fix(iast): wrong memory address in subprocess in mcp servers #15514

avara1986 · 2025-12-04T15:33:13Z

IAST-enabled applications using Gunicorn/Uvicorn workers were experiencing segmentation faults (~33% crash rate on MCP streaming requests) due to memory corruption when processes fork.

Root Cause

C++ global singletons (taint_engine_context, initializer) initialized at module load
Taint maps storing PyObject pointers by memory address
Child processes after fork inherited stale pointers from parent process memory
Accessing these stale pointers → use-after-free → SIGSEGV crash

Solution

Implemented pthread_atfork handler that automatically resets C++ global state in child processes after every fork:
Added comprehensive null-check wrappers around all native functions to prevent crashes when native state is
Fixed test regression issues where context slots weren't being freed:

ASAN Verification

AddressSanitizer (ASAN) is a fast memory error detector that catches use-after-free, buffer overflows, and other memory corruption bugs at runtime.

1. Runtime Environment (No Recompilation Required)

The simplest way to test is using LD_PRELOAD with the system's libasan:

# Find your system's ASAN library
ASAN_LIB=$(gcc -print-file-name=libasan.so)

# Run tests with ASAN enabled
LD_PRELOAD=$ASAN_LIB \
ASAN_OPTIONS="detect_leaks=0:symbolize=1:abort_on_error=0" \
python3 -m pytest tests/appsec/iast/test_fork_handler_regression.py -v

ASAN_OPTIONS explained:

detect_leaks=0 - Disable leak detection (Python has many false positives)
symbolize=1 - Show human-readable stack traces
abort_on_error=0 - Continue after first error (collect all errors)

2. Build with ASAN (Optional, for deeper analysis)

For more thorough testing, compile the native extension with ASAN:

# Set compilation flags
export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
export CXXFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=address"

# Rebuild the extension
pip install --no-build-isolation --force-reinstall -e .

# Run tests (LD_PRELOAD not needed when compiled with ASAN)
ASAN_OPTIONS="detect_leaks=0:symbolize=1:abort_on_error=0" \
python3 -m pytest tests/appsec/iast/test_fork_handler_regression.py -v

Minimal Reproduction Test

This script demonstrates the fork safety fix and can be used to verify ASAN finds no errors:

#!/usr/bin/env python3
"""Minimal fork safety reproduction test for ASAN verification."""
import os
from ddtrace.appsec._iast._taint_tracking import OriginType
from ddtrace.appsec._iast._taint_tracking._native import initialize_native_state
from ddtrace.appsec._iast._taint_tracking._taint_objects import taint_pyobject
from ddtrace.appsec._iast._taint_tracking._context import (
    start_request_context,
    debug_context_array_free_slots_number,
    debug_num_tainted_objects
)

def main():
    print(f"[Parent PID {os.getpid()}] Initializing IAST...")

    # Initialize native state
    initialize_native_state()

    # Create context and tainted objects in parent
    ctx_id = start_request_context()
    print(f"[Parent] Context created: {ctx_id}")

    # Create some tainted objects (populates native maps)
    for i in range(10):
        taint_pyobject(f"data_{i}", "source", f"value_{i}", OriginType.PARAMETER)

    tainted_count = debug_num_tainted_objects(ctx_id)
    print(f"[Parent] Tainted objects: {tainted_count}")

    # Fork
    pid = os.fork()

    if pid == 0:
        # Child process
        print(f"[Child PID {os.getpid()}] Started after fork")

        # Verify pthread_atfork reset worked
        free_slots = debug_context_array_free_slots_number()
        print(f"[Child] Free slots: {free_slots}")

        if free_slots > 0:
            print("[Child] ✅ Context slots were reset (pthread_atfork worked!)")
            os._exit(0)  # Success
        else:
            print("[Child] ❌ Context slots NOT reset")
            os._exit(1)  # Failure
    else:
        # Parent waits for child
        _, status = os.waitpid(pid, 0)
        exit_code = os.WEXITSTATUS(status)

        if exit_code == 0:
            print(f"[Parent] ✅ Child exited cleanly - Fork safety verified!")
            return 0
        else:
            print(f"[Parent] ❌ Child failed with exit code {exit_code}")
            return 1

if __name__ == "__main__":
    exit(main())

Run with ASAN:

# Save the script as test_fork_asan.py
# Run with ASAN enabled
LD_PRELOAD=$(gcc -print-file-name=libasan.so) \
ASAN_OPTIONS="detect_leaks=0:symbolize=1:abort_on_error=0" \
python3 test_fork_asan.py

Expected output (success):

[Parent PID 12345] Initializing IAST...
[Parent] Context created: 0
[Parent] Tainted objects: 10
[Child PID 12346] Started after fork
[Child] Free slots: 2
[Child] ✅ Context slots were reset (pthread_atfork worked!)
[Parent] ✅ Child exited cleanly - Fork safety verified!

What ASAN would report WITHOUT this fix:

==12346==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040
==12346==The signal is caused by a READ memory access.
    #0 0x7f... in get_tainted_object_map_by_ctx_id
    #1 0x7f... in debug_context_array_free_slots_number

github-actions · 2025-12-04T15:33:54Z

CODEOWNERS have been resolved as:

ddtrace/appsec/_iast/_taint_tracking/api/safe_context.cpp               @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/api/safe_context.h                 @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/api/safe_initializer.cpp           @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/api/safe_initializer.h             @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/api/utils.h                        @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/tests/test_safe_wrappers.cpp       @DataDog/asm-python
releasenotes/notes/fix-iast-fork-worker-crashes-44a1f14516fb44a2.yaml   @DataDog/apm-python
tests/appsec/iast/test_safe_wrappers_and_initialization.py              @DataDog/asm-python
ddtrace/appsec/_iast/__init__.py                                        @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/CMakeLists.txt                     @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/__init__.py                        @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_extend.cpp          @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_extend.h            @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_format.cpp          @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_format.h            @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_index.cpp           @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_index.h             @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_join.cpp            @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_join.h              @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_modulo.cpp          @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_modulo.h            @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_operator_add.cpp    @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_operator_add.h      @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_slice.cpp           @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_slice.h             @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_split.cpp           @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_split.h             @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_str.cpp             @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspect_str.h               @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspects_os_path.cpp        @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/aspects_os_path.h          @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/helpers.cpp                @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects/helpers.h                  @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/context/taint_engine_context.cpp   @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/context/taint_engine_context.h     @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/native.cpp                         @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/taint_tracking/taint_range.cpp     @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/taint_tracking/taint_range.h       @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/taint_tracking/tainted_object.cpp  @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/tainted_ops/tainted_ops.cpp        @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/tests/test_helpers.cpp             @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/tests/test_index_aspect.cpp        @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/tests/test_modulo_aspect.cpp       @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/tests/test_taint_engine_context.cpp  @DataDog/asm-python
ddtrace/internal/settings/asm.py                                        @DataDog/asm-python
tests/appsec/iast/aspects/conftest.py                                   @DataDog/asm-python
tests/appsec/iast/aspects/test_aspect_helpers.py                        @DataDog/asm-python
tests/appsec/iast/conftest.py                                           @DataDog/asm-python
tests/appsec/iast/fixtures/integration/main_configure.py                @DataDog/asm-python
tests/appsec/iast/taint_tracking/conftest.py                            @DataDog/asm-python
tests/appsec/iast/taint_tracking/test_native_taint_range.py             @DataDog/asm-python
tests/appsec/iast/test_fork_handler_regression.py                       @DataDog/asm-python
tests/appsec/iast_memcheck/test_iast_mem_check.py                       @DataDog/asm-python
tests/appsec/integrations/django_tests/django_app/views.py              @DataDog/asm-python
tests/appsec/integrations/django_tests/test_iast_django_testagent.py    @DataDog/asm-python
tests/appsec/integrations/fastapi_tests/test_fastapi_appsec_iast.py     @DataDog/asm-python
tests/appsec/integrations/fastapi_tests/test_iast_mcp_testagent.py      @DataDog/asm-python
tests/appsec/integrations/flask_tests/test_iast_flask.py                @DataDog/asm-python
tests/appsec/integrations/packages_tests/conftest.py                    @DataDog/asm-python

github-actions · 2025-12-04T16:07:05Z

Bootstrap import analysis

Comparison of import times between this PR and base.

Summary

The average import time from this PR is: 247 ± 2 ms.

The average import time from base is: 251 ± 2 ms.

The import time difference between this PR and base is: -4.3 ± 0.1 ms.

Import time breakdown

The following import paths have shrunk:

ddtrace.auto 2.777 ms (1.13%)

ddtrace.bootstrap.sitecustomize 1.413 ms (0.57%)

ddtrace.bootstrap.preload 1.413 ms (0.57%)

ddtrace.internal.remoteconfig.client 0.667 ms (0.27%)

ddtrace 1.364 ms (0.55%)

ddtrace._logger 0.684 ms (0.28%)

ddtrace.internal.telemetry 0.684 ms (0.28%)

ddtrace.internal.telemetry.writer 0.684 ms (0.28%)

ddtrace.internal.utils.version 0.684 ms (0.28%)

ddtrace.version 0.684 ms (0.28%)

ddtrace.internal._unpatched 0.032 ms (0.01%)

json 0.032 ms (0.01%)

json.decoder 0.032 ms (0.01%)

re 0.032 ms (0.01%)

enum 0.032 ms (0.01%)

types 0.032 ms (0.01%)

pr-commenter · 2025-12-04T16:33:18Z

Performance SLOs

Comparing candidate avara1986/APPSEC-60135_iast_potencial_error (88aa593) with baseline main (21b25aa)

❌ Test Failures (1 suite)

❌ packagespackageforrootmodulemapping - 3/4

❌ cache_off

Time: ✅ 345.408ms (SLO: <354.300ms -2.5%) vs baseline: -1.0%

Memory: ❌ 41.625MB (SLO: <41.500MB +0.3%) vs baseline: +5.1%

✅ cache_on

Time: ✅ 0.381µs (SLO: <10.000µs 📉 -96.2%) vs baseline: -0.4%

Memory: ✅ 40.170MB (SLO: <41.000MB -2.0%) vs baseline: +5.3%

📈 Performance Regressions (2 suites)

📈 iastaspectsospath - 24/24

✅ ospathbasename_aspect

Time: ✅ 5.113µs (SLO: <10.000µs 📉 -48.9%) vs baseline: 📈 +24.1%

Memory: ✅ 38.496MB (SLO: <41.000MB -6.1%) vs baseline: +0.3%

✅ ospathbasename_noaspect

Time: ✅ 1.082µs (SLO: <10.000µs 📉 -89.2%) vs baseline: -0.8%

Memory: ✅ 38.555MB (SLO: <41.000MB -6.0%) vs baseline: +0.3%

✅ ospathjoin_aspect

Time: ✅ 5.971µs (SLO: <10.000µs 📉 -40.3%) vs baseline: -4.0%

Memory: ✅ 38.240MB (SLO: <41.000MB -6.7%) vs baseline: ~same

✅ ospathjoin_noaspect

Time: ✅ 2.300µs (SLO: <10.000µs 📉 -77.0%) vs baseline: +0.3%

Memory: ✅ 38.457MB (SLO: <41.000MB -6.2%) vs baseline: +0.5%

✅ ospathnormcase_aspect

Time: ✅ 3.449µs (SLO: <10.000µs 📉 -65.5%) vs baseline: +0.2%

Memory: ✅ 38.555MB (SLO: <41.000MB -6.0%) vs baseline: +0.4%

✅ ospathnormcase_noaspect

Time: ✅ 0.575µs (SLO: <10.000µs 📉 -94.2%) vs baseline: +1.5%

Memory: ✅ 38.555MB (SLO: <41.000MB -6.0%) vs baseline: +0.6%

✅ ospathsplit_aspect

Time: ✅ 4.864µs (SLO: <10.000µs 📉 -51.4%) vs baseline: +1.3%

Memory: ✅ 38.476MB (SLO: <41.000MB -6.2%) vs baseline: -0.1%

✅ ospathsplit_noaspect

Time: ✅ 1.592µs (SLO: <10.000µs 📉 -84.1%) vs baseline: ~same

Memory: ✅ 38.221MB (SLO: <41.000MB -6.8%) vs baseline: -0.4%

✅ ospathsplitdrive_aspect

Time: ✅ 3.636µs (SLO: <10.000µs 📉 -63.6%) vs baseline: -1.0%

Memory: ✅ 38.417MB (SLO: <41.000MB -6.3%) vs baseline: ~same

✅ ospathsplitdrive_noaspect

Time: ✅ 0.694µs (SLO: <10.000µs 📉 -93.1%) vs baseline: -0.9%

Memory: ✅ 38.437MB (SLO: <41.000MB -6.3%) vs baseline: +0.1%

✅ ospathsplitext_aspect

Time: ✅ 4.579µs (SLO: <10.000µs 📉 -54.2%) vs baseline: +1.2%

Memory: ✅ 38.516MB (SLO: <41.000MB -6.1%) vs baseline: +0.3%

✅ ospathsplitext_noaspect

Time: ✅ 1.379µs (SLO: <10.000µs 📉 -86.2%) vs baseline: -0.2%

Memory: ✅ 38.594MB (SLO: <41.000MB -5.9%) vs baseline: +0.4%

📈 telemetryaddmetric - 30/30

✅ 1-count-metric-1-times

Time: ✅ 3.414µs (SLO: <20.000µs 📉 -82.9%) vs baseline: 📈 +15.4%

Memory: ✅ 34.800MB (SLO: <35.500MB 🟡 -2.0%) vs baseline: +5.0%

✅ 1-count-metrics-100-times

Time: ✅ 202.229µs (SLO: <220.000µs -8.1%) vs baseline: ~same

Memory: ✅ 34.839MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +4.9%

✅ 1-distribution-metric-1-times

Time: ✅ 3.341µs (SLO: <20.000µs 📉 -83.3%) vs baseline: +0.8%

Memory: ✅ 34.819MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +4.9%

✅ 1-distribution-metrics-100-times

Time: ✅ 218.085µs (SLO: <230.000µs -5.2%) vs baseline: ~same

Memory: ✅ 34.780MB (SLO: <35.500MB -2.0%) vs baseline: +4.7%

✅ 1-gauge-metric-1-times

Time: ✅ 2.167µs (SLO: <20.000µs 📉 -89.2%) vs baseline: -1.1%

Memory: ✅ 34.760MB (SLO: <35.500MB -2.1%) vs baseline: +4.9%

✅ 1-gauge-metrics-100-times

Time: ✅ 137.210µs (SLO: <150.000µs -8.5%) vs baseline: -1.2%

Memory: ✅ 34.800MB (SLO: <35.500MB 🟡 -2.0%) vs baseline: +5.0%

✅ 1-rate-metric-1-times

Time: ✅ 3.088µs (SLO: <20.000µs 📉 -84.6%) vs baseline: -0.1%

Memory: ✅ 34.760MB (SLO: <35.500MB -2.1%) vs baseline: +5.0%

✅ 1-rate-metrics-100-times

Time: ✅ 216.509µs (SLO: <250.000µs 📉 -13.4%) vs baseline: -0.3%

Memory: ✅ 34.701MB (SLO: <35.500MB -2.2%) vs baseline: +4.8%

✅ 100-count-metrics-100-times

Time: ✅ 20.354ms (SLO: <22.000ms -7.5%) vs baseline: ~same

Memory: ✅ 34.760MB (SLO: <35.500MB -2.1%) vs baseline: +4.8%

✅ 100-distribution-metrics-100-times

Time: ✅ 2.286ms (SLO: <2.550ms 📉 -10.3%) vs baseline: +0.3%

Memory: ✅ 34.859MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +5.2%

✅ 100-gauge-metrics-100-times

Time: ✅ 1.434ms (SLO: <1.550ms -7.5%) vs baseline: +0.9%

Memory: ✅ 34.721MB (SLO: <35.500MB -2.2%) vs baseline: +4.7%

✅ 100-rate-metrics-100-times

Time: ✅ 2.237ms (SLO: <2.550ms 📉 -12.3%) vs baseline: +0.4%

Memory: ✅ 34.859MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +5.2%

✅ flush-1-metric

Time: ✅ 4.613µs (SLO: <20.000µs 📉 -76.9%) vs baseline: +0.4%

Memory: ✅ 34.918MB (SLO: <35.500MB 🟡 -1.6%) vs baseline: +4.3%

✅ flush-100-metrics

Time: ✅ 173.688µs (SLO: <250.000µs 📉 -30.5%) vs baseline: +0.4%

Memory: ✅ 35.095MB (SLO: <35.500MB 🟡 -1.1%) vs baseline: +4.9%

✅ flush-1000-metrics

Time: ✅ 2.170ms (SLO: <2.500ms 📉 -13.2%) vs baseline: -0.1%

Memory: ✅ 35.960MB (SLO: <36.500MB 🟡 -1.5%) vs baseline: +4.8%

🟡 Near SLO Breach (15 suites)

🟡 coreapiscenario - 10/10 (1 unstable)

⚠️ context_with_data_listeners

Time: ⚠️ 13.271µs (SLO: <20.000µs 📉 -33.6%) vs baseline: ~same

Memory: ✅ 34.878MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +5.2%

✅ context_with_data_no_listeners

Time: ✅ 3.324µs (SLO: <10.000µs 📉 -66.8%) vs baseline: +2.2%

Memory: ✅ 34.780MB (SLO: <35.500MB -2.0%) vs baseline: +5.0%

✅ get_item_exists

Time: ✅ 0.578µs (SLO: <10.000µs 📉 -94.2%) vs baseline: -0.7%

Memory: ✅ 34.741MB (SLO: <35.500MB -2.1%) vs baseline: +4.8%

✅ get_item_missing

Time: ✅ 0.637µs (SLO: <10.000µs 📉 -93.6%) vs baseline: +0.8%

Memory: ✅ 34.760MB (SLO: <35.500MB -2.1%) vs baseline: +4.8%

✅ set_item

Time: ✅ 23.917µs (SLO: <30.000µs 📉 -20.3%) vs baseline: -1.1%

Memory: ✅ 34.839MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +4.9%

🟡 djangosimple - 30/30

✅ appsec

Time: ✅ 19.613ms (SLO: <22.300ms 📉 -12.0%) vs baseline: +0.4%

Memory: ✅ 68.125MB (SLO: <70.500MB -3.4%) vs baseline: +4.8%

✅ exception-replay-enabled

Time: ✅ 1.372ms (SLO: <1.450ms -5.4%) vs baseline: -0.3%

Memory: ✅ 66.207MB (SLO: <67.500MB 🟡 -1.9%) vs baseline: +4.9%

✅ iast

Time: ✅ 19.599ms (SLO: <22.250ms 📉 -11.9%) vs baseline: +0.6%

Memory: ✅ 68.203MB (SLO: <70.000MB -2.6%) vs baseline: +4.8%

✅ profiler

Time: ✅ 15.412ms (SLO: <16.550ms -6.9%) vs baseline: ~same

Memory: ✅ 56.358MB (SLO: <57.500MB 🟡 -2.0%) vs baseline: +4.9%

✅ resource-renaming

Time: ✅ 19.482ms (SLO: <21.750ms 📉 -10.4%) vs baseline: -0.5%

Memory: ✅ 68.203MB (SLO: <70.500MB -3.3%) vs baseline: +4.8%

✅ span-code-origin

Time: ✅ 19.995ms (SLO: <28.200ms 📉 -29.1%) vs baseline: +1.4%

Memory: ✅ 68.174MB (SLO: <71.000MB -4.0%) vs baseline: +5.0%

✅ tracer

Time: ✅ 19.575ms (SLO: <21.750ms 📉 -10.0%) vs baseline: ~same

Memory: ✅ 68.164MB (SLO: <70.000MB -2.6%) vs baseline: +4.7%

✅ tracer-and-profiler

Time: ✅ 21.731ms (SLO: <23.500ms -7.5%) vs baseline: -0.1%

Memory: ✅ 69.304MB (SLO: <71.000MB -2.4%) vs baseline: +5.0%

✅ tracer-dont-create-db-spans

Time: ✅ 19.552ms (SLO: <21.500ms -9.1%) vs baseline: -0.2%

Memory: ✅ 68.223MB (SLO: <70.000MB -2.5%) vs baseline: +4.9%

✅ tracer-minimal

Time: ✅ 16.770ms (SLO: <17.500ms -4.2%) vs baseline: +0.4%

Memory: ✅ 67.830MB (SLO: <70.000MB -3.1%) vs baseline: +4.7%

✅ tracer-native

Time: ✅ 19.405ms (SLO: <21.750ms 📉 -10.8%) vs baseline: -0.4%

Memory: ✅ 68.125MB (SLO: <72.500MB -6.0%) vs baseline: +4.8%

✅ tracer-no-caches

Time: ✅ 17.619ms (SLO: <19.650ms 📉 -10.3%) vs baseline: +0.3%

Memory: ✅ 67.889MB (SLO: <70.000MB -3.0%) vs baseline: +4.7%

✅ tracer-no-databases

Time: ✅ 19.114ms (SLO: <20.100ms -4.9%) vs baseline: +0.4%

Memory: ✅ 67.810MB (SLO: <70.000MB -3.1%) vs baseline: +4.8%

✅ tracer-no-middleware

Time: ✅ 19.347ms (SLO: <21.500ms 📉 -10.0%) vs baseline: +0.7%

Memory: ✅ 68.184MB (SLO: <70.000MB -2.6%) vs baseline: +4.8%

✅ tracer-no-templates

Time: ✅ 19.441ms (SLO: <22.000ms 📉 -11.6%) vs baseline: +0.8%

Memory: ✅ 68.199MB (SLO: <70.500MB -3.3%) vs baseline: +4.9%

🟡 errortrackingdjangosimple - 6/6

✅ errortracking-enabled-all

Time: ✅ 16.283ms (SLO: <19.850ms 📉 -18.0%) vs baseline: -0.2%

Memory: ✅ 69.907MB (SLO: <70.000MB 🟡 -0.1%) vs baseline: +4.9%

✅ errortracking-enabled-user

Time: ✅ 16.353ms (SLO: <19.400ms 📉 -15.7%) vs baseline: +0.4%

Memory: ✅ 69.757MB (SLO: <70.000MB 🟡 -0.3%) vs baseline: +4.7%

✅ tracer-enabled

Time: ✅ 16.317ms (SLO: <19.450ms 📉 -16.1%) vs baseline: -0.3%

Memory: ✅ 69.816MB (SLO: <70.000MB 🟡 -0.3%) vs baseline: +4.9%

🟡 errortrackingflasksqli - 6/6

✅ errortracking-enabled-all

Time: ✅ 2.068ms (SLO: <2.300ms 📉 -10.1%) vs baseline: -0.2%

Memory: ✅ 55.679MB (SLO: <56.500MB 🟡 -1.5%) vs baseline: +4.8%

✅ errortracking-enabled-user

Time: ✅ 2.069ms (SLO: <2.250ms -8.0%) vs baseline: -0.1%

Memory: ✅ 55.719MB (SLO: <56.500MB 🟡 -1.4%) vs baseline: +4.7%

✅ tracer-enabled

Time: ✅ 2.064ms (SLO: <2.300ms 📉 -10.3%) vs baseline: ~same

Memory: ✅ 55.679MB (SLO: <56.500MB 🟡 -1.5%) vs baseline: +4.8%

🟡 flasksimple - 18/18

✅ appsec-get

Time: ✅ 3.385ms (SLO: <4.750ms 📉 -28.7%) vs baseline: ~same

Memory: ✅ 55.431MB (SLO: <66.500MB 📉 -16.6%) vs baseline: +4.7%

✅ appsec-post

Time: ✅ 2.888ms (SLO: <6.750ms 📉 -57.2%) vs baseline: +0.9%

Memory: ✅ 55.727MB (SLO: <66.500MB 📉 -16.2%) vs baseline: +4.6%

✅ appsec-telemetry

Time: ✅ 3.359ms (SLO: <4.750ms 📉 -29.3%) vs baseline: +0.5%

Memory: ✅ 55.468MB (SLO: <66.500MB 📉 -16.6%) vs baseline: +4.8%

✅ debugger

Time: ✅ 1.862ms (SLO: <2.000ms -6.9%) vs baseline: -0.4%

Memory: ✅ 47.900MB (SLO: <49.500MB -3.2%) vs baseline: +4.7%

✅ iast-get

Time: ✅ 1.865ms (SLO: <2.000ms -6.8%) vs baseline: +0.5%

Memory: ✅ 44.543MB (SLO: <49.000MB -9.1%) vs baseline: +4.8%

✅ profiler

Time: ✅ 1.906ms (SLO: <2.100ms -9.2%) vs baseline: -0.2%

Memory: ✅ 48.773MB (SLO: <50.000MB -2.5%) vs baseline: +4.9%

✅ resource-renaming

Time: ✅ 3.370ms (SLO: <3.650ms -7.7%) vs baseline: -0.1%

Memory: ✅ 55.389MB (SLO: <56.000MB 🟡 -1.1%) vs baseline: +4.7%

✅ tracer

Time: ✅ 3.359ms (SLO: <3.650ms -8.0%) vs baseline: -0.2%

Memory: ✅ 55.454MB (SLO: <56.500MB 🟡 -1.9%) vs baseline: +4.8%

✅ tracer-native

Time: ✅ 3.352ms (SLO: <3.650ms -8.2%) vs baseline: -0.6%

Memory: ✅ 55.432MB (SLO: <60.000MB -7.6%) vs baseline: +4.9%

🟡 flasksqli - 6/6

✅ appsec-enabled

Time: ✅ 2.070ms (SLO: <4.200ms 📉 -50.7%) vs baseline: ~same

Memory: ✅ 55.837MB (SLO: <66.000MB 📉 -15.4%) vs baseline: +4.9%

✅ iast-enabled

Time: ✅ 2.060ms (SLO: <2.800ms 📉 -26.4%) vs baseline: -0.4%

Memory: ✅ 55.778MB (SLO: <62.500MB 📉 -10.8%) vs baseline: +4.9%

✅ tracer-enabled

Time: ✅ 2.057ms (SLO: <2.250ms -8.6%) vs baseline: +0.3%

Memory: ✅ 55.817MB (SLO: <56.500MB 🟡 -1.2%) vs baseline: +4.9%

🟡 httppropagationextract - 60/60

✅ all_styles_all_headers

Time: ✅ 81.273µs (SLO: <100.000µs 📉 -18.7%) vs baseline: -0.4%

Memory: ✅ 34.701MB (SLO: <35.500MB -2.2%) vs baseline: +4.4%

✅ b3_headers

Time: ✅ 14.360µs (SLO: <20.000µs 📉 -28.2%) vs baseline: +0.9%

Memory: ✅ 34.819MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +5.0%

✅ b3_single_headers

Time: ✅ 13.437µs (SLO: <20.000µs 📉 -32.8%) vs baseline: +1.5%

Memory: ✅ 34.878MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +5.1%

✅ datadog_tracecontext_tracestate_not_propagated_on_trace_id_no_match

Time: ✅ 64.050µs (SLO: <80.000µs 📉 -19.9%) vs baseline: +0.5%

Memory: ✅ 34.859MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +4.6%

✅ datadog_tracecontext_tracestate_propagated_on_trace_id_match

Time: ✅ 69.567µs (SLO: <80.000µs 📉 -13.0%) vs baseline: +4.9%

Memory: ✅ 34.800MB (SLO: <35.500MB 🟡 -2.0%) vs baseline: +4.4%

✅ empty_headers

Time: ✅ 1.625µs (SLO: <10.000µs 📉 -83.8%) vs baseline: +0.9%

Memory: ✅ 34.741MB (SLO: <35.500MB -2.1%) vs baseline: +4.7%

✅ full_t_id_datadog_headers

Time: ✅ 22.869µs (SLO: <30.000µs 📉 -23.8%) vs baseline: +2.0%

Memory: ✅ 34.780MB (SLO: <35.500MB -2.0%) vs baseline: +4.4%

✅ invalid_priority_header

Time: ✅ 6.537µs (SLO: <10.000µs 📉 -34.6%) vs baseline: +0.6%

Memory: ✅ 34.898MB (SLO: <35.500MB 🟡 -1.7%) vs baseline: +5.2%

✅ invalid_span_id_header

Time: ✅ 6.562µs (SLO: <10.000µs 📉 -34.4%) vs baseline: +1.2%

Memory: ✅ 34.800MB (SLO: <35.500MB 🟡 -2.0%) vs baseline: +4.7%

✅ invalid_tags_header

Time: ✅ 6.568µs (SLO: <10.000µs 📉 -34.3%) vs baseline: +1.2%

Memory: ✅ 34.898MB (SLO: <35.500MB 🟡 -1.7%) vs baseline: +5.0%

✅ invalid_trace_id_header

Time: ✅ 6.536µs (SLO: <10.000µs 📉 -34.6%) vs baseline: +0.7%

Memory: ✅ 34.898MB (SLO: <35.500MB 🟡 -1.7%) vs baseline: +5.0%

✅ large_header_no_matches

Time: ✅ 27.614µs (SLO: <30.000µs -8.0%) vs baseline: +0.3%

Memory: ✅ 34.800MB (SLO: <35.500MB 🟡 -2.0%) vs baseline: +5.0%

✅ large_valid_headers_all

Time: ✅ 28.736µs (SLO: <40.000µs 📉 -28.2%) vs baseline: +0.3%

Memory: ✅ 34.819MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +4.7%

✅ medium_header_no_matches

Time: ✅ 9.897µs (SLO: <20.000µs 📉 -50.5%) vs baseline: +0.2%

Memory: ✅ 34.780MB (SLO: <35.500MB -2.0%) vs baseline: +4.9%

✅ medium_valid_headers_all

Time: ✅ 11.318µs (SLO: <20.000µs 📉 -43.4%) vs baseline: +0.3%

Memory: ✅ 34.780MB (SLO: <35.500MB -2.0%) vs baseline: +4.7%

✅ none_propagation_style

Time: ✅ 1.730µs (SLO: <10.000µs 📉 -82.7%) vs baseline: +1.8%

Memory: ✅ 34.957MB (SLO: <35.500MB 🟡 -1.5%) vs baseline: +5.5%

✅ tracecontext_headers

Time: ✅ 34.775µs (SLO: <40.000µs 📉 -13.1%) vs baseline: -0.1%

Memory: ✅ 34.878MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +5.2%

✅ valid_headers_all

Time: ✅ 6.549µs (SLO: <10.000µs 📉 -34.5%) vs baseline: +0.2%

Memory: ✅ 34.878MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +4.9%

✅ valid_headers_basic

Time: ✅ 6.113µs (SLO: <10.000µs 📉 -38.9%) vs baseline: +0.4%

Memory: ✅ 34.760MB (SLO: <35.500MB -2.1%) vs baseline: +4.9%

✅ wsgi_empty_headers

Time: ✅ 1.619µs (SLO: <10.000µs 📉 -83.8%) vs baseline: +1.1%

Memory: ✅ 34.878MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +4.9%

✅ wsgi_invalid_priority_header

Time: ✅ 6.553µs (SLO: <10.000µs 📉 -34.5%) vs baseline: -0.1%

Memory: ✅ 34.878MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +4.9%

✅ wsgi_invalid_span_id_header

Time: ✅ 1.621µs (SLO: <10.000µs 📉 -83.8%) vs baseline: +0.8%

Memory: ✅ 34.859MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +4.9%

✅ wsgi_invalid_tags_header

Time: ✅ 6.586µs (SLO: <10.000µs 📉 -34.1%) vs baseline: +0.1%

Memory: ✅ 34.780MB (SLO: <35.500MB -2.0%) vs baseline: +4.5%

✅ wsgi_invalid_trace_id_header

Time: ✅ 6.528µs (SLO: <10.000µs 📉 -34.7%) vs baseline: -0.3%

Memory: ✅ 34.878MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +4.9%

✅ wsgi_large_header_no_matches

Time: ✅ 28.759µs (SLO: <40.000µs 📉 -28.1%) vs baseline: ~same

Memory: ✅ 34.741MB (SLO: <35.500MB -2.1%) vs baseline: +4.7%

✅ wsgi_large_valid_headers_all

Time: ✅ 29.867µs (SLO: <40.000µs 📉 -25.3%) vs baseline: ~same

Memory: ✅ 34.760MB (SLO: <35.500MB -2.1%) vs baseline: +4.8%

✅ wsgi_medium_header_no_matches

Time: ✅ 10.145µs (SLO: <20.000µs 📉 -49.3%) vs baseline: ~same

Memory: ✅ 34.839MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +4.7%

✅ wsgi_medium_valid_headers_all

Time: ✅ 11.556µs (SLO: <20.000µs 📉 -42.2%) vs baseline: -0.3%

Memory: ✅ 34.800MB (SLO: <35.500MB 🟡 -2.0%) vs baseline: +4.6%

✅ wsgi_valid_headers_all

Time: ✅ 6.552µs (SLO: <10.000µs 📉 -34.5%) vs baseline: -0.3%

Memory: ✅ 34.957MB (SLO: <35.500MB 🟡 -1.5%) vs baseline: +5.3%

✅ wsgi_valid_headers_basic

Time: ✅ 6.181µs (SLO: <10.000µs 📉 -38.2%) vs baseline: +0.7%

Memory: ✅ 34.878MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +5.1%

🟡 httppropagationinject - 16/16

✅ ids_only

Time: ✅ 22.117µs (SLO: <30.000µs 📉 -26.3%) vs baseline: +4.5%

Memory: ✅ 34.800MB (SLO: <35.500MB 🟡 -2.0%) vs baseline: +4.9%

✅ with_all

Time: ✅ 27.903µs (SLO: <40.000µs 📉 -30.2%) vs baseline: -0.3%

Memory: ✅ 34.819MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +4.7%

✅ with_dd_origin

Time: ✅ 24.844µs (SLO: <30.000µs 📉 -17.2%) vs baseline: +0.6%

Memory: ✅ 34.839MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +4.8%

✅ with_priority_and_origin

Time: ✅ 24.332µs (SLO: <40.000µs 📉 -39.2%) vs baseline: -0.8%

Memory: ✅ 34.760MB (SLO: <35.500MB -2.1%) vs baseline: +4.6%

✅ with_sampling_priority

Time: ✅ 21.244µs (SLO: <30.000µs 📉 -29.2%) vs baseline: -0.1%

Memory: ✅ 34.859MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +5.0%

✅ with_tags

Time: ✅ 26.018µs (SLO: <40.000µs 📉 -35.0%) vs baseline: +0.3%

Memory: ✅ 34.819MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +5.0%

✅ with_tags_invalid

Time: ✅ 27.476µs (SLO: <40.000µs 📉 -31.3%) vs baseline: +0.3%

Memory: ✅ 34.780MB (SLO: <35.500MB -2.0%) vs baseline: +4.8%

✅ with_tags_max_size

Time: ✅ 26.343µs (SLO: <40.000µs 📉 -34.1%) vs baseline: -0.7%

Memory: ✅ 34.839MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +4.7%

🟡 otelspan - 22/22

✅ add-event

Time: ✅ 40.163ms (SLO: <47.150ms 📉 -14.8%) vs baseline: -0.3%

Memory: ✅ 39.565MB (SLO: <47.000MB 📉 -15.8%) vs baseline: +5.0%

✅ add-metrics

Time: ✅ 262.320ms (SLO: <344.800ms 📉 -23.9%) vs baseline: +0.1%

Memory: ✅ 43.861MB (SLO: <47.500MB -7.7%) vs baseline: +5.1%

✅ add-tags

Time: ✅ 318.009ms (SLO: <321.000ms 🟡 -0.9%) vs baseline: -1.1%

Memory: ✅ 43.593MB (SLO: <47.500MB -8.2%) vs baseline: +4.7%

✅ get-context

Time: ✅ 80.709ms (SLO: <92.350ms 📉 -12.6%) vs baseline: ~same

Memory: ✅ 39.867MB (SLO: <46.500MB 📉 -14.3%) vs baseline: +5.1%

✅ is-recording

Time: ✅ 37.869ms (SLO: <44.500ms 📉 -14.9%) vs baseline: -0.1%

Memory: ✅ 39.260MB (SLO: <47.500MB 📉 -17.3%) vs baseline: +4.4%

✅ record-exception

Time: ✅ 59.178ms (SLO: <67.650ms 📉 -12.5%) vs baseline: +0.3%

Memory: ✅ 40.097MB (SLO: <47.000MB 📉 -14.7%) vs baseline: +5.0%

✅ set-status

Time: ✅ 44.243ms (SLO: <50.400ms 📉 -12.2%) vs baseline: +0.4%

Memory: ✅ 39.482MB (SLO: <47.000MB 📉 -16.0%) vs baseline: +5.0%

✅ start

Time: ✅ 38.156ms (SLO: <43.450ms 📉 -12.2%) vs baseline: +2.8%

Memory: ✅ 39.408MB (SLO: <47.000MB 📉 -16.2%) vs baseline: +4.7%

✅ start-finish

Time: ✅ 82.741ms (SLO: <88.000ms -6.0%) vs baseline: -0.2%

Memory: ✅ 37.297MB (SLO: <46.500MB 📉 -19.8%) vs baseline: +4.9%

✅ start-finish-telemetry

Time: ✅ 84.220ms (SLO: <89.000ms -5.4%) vs baseline: ~same

Memory: ✅ 37.356MB (SLO: <46.500MB 📉 -19.7%) vs baseline: +5.4%

✅ update-name

Time: ✅ 38.756ms (SLO: <45.150ms 📉 -14.2%) vs baseline: +0.2%

Memory: ✅ 39.461MB (SLO: <47.000MB 📉 -16.0%) vs baseline: +4.3%

🟡 ratelimiter - 12/12

✅ defaults

Time: ✅ 2.367µs (SLO: <10.000µs 📉 -76.3%) vs baseline: +0.9%

Memory: ✅ 35.114MB (SLO: <35.500MB 🟡 -1.1%) vs baseline: +5.0%

✅ high_rate_limit

Time: ✅ 2.421µs (SLO: <10.000µs 📉 -75.8%) vs baseline: +0.2%

Memory: ✅ 35.036MB (SLO: <35.500MB 🟡 -1.3%) vs baseline: +4.7%

✅ long_window

Time: ✅ 2.364µs (SLO: <10.000µs 📉 -76.4%) vs baseline: +0.1%

Memory: ✅ 35.134MB (SLO: <35.500MB 🟡 -1.0%) vs baseline: +4.9%

✅ low_rate_limit

Time: ✅ 2.353µs (SLO: <10.000µs 📉 -76.5%) vs baseline: +0.2%

Memory: ✅ 35.154MB (SLO: <35.500MB 🟡 -1.0%) vs baseline: +4.8%

✅ no_rate_limit

Time: ✅ 0.830µs (SLO: <10.000µs 📉 -91.7%) vs baseline: +1.0%

Memory: ✅ 35.075MB (SLO: <35.500MB 🟡 -1.2%) vs baseline: +5.0%

✅ short_window

Time: ✅ 2.483µs (SLO: <10.000µs 📉 -75.2%) vs baseline: -1.1%

Memory: ✅ 35.055MB (SLO: <35.500MB 🟡 -1.3%) vs baseline: +4.7%

🟡 recursivecomputation - 8/8

✅ deep

Time: ✅ 309.805ms (SLO: <320.950ms -3.5%) vs baseline: +0.1%

Memory: ✅ 35.881MB (SLO: <36.500MB 🟡 -1.7%) vs baseline: +4.7%

✅ deep-profiled

Time: ✅ 327.984ms (SLO: <359.150ms -8.7%) vs baseline: ~same

Memory: ✅ 39.754MB (SLO: <40.500MB 🟡 -1.8%) vs baseline: +4.7%

✅ medium

Time: ✅ 6.996ms (SLO: <7.400ms -5.5%) vs baseline: ~same

Memory: ✅ 34.819MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +5.2%

✅ shallow

Time: ✅ 0.947ms (SLO: <1.050ms -9.8%) vs baseline: +0.9%

Memory: ✅ 34.701MB (SLO: <35.500MB -2.2%) vs baseline: +4.6%

🟡 samplingrules - 8/8

✅ average_match

Time: ✅ 136.520µs (SLO: <290.000µs 📉 -52.9%) vs baseline: ~same

Memory: ✅ 34.878MB (SLO: <35.500MB 🟡 -1.8%) vs baseline: +5.1%

✅ high_match

Time: ✅ 173.452µs (SLO: <480.000µs 📉 -63.9%) vs baseline: -0.5%

Memory: ✅ 34.682MB (SLO: <35.500MB -2.3%) vs baseline: +4.7%

✅ low_match

Time: ✅ 98.323µs (SLO: <120.000µs 📉 -18.1%) vs baseline: -2.2%

Memory: ✅ 603.685MB (SLO: <700.000MB 📉 -13.8%) vs baseline: +4.9%

✅ very_low_match

Time: ✅ 2.671ms (SLO: <8.500ms 📉 -68.6%) vs baseline: +0.2%

Memory: ✅ 71.042MB (SLO: <75.000MB -5.3%) vs baseline: +4.9%

🟡 sethttpmeta - 32/32

✅ all-disabled

Time: ✅ 10.583µs (SLO: <20.000µs 📉 -47.1%) vs baseline: +0.7%

Memory: ✅ 35.311MB (SLO: <36.000MB 🟡 -1.9%) vs baseline: +4.2%

✅ all-enabled

Time: ✅ 41.023µs (SLO: <50.000µs 📉 -18.0%) vs baseline: +2.1%

Memory: ✅ 35.389MB (SLO: <36.000MB 🟡 -1.7%) vs baseline: +4.9%

✅ collectipvariant_exists

Time: ✅ 40.858µs (SLO: <50.000µs 📉 -18.3%) vs baseline: ~same

Memory: ✅ 35.468MB (SLO: <36.000MB 🟡 -1.5%) vs baseline: +4.7%

✅ no-collectipvariant

Time: ✅ 40.132µs (SLO: <50.000µs 📉 -19.7%) vs baseline: -0.1%

Memory: ✅ 35.271MB (SLO: <36.000MB -2.0%) vs baseline: +5.0%

✅ no-useragentvariant

Time: ✅ 38.956µs (SLO: <50.000µs 📉 -22.1%) vs baseline: ~same

Memory: ✅ 35.468MB (SLO: <36.000MB 🟡 -1.5%) vs baseline: +5.2%

✅ obfuscation-no-query

Time: ✅ 40.705µs (SLO: <50.000µs 📉 -18.6%) vs baseline: +0.4%

Memory: ✅ 35.271MB (SLO: <36.000MB -2.0%) vs baseline: +4.7%

✅ obfuscation-regular-case-explicit-query

Time: ✅ 75.839µs (SLO: <90.000µs 📉 -15.7%) vs baseline: -0.2%

Memory: ✅ 35.763MB (SLO: <36.500MB -2.0%) vs baseline: +5.3%

✅ obfuscation-regular-case-implicit-query

Time: ✅ 76.645µs (SLO: <90.000µs 📉 -14.8%) vs baseline: ~same

Memory: ✅ 35.625MB (SLO: <36.500MB -2.4%) vs baseline: +4.3%

✅ obfuscation-send-querystring-disabled

Time: ✅ 154.178µs (SLO: <170.000µs -9.3%) vs baseline: -0.2%

Memory: ✅ 35.684MB (SLO: <36.500MB -2.2%) vs baseline: +4.7%

✅ obfuscation-worst-case-explicit-query

Time: ✅ 149.277µs (SLO: <160.000µs -6.7%) vs baseline: +0.4%

Memory: ✅ 35.665MB (SLO: <36.500MB -2.3%) vs baseline: +4.7%

✅ obfuscation-worst-case-implicit-query

Time: ✅ 155.181µs (SLO: <170.000µs -8.7%) vs baseline: ~same

Memory: ✅ 35.724MB (SLO: <36.500MB -2.1%) vs baseline: +5.2%

✅ useragentvariant_exists_1

Time: ✅ 39.583µs (SLO: <50.000µs 📉 -20.8%) vs baseline: -0.1%

Memory: ✅ 35.389MB (SLO: <36.000MB 🟡 -1.7%) vs baseline: +4.8%

✅ useragentvariant_exists_2

Time: ✅ 40.607µs (SLO: <50.000µs 📉 -18.8%) vs baseline: -0.6%

Memory: ✅ 35.350MB (SLO: <36.000MB 🟡 -1.8%) vs baseline: +4.7%

✅ useragentvariant_exists_3

Time: ✅ 40.365µs (SLO: <50.000µs 📉 -19.3%) vs baseline: +0.9%

Memory: ✅ 35.232MB (SLO: <36.000MB -2.1%) vs baseline: +4.4%

✅ useragentvariant_not_exists_1

Time: ✅ 39.713µs (SLO: <50.000µs 📉 -20.6%) vs baseline: +0.3%

Memory: ✅ 35.409MB (SLO: <36.000MB 🟡 -1.6%) vs baseline: +4.7%

✅ useragentvariant_not_exists_2

Time: ✅ 39.462µs (SLO: <50.000µs 📉 -21.1%) vs baseline: -0.8%

Memory: ✅ 35.448MB (SLO: <36.000MB 🟡 -1.5%) vs baseline: +5.1%

🟡 span - 26/26

✅ add-event

Time: ✅ 18.145ms (SLO: <22.500ms 📉 -19.4%) vs baseline: +0.2%

Memory: ✅ 36.874MB (SLO: <53.000MB 📉 -30.4%) vs baseline: +5.0%

✅ add-metrics

Time: ✅ 88.406ms (SLO: <93.500ms -5.4%) vs baseline: +0.4%

Memory: ✅ 41.118MB (SLO: <53.000MB 📉 -22.4%) vs baseline: +5.0%

✅ add-tags

Time: ✅ 142.803ms (SLO: <155.000ms -7.9%) vs baseline: ~same

Memory: ✅ 41.100MB (SLO: <53.000MB 📉 -22.5%) vs baseline: +4.6%

✅ get-context

Time: ✅ 16.985ms (SLO: <20.500ms 📉 -17.1%) vs baseline: +0.3%

Memory: ✅ 36.692MB (SLO: <53.000MB 📉 -30.8%) vs baseline: +4.9%

✅ is-recording

Time: ✅ 17.236ms (SLO: <20.500ms 📉 -15.9%) vs baseline: +0.1%

Memory: ✅ 36.655MB (SLO: <53.000MB 📉 -30.8%) vs baseline: +4.8%

✅ record-exception

Time: ✅ 36.809ms (SLO: <40.000ms -8.0%) vs baseline: +0.9%

Memory: ✅ 37.217MB (SLO: <53.000MB 📉 -29.8%) vs baseline: +4.6%

✅ set-status

Time: ✅ 18.809ms (SLO: <22.000ms 📉 -14.5%) vs baseline: +1.1%

Memory: ✅ 36.752MB (SLO: <53.000MB 📉 -30.7%) vs baseline: +4.7%

✅ start

Time: ✅ 17.483ms (SLO: <20.500ms 📉 -14.7%) vs baseline: +3.8%

Memory: ✅ 36.671MB (SLO: <53.000MB 📉 -30.8%) vs baseline: +4.6%

✅ start-finish

Time: ✅ 51.055ms (SLO: <52.500ms -2.8%) vs baseline: +0.2%

Memory: ✅ 34.819MB (SLO: <35.500MB 🟡 -1.9%) vs baseline: +5.0%

✅ start-finish-telemetry

Time: ✅ 52.220ms (SLO: <54.500ms -4.2%) vs baseline: -0.4%

Memory: ✅ 34.741MB (SLO: <35.500MB -2.1%) vs baseline: +4.7%

✅ start-finish-traceid128

Time: ✅ 54.142ms (SLO: <57.000ms -5.0%) vs baseline: +0.1%

Memory: ✅ 34.800MB (SLO: <35.500MB 🟡 -2.0%) vs baseline: +4.9%

✅ start-traceid128

Time: ✅ 17.197ms (SLO: <22.500ms 📉 -23.6%) vs baseline: ~same

Memory: ✅ 36.755MB (SLO: <53.000MB 📉 -30.7%) vs baseline: +4.9%

✅ update-name

Time: ✅ 17.292ms (SLO: <22.000ms 📉 -21.4%) vs baseline: -0.2%

Memory: ✅ 36.812MB (SLO: <53.000MB 📉 -30.5%) vs baseline: +5.0%

🟡 tracer - 6/6

✅ large

Time: ✅ 29.234ms (SLO: <32.950ms 📉 -11.3%) vs baseline: -0.1%

Memory: ✅ 35.940MB (SLO: <36.500MB 🟡 -1.5%) vs baseline: +4.7%

✅ medium

Time: ✅ 2.900ms (SLO: <3.200ms -9.4%) vs baseline: +0.3%

Memory: ✅ 34.780MB (SLO: <35.500MB -2.0%) vs baseline: +5.0%

✅ small

Time: ✅ 332.752µs (SLO: <370.000µs 📉 -10.1%) vs baseline: +2.0%

Memory: ✅ 34.701MB (SLO: <35.500MB -2.2%) vs baseline: +4.6%

📉 Performance Improvements (2 suites)

📉 iastaspects - 118/118

✅ add_aspect

Time: ✅ 0.388µs (SLO: <10.000µs 📉 -96.1%) vs baseline: 📉 -13.9%

Memory: ✅ 38.578MB (SLO: <41.500MB -7.0%) vs baseline: +0.4%

✅ add_inplace_aspect

Time: ✅ 0.389µs (SLO: <10.000µs 📉 -96.1%) vs baseline: 📉 -12.0%

Memory: ✅ 38.602MB (SLO: <41.500MB -7.0%) vs baseline: +0.6%

✅ add_inplace_noaspect

Time: ✅ 0.287µs (SLO: <10.000µs 📉 -97.1%) vs baseline: +0.3%

Memory: ✅ 38.552MB (SLO: <41.500MB -7.1%) vs baseline: +0.6%

✅ add_noaspect

Time: ✅ 0.360µs (SLO: <10.000µs 📉 -96.4%) vs baseline: +1.2%

Memory: ✅ 38.507MB (SLO: <41.500MB -7.2%) vs baseline: +0.4%

✅ bytearray_aspect

Time: ✅ 1.320µs (SLO: <10.000µs 📉 -86.8%) vs baseline: -2.2%

Memory: ✅ 38.602MB (SLO: <41.500MB -7.0%) vs baseline: +0.6%

✅ bytearray_extend_aspect

Time: ✅ 1.447µs (SLO: <10.000µs 📉 -85.5%) vs baseline: -6.7%

Memory: ✅ 38.391MB (SLO: <41.500MB -7.5%) vs baseline: -0.4%

✅ bytearray_extend_noaspect

Time: ✅ 0.617µs (SLO: <10.000µs 📉 -93.8%) vs baseline: -0.6%

Memory: ✅ 38.321MB (SLO: <41.500MB -7.7%) vs baseline: -0.3%

✅ bytearray_noaspect

Time: ✅ 0.485µs (SLO: <10.000µs 📉 -95.2%) vs baseline: -0.6%

Memory: ✅ 38.512MB (SLO: <41.500MB -7.2%) vs baseline: +0.6%

✅ bytes_aspect

Time: ✅ 1.272µs (SLO: <10.000µs 📉 -87.3%) vs baseline: -2.2%

Memory: ✅ 38.621MB (SLO: <41.500MB -6.9%) vs baseline: +0.6%

✅ bytes_noaspect

Time: ✅ 0.498µs (SLO: <10.000µs 📉 -95.0%) vs baseline: -0.5%

Memory: ✅ 38.737MB (SLO: <41.500MB -6.7%) vs baseline: +1.3%

✅ bytesio_aspect

Time: ✅ 1.293µs (SLO: <10.000µs 📉 -87.1%) vs baseline: -3.2%

Memory: ✅ 38.448MB (SLO: <41.500MB -7.4%) vs baseline: +0.3%

✅ bytesio_noaspect

Time: ✅ 0.502µs (SLO: <10.000µs 📉 -95.0%) vs baseline: -0.5%

Memory: ✅ 38.572MB (SLO: <41.500MB -7.1%) vs baseline: +0.7%

✅ capitalize_aspect

Time: ✅ 0.742µs (SLO: <10.000µs 📉 -92.6%) vs baseline: +0.6%

Memory: ✅ 38.458MB (SLO: <41.500MB -7.3%) vs baseline: +0.6%

✅ capitalize_noaspect

Time: ✅ 0.438µs (SLO: <10.000µs 📉 -95.6%) vs baseline: -0.4%

Memory: ✅ 38.664MB (SLO: <41.500MB -6.8%) vs baseline: +0.7%

✅ casefold_aspect

Time: ✅ 0.753µs (SLO: <10.000µs 📉 -92.5%) vs baseline: +0.6%

Memory: ✅ 38.511MB (SLO: <41.500MB -7.2%) vs baseline: +0.4%

✅ casefold_noaspect

Time: ✅ 0.370µs (SLO: <10.000µs 📉 -96.3%) vs baseline: +0.1%

Memory: ✅ 38.513MB (SLO: <41.500MB -7.2%) vs baseline: ~same

✅ decode_aspect

Time: ✅ 0.730µs (SLO: <10.000µs 📉 -92.7%) vs baseline: +0.3%

Memory: ✅ 38.535MB (SLO: <41.500MB -7.1%) vs baseline: +0.6%

✅ decode_noaspect

Time: ✅ 0.422µs (SLO: <10.000µs 📉 -95.8%) vs baseline: +0.4%

Memory: ✅ 38.460MB (SLO: <41.500MB -7.3%) vs baseline: +0.3%

✅ encode_aspect

Time: ✅ 0.709µs (SLO: <10.000µs 📉 -92.9%) vs baseline: -0.3%

Memory: ✅ 38.445MB (SLO: <41.500MB -7.4%) vs baseline: ~same

✅ encode_noaspect

Time: ✅ 0.410µs (SLO: <10.000µs 📉 -95.9%) vs baseline: -0.3%

Memory: ✅ 38.653MB (SLO: <41.500MB -6.9%) vs baseline: +1.1%

✅ format_aspect

Time: ✅ 3.379µs (SLO: <10.000µs 📉 -66.2%) vs baseline: -3.0%

Memory: ✅ 38.559MB (SLO: <41.500MB -7.1%) vs baseline: +0.4%

✅ format_map_aspect

Time: ✅ 3.706µs (SLO: <10.000µs 📉 -62.9%) vs baseline: ~same

Memory: ✅ 38.657MB (SLO: <41.500MB -6.9%) vs baseline: +0.4%

✅ format_map_noaspect

Time: ✅ 0.826µs (SLO: <10.000µs 📉 -91.7%) vs baseline: +1.3%

Memory: ✅ 38.572MB (SLO: <41.500MB -7.1%) vs baseline: +0.7%

✅ format_noaspect

Time: ✅ 0.598µs (SLO: <10.000µs 📉 -94.0%) vs baseline: ~same

Memory: ✅ 38.519MB (SLO: <41.500MB -7.2%) vs baseline: ~same

✅ index_aspect

Time: ✅ 0.346µs (SLO: <10.000µs 📉 -96.5%) vs baseline: -3.9%

Memory: ✅ 38.664MB (SLO: <41.500MB -6.8%) vs baseline: +0.8%

✅ index_noaspect

Time: ✅ 0.312µs (SLO: <10.000µs 📉 -96.9%) vs baseline: -1.3%

Memory: ✅ 38.474MB (SLO: <41.500MB -7.3%) vs baseline: +0.2%

✅ join_aspect

Time: ✅ 1.300µs (SLO: <10.000µs 📉 -87.0%) vs baseline: -6.1%

Memory: ✅ 38.539MB (SLO: <41.500MB -7.1%) vs baseline: +0.6%

✅ join_noaspect

Time: ✅ 0.533µs (SLO: <10.000µs 📉 -94.7%) vs baseline: +0.3%

Memory: ✅ 38.541MB (SLO: <41.500MB -7.1%) vs baseline: +0.2%

✅ ljust_aspect

Time: ✅ 2.589µs (SLO: <20.000µs 📉 -87.1%) vs baseline: -0.7%

Memory: ✅ 38.512MB (SLO: <41.500MB -7.2%) vs baseline: ~same

✅ ljust_noaspect

Time: ✅ 0.412µs (SLO: <10.000µs 📉 -95.9%) vs baseline: -0.2%

Memory: ✅ 38.623MB (SLO: <41.500MB -6.9%) vs baseline: +0.5%

✅ lower_aspect

Time: ✅ 2.222µs (SLO: <10.000µs 📉 -77.8%) vs baseline: -0.9%

Memory: ✅ 38.451MB (SLO: <41.500MB -7.3%) vs baseline: +0.3%

✅ lower_noaspect

Time: ✅ 0.369µs (SLO: <10.000µs 📉 -96.3%) vs baseline: +0.3%

Memory: ✅ 38.577MB (SLO: <41.500MB -7.0%) vs baseline: +0.4%

✅ lstrip_aspect

Time: ✅ 2.192µs (SLO: <20.000µs 📉 -89.0%) vs baseline: -0.3%

Memory: ✅ 38.660MB (SLO: <41.500MB -6.8%) vs baseline: +0.7%

✅ lstrip_noaspect

Time: ✅ 0.385µs (SLO: <10.000µs 📉 -96.1%) vs baseline: -0.3%

Memory: ✅ 38.577MB (SLO: <41.500MB -7.0%) vs baseline: +0.4%

✅ modulo_aspect

Time: ✅ 0.980µs (SLO: <10.000µs 📉 -90.2%) vs baseline: -5.6%

Memory: ✅ 38.684MB (SLO: <41.500MB -6.8%) vs baseline: +0.8%

✅ modulo_aspect_for_bytearray_bytearray

Time: ✅ 1.489µs (SLO: <10.000µs 📉 -85.1%) vs baseline: -7.9%

Memory: ✅ 38.592MB (SLO: <41.500MB -7.0%) vs baseline: +0.7%

✅ modulo_aspect_for_bytes

Time: ✅ 0.950µs (SLO: <10.000µs 📉 -90.5%) vs baseline: -6.8%

Memory: ✅ 38.689MB (SLO: <41.500MB -6.8%) vs baseline: +0.7%

✅ modulo_aspect_for_bytes_bytearray

Time: ✅ 1.178µs (SLO: <10.000µs 📉 -88.2%) vs baseline: -6.7%

Memory: ✅ 38.659MB (SLO: <41.500MB -6.8%) vs baseline: +0.8%

✅ modulo_noaspect

Time: ✅ 0.676µs (SLO: <10.000µs 📉 -93.2%) vs baseline: +1.3%

Memory: ✅ 38.515MB (SLO: <41.500MB -7.2%) vs baseline: +0.5%

✅ replace_aspect

Time: ✅ 4.937µs (SLO: <10.000µs 📉 -50.6%) vs baseline: -0.7%

Memory: ✅ 38.477MB (SLO: <41.500MB -7.3%) vs baseline: +0.1%

✅ replace_noaspect

Time: ✅ 0.464µs (SLO: <10.000µs 📉 -95.4%) vs baseline: -0.2%

Memory: ✅ 38.535MB (SLO: <41.500MB -7.1%) vs baseline: +0.4%

✅ repr_aspect

Time: ✅ 0.956µs (SLO: <10.000µs 📉 -90.4%) vs baseline: +0.5%

Memory: ✅ 38.663MB (SLO: <41.500MB -6.8%) vs baseline: +1.0%

✅ repr_noaspect

Time: ✅ 0.463µs (SLO: <10.000µs 📉 -95.4%) vs baseline: +1.6%

Memory: ✅ 38.496MB (SLO: <41.500MB -7.2%) vs baseline: +0.1%

✅ rstrip_aspect

Time: ✅ 1.845µs (SLO: <20.000µs 📉 -90.8%) vs baseline: -3.0%

Memory: ✅ 38.454MB (SLO: <41.500MB -7.3%) vs baseline: ~same

✅ rstrip_noaspect

Time: ✅ 0.381µs (SLO: <10.000µs 📉 -96.2%) vs baseline: ~same

Memory: ✅ 38.653MB (SLO: <41.500MB -6.9%) vs baseline: +0.8%

✅ slice_aspect

Time: ✅ 0.490µs (SLO: <10.000µs 📉 -95.1%) vs baseline: -2.0%

Memory: ✅ 38.624MB (SLO: <41.500MB -6.9%) vs baseline: +0.7%

✅ slice_noaspect

Time: ✅ 0.450µs (SLO: <10.000µs 📉 -95.5%) vs baseline: -0.4%

Memory: ✅ 38.551MB (SLO: <41.500MB -7.1%) vs baseline: ~same

✅ stringio_aspect

Time: ✅ 1.687µs (SLO: <10.000µs 📉 -83.1%) vs baseline: -1.1%

Memory: ✅ 38.510MB (SLO: <41.500MB -7.2%) vs baseline: +0.2%

✅ stringio_noaspect

Time: ✅ 0.920µs (SLO: <10.000µs 📉 -90.8%) vs baseline: -0.3%

Memory: ✅ 38.554MB (SLO: <41.500MB -7.1%) vs baseline: +0.4%

✅ strip_aspect

Time: ✅ 2.169µs (SLO: <20.000µs 📉 -89.2%) vs baseline: -2.1%

Memory: ✅ 38.677MB (SLO: <41.500MB -6.8%) vs baseline: +0.6%

✅ strip_noaspect

Time: ✅ 0.389µs (SLO: <10.000µs 📉 -96.1%) vs baseline: +0.5%

Memory: ✅ 38.404MB (SLO: <41.500MB -7.5%) vs baseline: ~same

✅ swapcase_aspect

Time: ✅ 2.431µs (SLO: <10.000µs 📉 -75.7%) vs baseline: ~same

Memory: ✅ 38.508MB (SLO: <41.500MB -7.2%) vs baseline: +0.4%

✅ swapcase_noaspect

Time: ✅ 0.539µs (SLO: <10.000µs 📉 -94.6%) vs baseline: -0.4%

Memory: ✅ 38.697MB (SLO: <41.500MB -6.8%) vs baseline: +1.0%

✅ title_aspect

Time: ✅ 2.366µs (SLO: <10.000µs 📉 -76.3%) vs baseline: -0.2%

Memory: ✅ 38.468MB (SLO: <41.500MB -7.3%) vs baseline: +0.5%

✅ title_noaspect

Time: ✅ 0.506µs (SLO: <10.000µs 📉 -94.9%) vs baseline: -0.2%

Memory: ✅ 38.537MB (SLO: <41.500MB -7.1%) vs baseline: +0.6%

✅ translate_aspect

Time: ✅ 3.253µs (SLO: <10.000µs 📉 -67.5%) vs baseline: -2.4%

Memory: ✅ 38.508MB (SLO: <41.500MB -7.2%) vs baseline: +0.5%

✅ translate_noaspect

Time: ✅ 1.040µs (SLO: <10.000µs 📉 -89.6%) vs baseline: -0.3%

Memory: ✅ 38.543MB (SLO: <41.500MB -7.1%) vs baseline: +0.6%

✅ upper_aspect

Time: ✅ 2.260µs (SLO: <10.000µs 📉 -77.4%) vs baseline: ~same

Memory: ✅ 38.440MB (SLO: <41.500MB -7.4%) vs baseline: +0.6%

✅ upper_noaspect

Time: ✅ 0.371µs (SLO: <10.000µs 📉 -96.3%) vs baseline: -0.6%

Memory: ✅ 38.536MB (SLO: <41.500MB -7.1%) vs baseline: +0.2%

📉 iastpropagation - 8/8

✅ no-propagation

Time: ✅ 48.298µs (SLO: <60.000µs 📉 -19.5%) vs baseline: -0.4%

Memory: ✅ 38.181MB (SLO: <42.000MB -9.1%) vs baseline: -0.4%

✅ propagation_enabled

Time: ✅ 136.714µs (SLO: <190.000µs 📉 -28.0%) vs baseline: 📉 -22.8%

Memory: ✅ 38.122MB (SLO: <42.000MB -9.2%) vs baseline: -0.1%

✅ propagation_enabled_100

Time: ✅ 1.584ms (SLO: <2.300ms 📉 -31.1%) vs baseline: 📉 -17.9%

Memory: ✅ 38.181MB (SLO: <42.000MB -9.1%) vs baseline: -0.3%

✅ propagation_enabled_1000

Time: ✅ 29.105ms (SLO: <34.550ms 📉 -15.8%) vs baseline: 📉 -10.3%

Memory: ✅ 38.476MB (SLO: <42.000MB -8.4%) vs baseline: +0.8%

⚠️ Unstable Tests (1 suite)

⚠️

packagesupdateimporteddependencies - 24/24 (1 unstable)

✅ import_many

Time: ✅ 154.215µs (SLO: <170.000µs -9.3%) vs baseline: -0.5%

Memory: ✅ 39.346MB (SLO: <41.000MB -4.0%) vs baseline: +4.5%

✅ import_many_cached

Time: ✅ 120.711µs (SLO: <130.000µs -7.1%) vs baseline: -1.0%

Memory: ✅ 39.538MB (SLO: <41.000MB -3.6%) vs baseline: +4.9%

✅ import_many_stdlib

Time: ✅ 0.756ms (SLO: <1.750ms 📉 -56.8%) vs baseline: ~same

Memory: ✅ 39.394MB (SLO: <41.000MB -3.9%) vs baseline: +4.5%

⚠️ import_many_stdlib_cached

Time: ⚠️ 0.172ms (SLO: <1.100ms 📉 -84.4%) vs baseline: +0.3%

Memory: ✅ 39.423MB (SLO: <41.000MB -3.8%) vs baseline: +5.0%

✅ import_many_unknown

Time: ✅ 831.795µs (SLO: <890.000µs -6.5%) vs baseline: -0.1%

Memory: ✅ 39.581MB (SLO: <41.000MB -3.5%) vs baseline: +5.1%

✅ import_many_unknown_cached

Time: ✅ 789.954µs (SLO: <870.000µs -9.2%) vs baseline: -0.9%

Memory: ✅ 39.563MB (SLO: <41.000MB -3.5%) vs baseline: +4.9%

✅ import_one

Time: ✅ 19.617µs (SLO: <30.000µs 📉 -34.6%) vs baseline: -0.5%

Memory: ✅ 39.529MB (SLO: <41.000MB -3.6%) vs baseline: +5.5%

✅ import_one_cache

Time: ✅ 6.229µs (SLO: <10.000µs 📉 -37.7%) vs baseline: -0.4%

Memory: ✅ 39.528MB (SLO: <41.000MB -3.6%) vs baseline: +5.1%

✅ import_one_stdlib

Time: ✅ 18.599µs (SLO: <20.000µs -7.0%) vs baseline: +0.3%

Memory: ✅ 39.314MB (SLO: <41.000MB -4.1%) vs baseline: +4.5%

✅ import_one_stdlib_cache

Time: ✅ 6.251µs (SLO: <10.000µs 📉 -37.5%) vs baseline: ~same

Memory: ✅ 39.368MB (SLO: <41.000MB -4.0%) vs baseline: +4.9%

✅ import_one_unknown

Time: ✅ 45.437µs (SLO: <50.000µs -9.1%) vs baseline: +0.2%

Memory: ✅ 39.436MB (SLO: <41.000MB -3.8%) vs baseline: +5.0%

✅ import_one_unknown_cache

Time: ✅ 6.317µs (SLO: <10.000µs 📉 -36.8%) vs baseline: +0.5%

Memory: ✅ 39.325MB (SLO: <41.000MB -4.1%) vs baseline: +5.2%

✅ All Tests Passing (3 suites)

✅ iast_aspects - 40/40

✅ re_expand_aspect

Time: ✅ 33.899µs (SLO: <40.000µs 📉 -15.3%) vs baseline: +5.9%

Memory: ✅ 38.535MB (SLO: <41.000MB -6.0%) vs baseline: +0.4%

✅ re_expand_noaspect

Time: ✅ 28.822µs (SLO: <40.000µs 📉 -27.9%) vs baseline: +0.8%

Memory: ✅ 38.614MB (SLO: <41.000MB -5.8%) vs baseline: +0.9%

✅ re_findall_aspect

Time: ✅ 2.925µs (SLO: <10.000µs 📉 -70.8%) vs baseline: +1.0%

Memory: ✅ 38.555MB (SLO: <41.000MB -6.0%) vs baseline: +0.6%

✅ re_findall_noaspect

Time: ✅ 1.410µs (SLO: <10.000µs 📉 -85.9%) vs baseline: -0.8%

Memory: ✅ 38.457MB (SLO: <41.000MB -6.2%) vs baseline: +0.2%

✅ re_finditer_aspect

Time: ✅ 4.406µs (SLO: <10.000µs 📉 -55.9%) vs baseline: -1.5%

Memory: ✅ 38.574MB (SLO: <41.000MB -5.9%) vs baseline: +0.6%

✅ re_finditer_noaspect

Time: ✅ 1.408µs (SLO: <10.000µs 📉 -85.9%) vs baseline: -0.1%

Memory: ✅ 38.457MB (SLO: <41.000MB -6.2%) vs baseline: ~same

✅ re_fullmatch_aspect

Time: ✅ 2.709µs (SLO: <10.000µs 📉 -72.9%) vs baseline: -2.2%

Memory: ✅ 38.516MB (SLO: <41.000MB -6.1%) vs baseline: -0.1%

✅ re_fullmatch_noaspect

Time: ✅ 1.319µs (SLO: <10.000µs 📉 -86.8%) vs baseline: ~same

Memory: ✅ 38.437MB (SLO: <41.000MB -6.3%) vs baseline: ~same

✅ re_group_aspect

Time: ✅ 3.015µs (SLO: <10.000µs 📉 -69.9%) vs baseline: +2.1%

Memory: ✅ 38.574MB (SLO: <41.000MB -5.9%) vs baseline: +0.8%

✅ re_group_noaspect

Time: ✅ 1.611µs (SLO: <10.000µs 📉 -83.9%) vs baseline: -0.7%

Memory: ✅ 38.555MB (SLO: <41.000MB -6.0%) vs baseline: +0.6%

✅ re_groups_aspect

Time: ✅ 3.106µs (SLO: <10.000µs 📉 -68.9%) vs baseline: +0.5%

Memory: ✅ 38.574MB (SLO: <41.000MB -5.9%) vs baseline: +0.4%

✅ re_groups_noaspect

Time: ✅ 1.718µs (SLO: <10.000µs 📉 -82.8%) vs baseline: +1.1%

Memory: ✅ 38.535MB (SLO: <41.000MB -6.0%) vs baseline: +0.7%

✅ re_match_aspect

Time: ✅ 2.761µs (SLO: <10.000µs 📉 -72.4%) vs baseline: +0.1%

Memory: ✅ 38.535MB (SLO: <41.000MB -6.0%) vs baseline: +0.4%

✅ re_match_noaspect

Time: ✅ 1.303µs (SLO: <10.000µs 📉 -87.0%) vs baseline: -1.9%

Memory: ✅ 38.535MB (SLO: <41.000MB -6.0%) vs baseline: +0.5%

✅ re_search_aspect

Time: ✅ 2.530µs (SLO: <10.000µs 📉 -74.7%) vs baseline: -1.3%

Memory: ✅ 38.594MB (SLO: <41.000MB -5.9%) vs baseline: +0.9%

✅ re_search_noaspect

Time: ✅ 1.197µs (SLO: <10.000µs 📉 -88.0%) vs baseline: ~same

Memory: ✅ 38.574MB (SLO: <41.000MB -5.9%) vs baseline: +0.7%

✅ re_sub_aspect

Time: ✅ 3.382µs (SLO: <10.000µs 📉 -66.2%) vs baseline: -0.9%

Memory: ✅ 38.417MB (SLO: <41.000MB -6.3%) vs baseline: +0.2%

✅ re_sub_noaspect

Time: ✅ 1.560µs (SLO: <10.000µs 📉 -84.4%) vs baseline: +1.1%

Memory: ✅ 38.535MB (SLO: <41.000MB -6.0%) vs baseline: +0.2%

✅ re_subn_aspect

Time: ✅ 3.616µs (SLO: <10.000µs 📉 -63.8%) vs baseline: -2.0%

Memory: ✅ 38.594MB (SLO: <41.000MB -5.9%) vs baseline: +0.4%

✅ re_subn_noaspect

Time: ✅ 1.625µs (SLO: <10.000µs 📉 -83.8%) vs baseline: +1.0%

Memory: ✅ 38.633MB (SLO: <41.000MB -5.8%) vs baseline: +0.8%

✅ iastaspectssplit - 12/12

✅ rsplit_aspect

Time: ✅ 1.436µs (SLO: <10.000µs 📉 -85.6%) vs baseline: -1.5%

Memory: ✅ 38.516MB (SLO: <41.000MB -6.1%) vs baseline: +0.7%

✅ rsplit_noaspect

Time: ✅ 0.579µs (SLO: <10.000µs 📉 -94.2%) vs baseline: ~same

Memory: ✅ 38.594MB (SLO: <41.000MB -5.9%) vs baseline: +0.8%

✅ split_aspect

Time: ✅ 1.419µs (SLO: <10.000µs 📉 -85.8%) vs baseline: ~same

Memory: ✅ 38.555MB (SLO: <41.000MB -6.0%) vs baseline: +0.4%

✅ split_noaspect

Time: ✅ 0.573µs (SLO: <10.000µs 📉 -94.3%) vs baseline: +0.4%

Memory: ✅ 38.476MB (SLO: <41.000MB -6.2%) vs baseline: ~same

✅ splitlines_aspect

Time: ✅ 1.403µs (SLO: <10.000µs 📉 -86.0%) vs baseline: -0.8%

Memory: ✅ 38.614MB (SLO: <41.000MB -5.8%) vs baseline: +0.7%

✅ splitlines_noaspect

Time: ✅ 0.582µs (SLO: <10.000µs 📉 -94.2%) vs baseline: -0.2%

Memory: ✅ 38.398MB (SLO: <41.000MB -6.3%) vs baseline: +0.1%

✅ otelsdkspan - 24/24

✅ add-event

Time: ✅ 40.504ms (SLO: <42.000ms -3.6%) vs baseline: +0.7%

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%) vs baseline: +4.3%

✅ add-link

Time: ✅ 36.476ms (SLO: <38.550ms -5.4%) vs baseline: +1.3%

Memory: ✅ 37.120MB (SLO: <39.000MB -4.8%) vs baseline: +4.3%

✅ add-metrics

Time: ✅ 219.217ms (SLO: <232.000ms -5.5%) vs baseline: ~same

Memory: ✅ 37.356MB (SLO: <39.000MB -4.2%) vs baseline: +4.4%

✅ add-tags

Time: ✅ 211.774ms (SLO: <221.600ms -4.4%) vs baseline: +0.4%

Memory: ✅ 37.297MB (SLO: <39.000MB -4.4%) vs baseline: +4.4%

✅ get-context

Time: ✅ 29.132ms (SLO: <31.300ms -6.9%) vs baseline: ~same

Memory: ✅ 37.297MB (SLO: <39.000MB -4.4%) vs baseline: +4.7%

✅ is-recording

Time: ✅ 29.201ms (SLO: <31.000ms -5.8%) vs baseline: +0.2%

Memory: ✅ 37.316MB (SLO: <39.000MB -4.3%) vs baseline: +4.6%

✅ record-exception

Time: ✅ 63.254ms (SLO: <65.850ms -3.9%) vs baseline: +0.5%

Memory: ✅ 37.709MB (SLO: <39.000MB -3.3%) vs baseline: +5.3%

✅ set-status

Time: ✅ 31.903ms (SLO: <34.150ms -6.6%) vs baseline: ~same

Memory: ✅ 37.238MB (SLO: <39.000MB -4.5%) vs baseline: +4.0%

✅ start

Time: ✅ 29.260ms (SLO: <30.150ms -3.0%) vs baseline: +1.4%

Memory: ✅ 37.198MB (SLO: <39.000MB -4.6%) vs baseline: +4.5%

✅ start-finish

Time: ✅ 33.949ms (SLO: <35.350ms -4.0%) vs baseline: -0.2%

Memory: ✅ 37.179MB (SLO: <39.000MB -4.7%) vs baseline: +3.9%

✅ start-finish-telemetry

Time: ✅ 33.929ms (SLO: <35.450ms -4.3%) vs baseline: +0.2%

Memory: ✅ 37.434MB (SLO: <39.000MB -4.0%) vs baseline: +4.4%

✅ update-name

Time: ✅ 31.155ms (SLO: <33.400ms -6.7%) vs baseline: +0.7%

Memory: ✅ 37.238MB (SLO: <39.000MB -4.5%) vs baseline: +4.3%

ℹ️ Scenarios Missing SLO Configuration (10 scenarios)

The following scenarios exist in candidate data but have no SLO thresholds configured:

coreapiscenario-core_dispatch_listeners
coreapiscenario-core_dispatch_no_listeners
coreapiscenario-core_dispatch_with_results_listeners
coreapiscenario-core_dispatch_with_results_no_listeners
djangosimple-baseline
errortrackingdjangosimple-baseline
errortrackingflasksqli-baseline
flasksimple-baseline
flasksqli-baseline
sethttpmeta-obfuscation-disabled

ddtrace/appsec/_iast/_taint_tracking/api/safe_initializer.cpp

dd-octo-sts · 2025-12-09T12:28:27Z

The backport to 4.0 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-4.0 4.0
# Navigate to the new working tree
cd .worktrees/backport-4.0
# Create a new branch
git switch --create backport-15514-to-4.0
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 d1b4fd8d387aefa177afd726f3c44f616927c0b7
# Push it to GitHub
git push --set-upstream origin backport-15514-to-4.0
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-4.0

Then, create a pull request where the base branch is 4.0 and the compare/head branch is backport-15514-to-4.0.

dd-octo-sts · 2025-12-09T12:28:28Z

The backport to 3.19 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-3.19 3.19
# Navigate to the new working tree
cd .worktrees/backport-3.19
# Create a new branch
git switch --create backport-15514-to-3.19
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 d1b4fd8d387aefa177afd726f3c44f616927c0b7
# Push it to GitHub
git push --set-upstream origin backport-15514-to-3.19
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-3.19

Then, create a pull request where the base branch is 3.19 and the compare/head branch is backport-15514-to-3.19.

IAST-enabled applications using Gunicorn/Uvicorn workers were experiencing segmentation faults (~33% crash rate on MCP streaming requests) due to memory corruption when processes fork. - C++ global singletons (`taint_engine_context`, `initializer`) initialized at module load - Taint maps storing PyObject pointers by memory address - Child processes after fork inherited stale pointers from parent process memory - Accessing these stale pointers → use-after-free → SIGSEGV crash - Implemented `pthread_atfork` handler that automatically resets C++ global state in child processes after every fork: - Added comprehensive null-check wrappers around all native functions to prevent crashes when native state is - Fixed test regression issues where context slots weren't being freed: **[AddressSanitizer (ASAN)](https://github.com/google/sanitizers/wiki/AddressSanitizer)** is a fast memory error detector that catches use-after-free, buffer overflows, and other memory corruption bugs at runtime. **1. Runtime Environment (No Recompilation Required)** The simplest way to test is using LD_PRELOAD with the system's libasan: ```bash ASAN_LIB=$(gcc -print-file-name=libasan.so) LD_PRELOAD=$ASAN_LIB \ ASAN_OPTIONS="detect_leaks=0:symbolize=1:abort_on_error=0" \ python3 -m pytest tests/appsec/iast/test_fork_handler_regression.py -v ``` **ASAN_OPTIONS explained:** - `detect_leaks=0` - Disable leak detection (Python has many false positives) - `symbolize=1` - Show human-readable stack traces - `abort_on_error=0` - Continue after first error (collect all errors) **2. Build with ASAN (Optional, for deeper analysis)** For more thorough testing, compile the native extension with ASAN: ```bash export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g" export CXXFLAGS="-fsanitize=address -fno-omit-frame-pointer -g" export LDFLAGS="-fsanitize=address" pip install --no-build-isolation --force-reinstall -e . ASAN_OPTIONS="detect_leaks=0:symbolize=1:abort_on_error=0" \ python3 -m pytest tests/appsec/iast/test_fork_handler_regression.py -v ``` This script demonstrates the fork safety fix and can be used to verify ASAN finds no errors: ```python """Minimal fork safety reproduction test for ASAN verification.""" import os from ddtrace.appsec._iast._taint_tracking import OriginType from ddtrace.appsec._iast._taint_tracking._native import initialize_native_state from ddtrace.appsec._iast._taint_tracking._taint_objects import taint_pyobject from ddtrace.appsec._iast._taint_tracking._context import ( start_request_context, debug_context_array_free_slots_number, debug_num_tainted_objects ) def main(): print(f"[Parent PID {os.getpid()}] Initializing IAST...") # Initialize native state initialize_native_state() # Create context and tainted objects in parent ctx_id = start_request_context() print(f"[Parent] Context created: {ctx_id}") # Create some tainted objects (populates native maps) for i in range(10): taint_pyobject(f"data_{i}", "source", f"value_{i}", OriginType.PARAMETER) tainted_count = debug_num_tainted_objects(ctx_id) print(f"[Parent] Tainted objects: {tainted_count}") # Fork pid = os.fork() if pid == 0: # Child process print(f"[Child PID {os.getpid()}] Started after fork") # Verify pthread_atfork reset worked free_slots = debug_context_array_free_slots_number() print(f"[Child] Free slots: {free_slots}") if free_slots > 0: print("[Child] ✅ Context slots were reset (pthread_atfork worked!)") os._exit(0) # Success else: print("[Child] ❌ Context slots NOT reset") os._exit(1) # Failure else: # Parent waits for child _, status = os.waitpid(pid, 0) exit_code = os.WEXITSTATUS(status) if exit_code == 0: print(f"[Parent] ✅ Child exited cleanly - Fork safety verified!") return 0 else: print(f"[Parent] ❌ Child failed with exit code {exit_code}") return 1 if __name__ == "__main__": exit(main()) ``` **Run with ASAN:** ```bash LD_PRELOAD=$(gcc -print-file-name=libasan.so) \ ASAN_OPTIONS="detect_leaks=0:symbolize=1:abort_on_error=0" \ python3 test_fork_asan.py ``` **Expected output (success):** ``` [Parent PID 12345] Initializing IAST... [Parent] Context created: 0 [Parent] Tainted objects: 10 [Child PID 12346] Started after fork [Child] Free slots: 2 [Child] ✅ Context slots were reset (pthread_atfork worked!) [Parent] ✅ Child exited cleanly - Fork safety verified! ``` **What ASAN would report WITHOUT this fix:** ``` ==12346==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040 ==12346==The signal is caused by a READ memory access. #0 0x7f... in get_tainted_object_map_by_ctx_id #1 0x7f... in debug_context_array_free_slots_number ``` (cherry picked from commit d1b4fd8)

avara1986 added 2 commits December 4, 2025 15:52

fix(iast): wrong memory address in subprocess in MCP servers

578f47c

fix(iast): wrong memory address in subprocess in MCP servers

061b01e

avara1986 added changelog/no-changelog A changelog entry is not required for this PR. ASM Application Security Monitoring labels Dec 4, 2025

fix(iast): wrong memory address in subprocess in MCP servers

5105588

avara1986 added 7 commits December 4, 2025 21:39

fix(iast): wrong memory address in subprocess in MCP servers

750d831

enable tests for python 3.14

9f2a3cf

fix(iast): wrong memory address in subprocess in MCP servers

54aec7d

fix(iast): wrong memory address in subprocess in MCP servers

968863b

fix(iast): wrong memory address in subprocess in MCP servers

95c4163

fix(iast): wrong memory address in subprocess in MCP servers

30f8559

fix(iast): wrong memory address in subprocess in MCP servers

d7d49e4

avara1986 added backport 4.0 backport 3.19 and removed changelog/no-changelog A changelog entry is not required for this PR. labels Dec 5, 2025

fix(iast): wrong memory address in subprocess in MCP servers

6f80cb9

juanjux reviewed Dec 5, 2025

View reviewed changes

ddtrace/appsec/_iast/_taint_tracking/api/safe_initializer.cpp Show resolved Hide resolved

ddtrace/appsec/_iast/_taint_tracking/api/safe_initializer.cpp Show resolved Hide resolved

ddtrace/appsec/_iast/_taint_tracking/api/safe_initializer.cpp Show resolved Hide resolved

juanjux approved these changes Dec 5, 2025

View reviewed changes

avara1986 added 5 commits December 5, 2025 13:17

Merge branch 'main' into avara1986/APPSEC-60135_iast_potencial_error

8f51f9b

fix(iast): wrong memory address in subprocess in MCP servers

ee17762

fix(iast): wrong memory address in subprocess in MCP servers

524f55a

codestyle

fcf83f2

rollback

05a9d46

avara1986 force-pushed the avara1986/APPSEC-60135_iast_potencial_error branch from e676dc2 to 05a9d46 Compare December 5, 2025 16:04

avara1986 added 3 commits December 5, 2025 17:13

codestyle

364dde0

fix slice aspect memory usage

83a1467

fix slice aspect memory usage

0104ab5

avara1986 added 4 commits December 5, 2025 20:57

increment slo

f396595

fix slice aspect memory usage

d8b7d8d

rollback bm slo changes

2f0a97a

Merge branch 'main' into avara1986/APPSEC-60135_iast_potencial_error

88aa593

avara1986 marked this pull request as ready for review December 9, 2025 10:24

avara1986 requested review from a team as code owners December 9, 2025 10:24

avara1986 requested review from duncanista and florentinl December 9, 2025 10:24

christophe-papazian approved these changes Dec 9, 2025

View reviewed changes

avara1986 merged commit d1b4fd8 into main Dec 9, 2025
568 checks passed

avara1986 deleted the avara1986/APPSEC-60135_iast_potencial_error branch December 9, 2025 12:28

avara1986 mentioned this pull request Dec 9, 2025

fix(iast): wrong memory address in subprocess in mcp servers [backport 3.19] #15565

Open

avara1986 mentioned this pull request Dec 9, 2025

fix(iast): wrong memory address in subprocess in mcp servers [backport 4.0] #15566

Open

fix(iast): wrong memory address in subprocess in mcp servers #15514

fix(iast): wrong memory address in subprocess in mcp servers #15514

Uh oh!

Conversation

avara1986 commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Root Cause

Solution

ASAN Verification

Minimal Reproduction Test

Uh oh!

github-actions bot commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Bootstrap import analysis

Summary

Import time breakdown

Uh oh!

pr-commenter bot commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Performance SLOs

❌ cache_off

✅ cache_on

✅ ospathbasename_aspect

✅ ospathbasename_noaspect

✅ ospathjoin_aspect

✅ ospathjoin_noaspect

✅ ospathnormcase_aspect

✅ ospathnormcase_noaspect

✅ ospathsplit_aspect

✅ ospathsplit_noaspect

✅ ospathsplitdrive_aspect

✅ ospathsplitdrive_noaspect

✅ ospathsplitext_aspect

✅ ospathsplitext_noaspect

✅ 1-count-metric-1-times

✅ 1-count-metrics-100-times

✅ 1-distribution-metric-1-times

✅ 1-distribution-metrics-100-times

✅ 1-gauge-metric-1-times

✅ 1-gauge-metrics-100-times

✅ 1-rate-metric-1-times

✅ 1-rate-metrics-100-times

✅ 100-count-metrics-100-times

✅ 100-distribution-metrics-100-times

✅ 100-gauge-metrics-100-times

✅ 100-rate-metrics-100-times

✅ flush-1-metric

✅ flush-100-metrics

✅ flush-1000-metrics

⚠️ context_with_data_listeners

✅ context_with_data_no_listeners

✅ get_item_exists

✅ get_item_missing

✅ set_item

✅ appsec

✅ exception-replay-enabled

✅ iast

✅ profiler

✅ resource-renaming

✅ span-code-origin

✅ tracer

✅ tracer-and-profiler

✅ tracer-dont-create-db-spans

✅ tracer-minimal

✅ tracer-native

✅ tracer-no-caches

✅ tracer-no-databases

✅ tracer-no-middleware

✅ tracer-no-templates

✅ errortracking-enabled-all

✅ errortracking-enabled-user

✅ tracer-enabled

✅ errortracking-enabled-all

✅ errortracking-enabled-user

✅ tracer-enabled

✅ appsec-get

✅ appsec-post

avara1986 commented Dec 4, 2025 •

edited

Loading

github-actions bot commented Dec 4, 2025 •

edited

Loading

github-actions bot commented Dec 4, 2025 •

edited

Loading

pr-commenter bot commented Dec 4, 2025 •

edited

Loading