JIT global-to-constant promotion doesn't properly validate the globals dictionary at runtime

# Bug report

This code raises a `NameError` with the JIT disabled, and succeeds with the JIT enabled:

```py
import types

GLOBAL = 42

def make_f():
    def f():
        return GLOBAL
    return f

make_f_with_bad_globals = types.FunctionType(make_f.__code__, {})

def jitted(funcs):
    for func in funcs:
        func()

def main():
    # Make a "good" f:
    f = make_f()
    # Compile jitted for the "good" f:
    jitted([f] * 4096)
    # This "bad" f has different globals, but the *same* code/function versions:
    f_with_bad_globals = make_f_with_bad_globals()
    # A "good" f to enter the JIT code, and a "bad" f to trigger the bug:
    jitted([f, f_with_bad_globals])

main()
```

We're relying on the function version to guarantee the correct globals. Functions that are created from the same code object share the same function version, but *don't* necessarily share the same globals.

The fix is probably to insert runtime checks for the identity of the globals dictionary (instead of the function version) in `remove_globals`. An identity check is safe, since if the original globals dict is deallocated then the trace will be invalidated anyways.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

JIT global-to-constant promotion doesn't properly validate the globals dictionary at runtime #136154

Bug report

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

JIT global-to-constant promotion doesn't properly validate the globals dictionary at runtime #136154

Description

Bug report

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions