18.11.17 16:17, Nick Coghlan пише:

On 18 November 2017 at 10:01, Victor Stinner wrote:

...

I'm writing this email to ask if this change is an issue or not to embedded Python and the Python C API. Is it still possible to call "all" functions of the C API before calling Py_Initialize()?

It isn't technically permitted to call any of them, unless their documentation specifically says that calling them before `Py_Initialize` is permitted (and that permission is only given for a select few configuration APIs in https://docs.python.org/3/c-api/init.html).

The Py_Initialize() is not complete. It mentions only Py_SetProgramName(), Py_SetPythonHome() and Py_SetPath(). But in other places it is documented that Py_SetStandardStreamEncoding(), PyImport_AppendInittab(), PyImport_ExtendInittab() should be called before Py_Initialize(). And the embedding examples call Py_DecodeLocale() before Py_Initialize(). PyMem_RawMalloc(), PyMem_RawFree() and PyInitFrozenExtensions() are called before Py_Initialize() in Py_FrozenMain(). Also these functions call _PyMem_RawStrdup(). Hence, the minimal set of functions that can be called before Py_Initialize() is: * Py_SetProgramName() * Py_SetPythonHome() * Py_SetPath() * Py_SetStandardStreamEncoding() * PyImport_AppendInittab() * PyImport_ExtendInittab() * Py_DecodeLocale() * PyMem_RawMalloc() * PyMem_RawFree() * PyInitFrozenExtensions()

19.11.17 04:17, Nick Coghlan пише:

1. Breaking calling Py_DecodeLocale() before calling Py_Initialize() is a compatibility break with the API implied by our own usage examples, and we'll need to revert the breakage for 3.7, and ensure at least one release's worth of DeprecationWarning before requiring either the use of an alternative API (where the caller controls the memory management), or else a new lower level pre-initialization API (i.e. making `PyRuntime_Initialize` a public API)

There is a way to to control the memory manager. The caller should just define their own PyMem_RawMalloc(), PyMem_RawFree(), etc. It seems to me that the reasons of introducing these functions were: 1. Get around the implementation detail when malloc(0) could return NULL. PyMem_RawMalloc() always should return an unique address (unless error). 2. Allow the caller to control the memory management by providing their own implementations. Let use existing possibilities and not expand the API. I don't think the deprecation and breaking compatibility are needed here.

On 19 November 2017 at 18:52, Victor Stinner wrote:

Maybe we can find a compromise: revert the change on memory allocators. They are too special to require to call PyRuntime_Init().

Currently, you cannot call PyMem_SetAllocators() before PyRuntime_Init().

At least the raw allocators, anyway - that way, the developer facing documentation/comments can just say that the raw allocators can't have any prerequisites that aren't shared by regular malloc/calloc/realloc/free calls. If that's enough to get Py_DecodeLocale working again prior to _PyRuntime_Init(), then I'd suggest officially adding that to the "must work prior to Py_Initialize" list, otherwise we can re-examine it based on whatever's still broken after reverting the raw allocator changes. Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia

On Nov 18, 2017 19:20, "Nick Coghlan" wrote: OK, in that case I think the answer to Victor's question is: 1. Breaking calling Py_DecodeLocale() before calling Py_Initialize() is a compatibility break with the API implied by our own usage examples, and we'll need to revert the breakage for 3.7, +1 The break was certainly unintentional. :/ Fortunately, Py_DecodeLocale() should be the only "Process-wide parameter" needing repair. I suppose, PyMem_RawMalloc() and PyMem_RawFree() *could* be considered too, but my understanding is that they aren't really intended for direct use (especially pre-init). and ensure at least one release's worth of DeprecationWarning before requiring either the use of an alternative API (where the caller controls the memory management), or else a new lower level pre-initialization API (i.e. making `PyRuntime_Initialize` a public API) There shouldn't be a need to deprecate anything, right? We just need to restore the pre-init behavior of Py_DecodeLocale. 2. We should provide a consolidated list of these functions in the C API initialization docs +1 PyMem_Raw*() do not belong in that group, right? Again, my understanding is that they aren't intended for direct third-party use (are they even a part of the C-API?), and particularly pre-init. That Py_DecodeLocale() can use PyMem_RawMalloc() pre-init is an implementation detail. 3. We should add more test cases to _testembed.c that ensure they all work correctly prior to Py_Initialize (some of them are already tested there, but definitely not all of them) +1 -eric

On Mon, Nov 20, 2017 at 8:43 AM, Victor Stinner wrote:

2017-11-20 16:31 GMT+01:00 Eric Snow :

...

That Py_DecodeLocale() can use PyMem_RawMalloc() pre-init is an implementation detail.

Py_DecodeLocale() uses PyMem_RawMalloc(), and so its result must be freed by PyMem_RawFree(). It's part the documentation.

Ah, I'd missed that. Thanks for pointing it out.

I'm not sure that I understood correctly. Do you agree to move "PyMem" globals back to Objects/obmalloc.c? (to allow to call PyMem_RawMalloc() before Py_Initialize())

I'm okay with that if we can't find another way. However, shouldn't we be able to statically initialize the raw allocator in _PyRuntime, much as we were doing before in obmalloc.c? I have a rough PR up: https://github.com/python/cpython/pull/4481 Also, I opened https://bugs.python.org/issue32096 for the regression. Thanks for bringing it up. -eric

On Mon, Nov 20, 2017 at 3:03 PM, Victor Stinner wrote:

To statically initialize PyMemAllocatorEx fields, you need to export a lot of allocator functions. I would prefer to not do that.

[snip]

The rules to choose the allocator to each domain are also complex depending if pymalloc is enabled, debug hooks are enabled by default, etc. The memory allocator is also linked to _PyMem_Debug which is not currently in Include/internals/ but Objects/obmalloc.c.

I'm not suggesting supporting the full machinery. Rather, as my PR demonstrates, we can statically initialize the minimum needed to support pre-init use of PyMem_RawMalloc() and PyMem_RawFree(). The allocators will be fully initialized once the runtime is initialized (i.e. once Py_Initialize() is called), just as they are now. FWIW, I'm not sure that's the best approach. See my notes in https://bugs.python.org/issue32096.

I understand that moving global variables to _PyRuntime helps to clarify how these variables are initialized and then finalized, but memory allocators are a complex corner case.

Agreed. I spent a large portion of my time getting the allocators right when working on the original _PyRuntime patch. It's tricky code. -eric

On Wed, 22 Nov 2017 10:38:32 +0100 Victor Stinner wrote:

I fixed the issue by calling _PyRuntime_Initialize() as the very first function in main().

I also had to add _PyMem_GetDefaultRawAllocator() to get a deterministic memory allocator, rather than depending on the allocator set an application embedding Python, we must be sure that the same allocator is used to initialize and finalize Python.

This is a bit worrying. Do Python embedders have to go through the same dance? IMHO this really needs a simple solution documented somewhere. Also, hopefully when you do the wrong thing, you get a clear error message to know how to fix your code? Regards Antoine.

On Wed, 22 Nov 2017 12:12:32 +0100 Victor Stinner wrote:

2017-11-22 12:04 GMT+01:00 Antoine Pitrou :

...

IMHO this really needs a simple solution documented somewhere. Also, hopefully when you do the wrong thing, you get a clear error message to know how to fix your code?

Right now, calling PyMem_RawMalloc() before calling _PyRuntime_Initialize() calls the function at address NULL, so you get a segmentation fault.

Can we get something more readable? For example: FATAL ERROR: PyMem_RawMalloc(): malloc function is NULL, did you call _PyRuntime_Initialize? Regards Antoine.

On 21 November 2017 at 01:31, Eric Snow wrote:

On Nov 18, 2017 19:20, "Nick Coghlan" wrote:

OK, in that case I think the answer to Victor's question is:

1. Breaking calling Py_DecodeLocale() before calling Py_Initialize() is a compatibility break with the API implied by our own usage examples, and we'll need to revert the breakage for 3.7,

+1

The break was certainly unintentional. :/ Fortunately, Py_DecodeLocale() should be the only "Process-wide parameter" needing repair. I suppose, PyMem_RawMalloc() and PyMem_RawFree() *could* be considered too, but my understanding is that they aren't really intended for direct use (especially pre-init).

PyMem_RawFree will need to continue working pre-initialize as well, since it's the specified cleanup function for Py_DecodeLocale. Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia

On Thu, 23 Nov 2017 10:37:59 +0100 "M.-A. Lemburg" wrote:

On 18.11.2017 01:01, Victor Stinner wrote:

...

Hi,

The CPython internals evolved during Python 3.7 cycle. I would like to know if we broke the C API or not.

Nick Coghlan and Eric Snow are working on cleaning up the Python initialization with the "on going" PEP 432: https://www.python.org/dev/peps/pep-0432/

Many global variables used by the "Python runtime" were move to a new single "_PyRuntime" variable (big structure made of sub-structures). See Include/internal/pystate.h.

A side effect of moving variables from random files into header files is that it's not more possible to fully initialize _PyRuntime at "compilation time". For example, previously, it was possible to refer to local C function (functions declared with "static", so only visible in the current file). Now a new "initialization function" is required to must be called.

In short, it means that using the "Python runtime" before it's initialized by _PyRuntime_Initialize() is now likely to crash. For example, calling PyMem_RawMalloc(), before calling _PyRuntime_Initialize(), now calls the function NULL: dereference a NULL pointer, and so immediately crash with a segmentation fault.

To prevent a complete crash, would it be possible to initialize the struct entries to a generic function (or set of such functions with the right signatures), which then issue a message to stderr hinting to the missing call to _PyRuntime_Initialize() before terminating ?

+1. This sounds like a good idea. Regards Antoine.

On 24 November 2017 at 09:19, Victor Stinner wrote:

Hi,

We are close to the 3.7a3 release and the bug is not fixed yet. I propose to revert the changes on memory allocators right now, and take time to design a proper fix which will respect all constraints.

https://github.com/python/cpython/pull/4532

Today, someone came to me on IRC to complain that calling Py_DecodeLocale() does now crash on Python 3.7. He is doing tests to embed Python on Android. Later he asks me about PyImport_AppendInittab(), but I don't know this function. He told me that it does crash in PyMem_Realloc()... But PyImport_AppendInittab() must be called before Py_Initialize()...

It confirms that Python is embedded and that the C API is used before Py_Initialize().

We don't know yet exactly how the the C API is used, which functions are called before Py_Initialize().

We do note some of them explicitly at https://docs.python.org/3/c-api/init.html (search for "before Py"). What we've been missing is a test case that ensures https://docs.python.org/3/extending/embedding.html#very-high-level-embedding actually works reliably (hence how we managed to break it by way of the internal state management refactoring). Once that core regression has been fixed, we can review the docs and the test suite and come up with: - a consolidated list of *all* the APIs that can safely be called before Py_Initialize - one or more new or updated test cases to ensure that any not yet tested pre-initialization APIs actually work as intended

Moreover, PEP 432 implementation is still incomplete, and calling _PyRuntime_Initialize() is just not possible, since it's a private API which is not exported...

Even after we reach the point of exposing the more fine-grained initialisation API (which I'm now thinking we may be able to do for 3.8 given Eric & Victor's work on it for 3.7), we're still going to have to ensure the existing configuration API keeps working as expected. Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia

On 24 November 2017 at 12:21, Glenn Linderman wrote:

On 11/23/2017 5:31 PM, Nick Coghlan wrote:

- a consolidated list of *all* the APIs that can safely be called before Py_Initialize

So it is interesting to know that list, of course, but the ones that are to be supported and documented might be a smaller list. Or might not.

Ah, sorry - "safely" was a bit ambiguous there. By "safely" I meant "CPython has a regression test that ensures that particular API will keep working before Py_Initialize(), regardless of any changes we may make to the way we handle interpreter initialization". We've long had a lot of other APIs that happen to work well enough for CPython itself to get away with using them during the startup process, but the official position on those is "Don't count on these APIs working prior to Py_Initialize() in the general case - we only get away with it because we can adjust the exact order in which we do things in order to account for any other changes that break it". Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia

24.11.17 04:21, Glenn Linderman пише:

On 11/23/2017 5:31 PM, Nick Coghlan wrote:

...

- a consolidated list of *all* the APIs that can safely be called before Py_Initialize So it is interesting to know that list, of course, but the ones that are to be supported and documented might be a smaller list. Or might not.

This is a small list, 11 functions.