fix: add linter for thread-unsafe C API uses

lvllvl · lvllvl · commit 5e57f305f5da · 2025-04-12T18:40:05.000Z
diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml
@@ -72,3 +72,21 @@ jobs:
     - name: Run Mypy
       run: |
         spin mypy
+  # This job checks for suspicious C API usage that may break nogil compatibility.
+  # It scans PR diffs for dangerous borrowed-referenced calls and fails if any are found.
+  lint-capi:
+    # To enable this workflow on a fork, comment out:
+    if: github.repository == 'numpy/numpy'
+    name: "C API Borrowed Ref Lint"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          submodules: recursive
+      - name: Run API Borrowed Ref Linter 
+        run: |
+          pip install -r requirements/build_requirements.txt
+          pip install -r requirements/test_requirements.txt
+          pip install ruff
+          spin lint
diff --git a/numpy/_core/src/umath/ufunc_object.c b/numpy/_core/src/umath/ufunc_object.c
@@ -1368,7 +1368,7 @@ _parse_axes_arg(PyUFuncObject *ufunc, int op_core_num_dims[], PyObject *axes,
          * Get axes tuple for operand. If not a tuple already, make it one if
          * there is only one axis (its content is checked later).
          */
-        op_axes_tuple = PyList_GET_ITEM(axes, iop);
+        op_axes_tuple = PyList_GET_ITEM(axes, iop); // noqa: borrowed-ref OK
         if (PyTuple_Check(op_axes_tuple)) {
             if (PyTuple_Size(op_axes_tuple) != op_ncore) {
                 /* must have been a tuple with too many entries. */
@@ -4939,7 +4939,7 @@ PyUFunc_RegisterLoopForDescr(PyUFuncObject *ufunc,
         function, arg_typenums, data);
 
     if (result == 0) {
-        cobj = PyDict_GetItemWithError(ufunc->userloops, key);
+        cobj = PyDict_GetItemWithError(ufunc->userloops, key); // noqa: borrowed-ref OK
         if (cobj == NULL && PyErr_Occurred()) {
             result = -1;
         }
@@ -5070,7 +5070,7 @@ PyUFunc_RegisterLoopForType(PyUFuncObject *ufunc,
      */
     int add_new_loop = 1;
     for (Py_ssize_t j = 0; j < PyList_GET_SIZE(ufunc->_loops); j++) {
-        PyObject *item = PyList_GET_ITEM(ufunc->_loops, j);
+        PyObject *item = PyList_GET_ITEM(ufunc->_loops, j); // noqa: borrowed-ref OK
         PyObject *existing_tuple = PyTuple_GET_ITEM(item, 0);
 
         int cmp = PyObject_RichCompareBool(existing_tuple, signature_tuple, Py_EQ);
@@ -5112,7 +5112,7 @@ PyUFunc_RegisterLoopForType(PyUFuncObject *ufunc,
     funcdata->nargs = 0;
 
     /* Get entry for this user-defined type*/
-    cobj = PyDict_GetItemWithError(ufunc->userloops, key);
+    cobj = PyDict_GetItemWithError(ufunc->userloops, key); // noqa: borrowed-ref OK
     if (cobj == NULL && PyErr_Occurred()) {
         goto fail;
     }
diff --git a/tools/ci/check_c_api_usage.sh b/tools/ci/check_c_api_usage.sh
@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+set -e
+
+# List of suspicious function calls:
+SUSPICIOUS_FUNCS=(
+    "PyList_GetItem"
+    "PyList_GET_ITEM"
+    "PyDict_GetItem"
+    "PyDict_GetItemWithError"
+    "PyDict_Next"
+    "PyDict_GetItemString"
+    "_PyDict_GetItemStringWithError"
+    "PySequence_Fast"
+)
+
+# Find all C/C++ source files in the repo
+# ALL_FILES=$(find . -type f \( -name "*.c" -o -name "*.h" -o -name "*.c.src" -o -name "*.cpp" \))
+ALL_FILES=$(find numpy -type f \( -name "*.c" -o -name "*.h" -o -name "*.c.src" -o -name "*.cpp" \))
+
+# For debugging: print out file count
+echo "Scanning $(echo "$ALL_FILES" | wc -l) C/C++ source files..."
+
+# Prepare a result file
+mkdir -p .tmp
+OUTPUT=$(mktemp .tmp/c_api_usage_report.XXXXXX.txt)
+echo -e "Running Suspicious C API usage report workflow...\n" > $OUTPUT
+
+FAIL=0
+
+# Scan each changed file
+for file in $ALL_FILES; do
+    
+    for func in "${SUSPICIOUS_FUNCS[@]}"; do
+        # -n     : show line number
+        # -P     : perl-style boundaries
+        # (?<!\w): check - no letter/number/underscore before
+        # (?!\w) : check - no letter/number/underscore after
+        matches=$(grep -n -P "(?<!\w)$func(?!\w)" "$file" || true)
+
+        # Check each match for 'noqa'
+        if [[ -n "$matches" ]]; then
+            while IFS= read -r line; do
+                if [[ "$line" != *"noqa: borrowed-ref OK"* ]]; then
+                    echo "Found suspcious call to $func in file: $file" >> "$OUTPUT"
+                    echo " -> $line" >> "$OUTPUT"
+                    echo "Recommendation:" >> "$OUTPUT"
+                    echo "If this use is intentional and safe, add '// noqa: borrowed-ref OK' on the same line to silence this warning." >> "$OUTPUT"
+                    echo "Otherwise, consider replacing $func with a thread-safe API function." >> "$OUTPUT"
+                    echo "" >> "$OUTPUT"
+                    FAIL=1
+                fi 
+            done <<< "$matches"
+        fi
+    done
+done
+
+if [[ $FAIL -eq 1 ]]; then
+    echo "C API borrow-ref linter found issues."
+else
+    echo "C API borrow-ref linter found no issues."
+fi
+
+cat "$OUTPUT"
+exit "$FAIL"
diff --git a/tools/linter.py b/tools/linter.py
@@ -36,7 +36,20 @@ def run_lint(self, fix: bool) -> None:
 
         errors and print(errors)
 
-        sys.exit(retcode)
+        # Running borrowed ref checker
+        print("Running C API borrow-reference linter...")
+        borrowed_ref_script = os.path.join(self.repository_root, "tools", "ci", "check_c_api_usage.sh")
+        borrowed_res = subprocess.run(
+            ["bash", borrowed_ref_script],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.STDOUT,
+            encoding="utf-8",
+        )
+        print(borrowed_res.stdout)
+        
+        # Exit with non-zero if either Ruff or C API check fails
+        final_code = retcode or borrowed_res.returncode
+        sys.exit(final_code)
 
 
 if __name__ == "__main__":
