/x86_64/build.log
  http://kojipkgs.fedoraproject.org/packages/python/2.6.5/17.fc14/data/logs/x86_64/build.log
  http://kojipkgs.fedoraproject.org/packages/python/2.6.4/27.fc13/data/logs/x86_64/build.log
where some of the extension modules are compiled with NDEBUG.

So this change seems to have happened in 2.6.4-17.fc13

The specfile change was:
  http://cvs.fedoraproject.org/viewvc/devel/python/python.spec?r1=1.168&r2=1.169

But it looks like even in the latest builds that not all .c files are compiled with NDEBUG:
  http://kojipkgs.fedoraproject.org/packages/python/2.6.5/17.fc14/data/logs/x86_64/build.log
shows that the core of libpython's .c files aren't being compiled with NDEBUG.
Comment 2 Dave Malcolm 2010-07-01 18:30:18 EDT
(In reply to comment #1)
[snip] 

> But it looks like even in the latest builds that not all .c files are compiled
> with NDEBUG:
>  
> http://kojipkgs.fedoraproject.org/packages/python/2.6.5/17.fc14/data/logs/x86_64/build.log
> shows that the core of libpython's .c files aren't being compiled with
> NDEBUG.    

In particular, Objects/typeobject.c is compiled without -DNDEBUG, hence the assertion seen in comment #0 is built in.
Comment 3 Max Kanat-Alexander 2010-07-01 22:50:14 EDT
So the OPT override that you listed is probably the culprit, then, because it replaces the normal OPT (which has NDEBUG) with $RPM_OPT_FLAGS (which does not have NDEBUG).
Comment 4 Bug Zapper 2010-07-30 08:23:07 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Max Kanat-Alexander 2010-08-16 21:58:41 EDT
Any progress on this? It seems like a pretty big issue to be shipping a debug python when not intending to.
Comment 6 Bug Zapper 2010-11-03 08:37:36 EDT
This message is a reminder that Fedora 12 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 12.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '12'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 12's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 12 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 7 Dave Malcolm 2011-01-21 15:05:24 EST
Summarizing IRC discussion:
I believe that I fixed this for python3 in python3-3.2-0.8.b2.fc15, with this change:

  * Wed Jan  5 2011 David Malcolm <dmalcolm@redhat.com> - 3.2-0.8.b2
  - set EXTRA_CFLAGS to our CFLAGS, rather than overriding OPT, fixing a linker
  error with dynamic annotations (when configured using --with-valgrind)
  ...

Toshio has a similar fix for python.spec in the works
Comment 8 Toshio Ernie Kuratomi 2011-01-21 15:36:39 EST
Okay, build for rawhide that sets $EXTRA_CFLAGS instead of $OPT:
  http://koji.fedoraproject.org/koji/taskinfo?taskID=2735798

From examining the build.log, it should fix this.  If you can test that would be great.  If you want it pushed to released Fedora as well, dmalcolm can look at that once we know the fix works.
Comment 9 Dave Malcolm 2011-01-21 15:50:16 EST
FWIW, another verification approach (somewhat evil):
you can induce an assertion failure with the following fragment of broken code:
  python -c "import ctypes ; ctypes.string_at(0)"

  Python-2.6.5/Objects/stringobject.c:115: PyString_FromString: Assertion `str != ((void *)0)' failed.
  Aborted (core dumped)

If assertions are correctly disabled, I'd expect that code to segfault instead.
Comment 10 Toshio Ernie Kuratomi 2011-01-21 19:16:42 EST
Confirmed that the code in rawhide segfaults.
Comment 11 letters.random13 2011-08-22 23:57:51 EDT
Created attachment 519386 [details]
git diff between 18aug2011 head and this fix. not a complete patch?
Comment 12 letters.random13 2011-08-23 00:12:26 EDT
Created attachment 519389 [details]
example compilation before this fix

[sorry for the bandwidth, intended multiple attachments, still don't know how]

the most recent patch for this problem, circa 21jan2011, is not broken, but it is bent.

i tried a different approach, with these objectives:
(1) confirm that -DNDEBUG is present for "BuildPython optimized", and minimize the chance of recurrence of the bug.
(2) minimize hardwired environment variable cruft supplied to the configure stage.  trust the python configure as much as possible (it presumably evolves more rapidly than hardwired spec file hacks; we want to use *upstream* as much as possible).
(3) minimize hackish, "anti-configure" arguments to build (make) command.
(4) provide *only* EXTRA_CFLAGS (empty by default) for customization. it is an argument to the make command.  any values must be documented.
(5) remain blissfully ignorant of the ever-growing patch list.

the spec file diff
git diff 85867c0a81ff2e52d71e69dc846a3c0efd3fed46 5e787a431841524cc07c45309f0c1105f7af3dd8
is attached in the previous comment.

the example x86_64 compilation after this fix (compare with attachment) is:
debug
gcc -pthread -c -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 -mtune=generic -g -O0 -Wall -Wstrict-prototypes  -I. -IInclude -I/builddir/build/BUILD/Python-2.7.2/Include -I/usr/lib64/libffi-3.0.9/include     -fPIC -DPy_BUILD_CORE -o Modules/python.o /builddir/build/BUILD/Python-2.7.2/Modules/python.c

optimized
gcc -pthread -c -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 -mtune=generic -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes  -I. -IInclude -I/builddir/build/BUILD/Python-2.7.2/Include -I/usr/lib64/libffi-3.0.9/include     -fPIC -DPy_BUILD_CORE -o Modules/python.o /builddir/build/BUILD/Python-2.7.2/Modules/python.c

i did not update the spec release number or change log, since i am as yet unclear on the non-maintainer's role in the complete fedpkg 'submit as a non-packager an unsolicited enhancement to a package maintainer' procedure.

i tested this patch via fedpkg mockbuild on x86_64, it tested ok & packaged ok, and rpmlint matches the original (same warnings & errors).

below are also some archival notes to facilitate discussion, and a couple of minor follow-up issues.

regarding environment variables & their interaction with python configure:
(a) configure does not maintain a consistent distinction between optimization flags and general compiler arguments or their ordering as compilation arguments, so CFLAGS and OPT are not as useful as they may appear.
(b) OPT will unpredictably override (not append to) the configure'd value, and alter the logic path taken thru configure.
(c) EXTRA_CFLAGS does not affect configure, its only use is as an optional argument to the make command (it is appended to CFLAGS). this is not quite its original intent, but it has fewer (or no) side effects relative to CFLAGS or OPT.

remaining issues
(1) for expert / python-debug user:
in the original patch, both the optimized and debug python builds use the same OPT (RPM_OPT_FLAGS) (in particular, -O2 -g).
in this enhancement, OPT is deleted, so the presence or not of the configure argument --with-pydebug solely controls optimization.  the debug build now has -O0 (and also does NOT have -fwrapv); the optimized build now has -O3.

(2) side effects:
(a) modifying CFLAGS may affect patch4 (arch=sparc only?):
# Add $(CFLAGS) to the linker arguments when linking the "python" binary
# since some architectures (sparc64) need this (rhbz:199373).
# Not yet filed upstream
Patch4: python-2.5-cflags.patch

which CFLAGS are required? why? the patch doesn't clarify. it should be upstreamed.

the patch might not be compatible with EXTRA_CFLAGS and could be dropped here, but the downstream patch 11 python-2.7rc1-no-static-lib.patch needs to be fixed first.

(b) -D_GNU_SOURCE seems to be extraneous.
(c) -fwrapv (rhbz#594819? (access denied?)).  currently, configure supplies this in the optimized build; not clear that it is desirable in a debug build.
(d) -fPIC is extraneous, configure supplies it.

(3) in %check (make test) some tests fail (assertion error or potentially seg fault). the same tests pass here as in the original.  the current approach is to just EXCLUDE the failing tests (the list is generated manually by reviewing the build log). possible reasons for failure include: incorrect test (irritating); compiler/optimizer bug (tedious); python bug (worrisome).  hopefully the first and last causes are addressed upstream, but the second is more packaging-specific, and harder to address with upstream python if OPT is hardwired.
on arm in particular, there are currently some questionable failures, possibly due to optimizer bugs (e.g., http://bugs.python.org/issue8265).
is there a packaging protocol regarding use of (architecture-dependent) lower levels of optimization on release builds if it improves package 'quality'?
it should (now) be easy to run some parametrics on the optimized build using EXTRA_CFLAGS="-OX" to quantify.
if necessary, it is probably better to patch configure.in to replace optimized "-O3" than to revert to OPT.
Comment 13 Fedora End Of Life 2013-04-03 16:34:23 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 14 Fedora Admin XMLRPC Client 2013-05-10 00:57:53 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 15 Fedora Admin XMLRPC Client 2013-05-10 00:59:50 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 16 Fedora End Of Life 2015-01-09 17:28:09 EST
This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 17 Fedora End Of Life 2015-02-18 06:05:26 EST
Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.