From f9056aa4ab52508fcfd4e2936a1750711e02bf5e Mon Sep 17 00:00:00 2001 From: David Gidwani Date: Wed, 3 Dec 2025 18:17:14 -0500 Subject: [PATCH 1/2] fix(build): hide C++ symbols to prevent conflicts with numpy/sklearn (#247) - Add -fvisibility=hidden and -fvisibility-inlines-hidden compile flags - Add -Wl,--exclude-libs,ALL linker flag for Linux builds - Prevents __cxa_* C++ ABI symbols from being exported - Fixes "free(): invalid size" crash when importing hyperscan before sklearn --- CMakeLists.txt | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index fe6a7c8..69dc629 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -513,7 +513,14 @@ endif() if(WIN32) target_compile_options(${HS_EXT_NAME} PRIVATE ${HS_CMAKE_COMMON_FLAGS}) else() - target_compile_options(${HS_EXT_NAME} PRIVATE -fPIC -D_GLIBCXX_USE_CXX11_ABI=1) + # Hide all symbols by default to prevent conflicts with other C++ extensions + # (e.g., numpy, scipy, sklearn) that may use the same C++ runtime symbols + target_compile_options(${HS_EXT_NAME} PRIVATE + -fPIC + -D_GLIBCXX_USE_CXX11_ABI=1 + -fvisibility=hidden + -fvisibility-inlines-hidden + ) target_link_options(${HS_EXT_NAME} PRIVATE -O0) endif() @@ -523,6 +530,7 @@ if("$ENV{AUDITWHEEL_PLAT}" MATCHES "musllinux") target_link_options(${HS_EXT_NAME} PRIVATE -Wl,-s -Wl,--gc-sections + -Wl,--exclude-libs,ALL -static-libgcc -Wl,--whole-archive -l:libstdc++.a @@ -541,12 +549,16 @@ elseif(NOT WIN32) -Wl,--no-as-needed -Wl,--copy-dt-needed-entries -Wl,--no-allow-shlib-undefined + -Wl,--exclude-libs,ALL ) target_link_libraries(${HS_EXT_NAME} PRIVATE ${HS_LIBS}) target_link_libraries(${HS_EXT_NAME} PRIVATE -Wl,--push-state -Wl,-Bstatic -lstdc++ -Wl,--pop-state) else() - # Other Linux platforms - target_link_options(${HS_EXT_NAME} PRIVATE -Wl,--no-as-needed) + # Other Linux platforms (local dev, CI without auditwheel) + target_link_options(${HS_EXT_NAME} PRIVATE + -Wl,--no-as-needed + -Wl,--exclude-libs,ALL + ) target_link_libraries(${HS_EXT_NAME} PRIVATE ${HS_LIBS}) target_link_libraries(${HS_EXT_NAME} PRIVATE stdc++) endif() From 74070571ed021f23b1739888dd1cd989c73eabab Mon Sep 17 00:00:00 2001 From: David Gidwani Date: Wed, 3 Dec 2025 18:26:42 -0500 Subject: [PATCH 2/2] ci(build): fetch PR head ref to fix file change detection The workflow was only fetching the base ref but not the PR head ref, causing git diff to fail silently when comparing commits. This resulted in CMakeLists.txt changes not being detected properly. --- .github/workflows/build.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 42cc3f6..24dd812 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -101,10 +101,11 @@ jobs: exit 0 fi - # Set up PR refs and fetch base branch to ensure we have the commits + # Set up PR refs - fetch BOTH base and head to ensure commits are available BASE_SHA="${{ github.event.pull_request.base.sha }}" HEAD_SHA="${{ github.event.pull_request.head.sha }}" git fetch origin "${{ github.event.pull_request.base.ref }}" --quiet || true + git fetch origin "pull/${{ github.event.pull_request.number }}/head:pr-head" --quiet || true # Check all commits in the PR for [build] COMMIT_MSGS=$(git log --format=%B "${BASE_SHA}..${HEAD_SHA}" 2>/dev/null || echo "") @@ -116,6 +117,10 @@ jobs: # Check which files changed in the PR CHANGED_FILES=$(git diff --name-only "${BASE_SHA}" "${HEAD_SHA}" 2>/dev/null || echo "") + + # Debug: show what we found + echo "Changed files in PR:" + echo "$CHANGED_FILES" else # For pushes, check if the head commit message contains [build] if [[ "${{ contains(github.event.head_commit.message, '[build]') }}" == "true" ]]; then @@ -147,7 +152,7 @@ jobs: fi fi - RESULT=1 + RESULT=0 echo "$CHANGED_FILES" | grep -q -E '^(src/hyperscan/|README.md|CMakeLists.txt|pyproject.toml|MANIFEST.in|cmake/)' || RESULT=$? if [[ "$RESULT" -eq 0 ]]; then