nogil set `clear` causes concurrent `str` to print as empty dict #129967

luisggpina · 2025-02-10T17:22:11Z

Bug report

Bug description:

Hi,

We're a research group focused on testing concurrent runtimes. Our work-in-progress prototype found that the current nogil build __str__ can return "{}" (empty dict) instead of the expected "set()" when there is a concurrent clear() operation. The program below shows the wrong behavior:

import threading
import sys
def t0(b1,s,res):
    b1.wait()
    s.clear()

def t1(b1,s,res):
    b1.wait()
    res.append(s.__str__())

def Test():
  s =  {17, 18, 'a', 'b', 'c', 'd', 'e'}
  threads=[]
  barrier = threading.Barrier(2)
  res = []
  threads.append(threading.Thread(target= t0, args=(barrier, s,res)))
  threads.append(threading.Thread(target= t1, args=(barrier, s,res)))
  for i in range(0, len(threads)):
      threads[i].start()
  for i in range(0, len(threads)):
      threads[i].join()
  if res[0] == "{}":
      print("found bug: " + res[0])

print("test begin...")
for i in range(0,50000):
  threads = []
  if i % 1000 == 0:
      print(i)
  for i in range(0,100):
      threads.append(threading.Thread(target= Test))
  for t in threads:
      t.start()
  for t in threads:
      t.join()
print("test Done")

Sample output:

test begin...
0
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}
found bug: {}

This behavior can be observed quite readily. We tested it on a number of x86_64 and one ARM machine.

@flypoodles and @overlorde are part of the team, adding them so they get notified about further discussion.

CPython versions tested on:

3.14, CPython main branch

Operating systems tested on:

Linux

Linked PRs

The text was updated successfully, but these errors were encountered:

colesbury · 2025-02-10T19:23:14Z

Thanks - this is a bit of a weird one:

We lock the set before calling str() or repr()
However, when printing the set we call PySequence_List, which internally tries to lock both the newly created list and the set a second time. This leads to the unlocking + relocking behavior, which allows another thread to clear the set in the meantime. @Yhg1s's recursive critical section optimization doesn't apply here because it's a two-object critical section, not a simple one object critical section.

This can happen in the GIL-enabled build too, at least in Python 3.11 and earlier, where PySequence_List() can trigger arbitrary code by the GC running.

I think we should do two things:

We should make set_repr_lock_held() more robust and check the size of the list that results from PySequence_List.
We should attempt to avoid the slow relocking behavior in set_repr_lock_held.

The call to `PySequence_List()` could temporarily unlock and relock the set, allowing the items to be cleared and return the incorrect notation `{}` for a empty set (it should be `set()`).

The call to `PySequence_List()` could temporarily unlock and relock the set, allowing the items to be cleared and return the incorrect notation `{}` for a empty set (it should be `set()`). Co-authored-by: T. Wouters <[email protected]>

…29978) The call to `PySequence_List()` could temporarily unlock and relock the set, allowing the items to be cleared and return the incorrect notation `{}` for a empty set (it should be `set()`). (cherry picked from commit a7427f2) Co-authored-by: Sam Gross <[email protected]> Co-authored-by: T. Wouters <[email protected]>

…30020) The call to `PySequence_List()` could temporarily unlock and relock the set, allowing the items to be cleared and return the incorrect notation `{}` for a empty set (it should be `set()`). (cherry picked from commit a7427f2) Co-authored-by: T. Wouters <[email protected]>

colesbury · 2025-02-11T23:18:48Z

Thanks @luisggpina - this is fixed now in the main and 3.13 branches.

luisggpina added the type-bug An unexpected behavior, bug, or error label Feb 10, 2025

picnixz added interpreter-core (Objects, Python, Grammar, and Parser dirs) infra CI, GitHub Actions, buildbots, Dependabot, etc. topic-free-threading and removed infra CI, GitHub Actions, buildbots, Dependabot, etc. labels Feb 10, 2025

picnixz marked this as a duplicate of #129968 Feb 10, 2025

bedevere-app bot mentioned this issue Feb 10, 2025

gh-129967: Fix race condition in repr(set) #129978

Merged

colesbury added a commit to colesbury/cpython that referenced this issue Feb 11, 2025

Merge branch 'main' into pythongh-129967-set-repr-clear

bfdc05a

bedevere-app bot mentioned this issue Feb 11, 2025

[3.13] gh-129967: Fix race condition in repr(set) (gh-129978) #130020

Merged

colesbury closed this as completed Feb 11, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nogil set `clear` causes concurrent `str` to print as empty dict #129967

nogil set `clear` causes concurrent `str` to print as empty dict #129967

luisggpina commented Feb 10, 2025 •

edited by bedevere-app bot

Loading

colesbury commented Feb 10, 2025

colesbury commented Feb 11, 2025

nogil set clear causes concurrent __str__ to print as empty dict #129967

nogil set clear causes concurrent __str__ to print as empty dict #129967

Comments

luisggpina commented Feb 10, 2025 • edited by bedevere-app bot Loading

Bug report

Bug description:

CPython versions tested on:

Operating systems tested on:

Linked PRs

colesbury commented Feb 10, 2025

colesbury commented Feb 11, 2025

nogil set `clear` causes concurrent `str` to print as empty dict #129967

nogil set `clear` causes concurrent `str` to print as empty dict #129967

luisggpina commented Feb 10, 2025 •

edited by bedevere-app bot

Loading