ruff binary varies from ASLR

astral-sh / ruff

An extremely fast Python linter and code formatter, written in Rust.

https://docs.astral.sh/ruff

MIT License

28.79k stars 933 forks source link

ruff binary varies from ASLR #12169

Open bmwiedemann opened 4 days ago

bmwiedemann commented 4 days ago

While working on reproducible builds for openSUSE, I found that our python-ruff package varies from Address-Space-Layout-Randomization (ASLR).

I reproduced this with both 0.5.0 and 0.4.10.

It is a variation that happens with low-entropy - maybe just 1 bit, so occasionally, two identical ruff binaries are produced.

I uploaded two 0.5.0 binaries and a diff into http://rb.zq1.de/other/python-ruff/ - maybe something related to rust/llvm.

MichaReiser commented 4 days ago

Scanning through the diff, it seems that most (all?) are related to the libCST dependency.

Maybe a non-determinism in their macro?

bmwiedemann commented 4 days ago

grep ^- ruff-strings-diff.txt | grep -vi libcst also shows

-anon.ea5251168591221b31fa999991ef59a1.39.llvm.6396498261944353430
-_ZN60_$LT$alloc..string..String$u20$as$u20$core..fmt..Display$GT$3fmt17hb6d27bec17dc24a4E.llvm.1673184941240675199