fix(profiler): lock-free class/endpoint/context maps via StringDictionary

.github/workflows/ci.yml

@@ -128,6 +128,7 @@ jobs:
     if: needs.check-for-pr.outputs.skip != 'true'
     outputs:
       configurations: ${{ steps.compute.outputs.configurations }}
+      run_fuzz: ${{ steps.compute.outputs.run_fuzz }}
     steps:
       - name: Debounce label events
         if: github.event.action == 'labeled'
@@ -155,6 +156,13 @@ jobs:
             if echo "$labels" | grep -Fq "test:tsan"; then
               configs="$configs"',"tsan"'
             fi
+            if echo "$labels" | grep -Fq "test:fuzz"; then
+              echo "run_fuzz=true" >> $GITHUB_OUTPUT
+            else
+              echo "run_fuzz=false" >> $GITHUB_OUTPUT
+            fi
+          else
+            echo "run_fuzz=false" >> $GITHUB_OUTPUT
           fi
 
           configs="$configs]"
@@ -194,3 +202,37 @@ jobs:
           body-file: test-summary.md
           comment-id: ci-test-results
 
+  fuzz:
+    needs: [check-for-pr, compute-configurations]
+    if: needs.check-for-pr.outputs.skip != 'true' && needs.compute-configurations.outputs.run_fuzz == 'true'
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    timeout-minutes: 30
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Cache Gradle Wrapper Binaries
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: ~/.gradle/wrapper/dists
+          key: gradle-wrapper-${{ runner.os }}-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }}
+          restore-keys: |
+            gradle-wrapper-${{ runner.os }}-
+      - name: Cache Gradle User Home
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: ~/.gradle/caches
+          key: gradle-caches-${{ runner.os }}-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            gradle-caches-${{ runner.os }}-
+      - name: Setup OS
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y clang
+      - name: Fuzz
+        run: ./gradlew :ddprof-lib:fuzz:fuzz -Pfuzz-duration=120 --no-daemon
+      - name: Upload crash artifacts
+        if: failure()
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: fuzz-crashes
+          path: ddprof-lib/fuzz/build/fuzz-crashes/

.github/workflows/nightly.yml

@@ -15,6 +15,38 @@ jobs:
     uses: ./.github/workflows/test_workflow.yml
     with:
       configuration: '["asan"]' # Ignoring tsan for now '["asan", "tsan"]'
+  fuzz:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    timeout-minutes: 30
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Cache Gradle Wrapper Binaries
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: ~/.gradle/wrapper/dists
+          key: gradle-wrapper-${{ runner.os }}-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }}
+          restore-keys: |
+            gradle-wrapper-${{ runner.os }}-
+      - name: Cache Gradle User Home
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: ~/.gradle/caches
+          key: gradle-caches-${{ runner.os }}-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            gradle-caches-${{ runner.os }}-
+      - name: Setup OS
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y clang
+      - name: Fuzz
+        run: ./gradlew :ddprof-lib:fuzz:fuzz -Pfuzz-duration=120 --no-daemon
+      - name: Upload crash artifacts
+        if: failure()
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: fuzz-crashes
+          path: ddprof-lib/fuzz/build/fuzz-crashes/
   report-failures:
     runs-on: ubuntu-latest
     needs: run-test

AGENTS.md

@@ -384,6 +384,29 @@ arm64 has a weakly-ordered memory model (unlike x86 TSO). Incorrect ordering cau
 - **Architecture Support**: x64, arm64 with architecture-specific stack walking
 - **Debug Symbol Handling**: Split debug information for production deployments
 
+#### musl/aarch64/JDK11 — `start_routine_wrapper_spec` minimal-frame invariant
+
+`start_routine_wrapper_spec` (`libraryPatcher_linux.cpp`) has a known "precarious stack guard
+corruption" on musl/aarch64/JDK11 (see the comment at the function definition). The root cause
+is that musl places the stack canary close to the frame boundary, so any substantial stack
+allocation inside `start_routine_wrapper_spec` corrupts it.
+
+**Rule:** Any code placed inside `start_routine_wrapper_spec` that allocates meaningful stack
+objects MUST be extracted into a separate `__attribute__((noinline))` helper so those objects
+live in the helper's own frame, not in `start_routine_wrapper_spec`'s frame.
+
+Existing helpers follow this pattern:
+- `delete_routine_info` — isolates `SignalBlocker` (`sigset_t`, 128 bytes on musl)
+- `init_tls_and_register` — same reason
+- `run_with_musl_cleanup` — isolates `struct __ptcb` from `pthread_cleanup_push` (24 bytes)
+
+**Trigger:** `pthread_cleanup_push` is a macro that declares `struct __ptcb __cb` on the
+caller's stack. If called directly inside `start_routine_wrapper_spec` it re-triggers the
+corruption. Always wrap it in a `noinline` helper.
+
+This only affects the `#ifdef __aarch64__` / `#ifndef __GLIBC__` code path. Other platforms
+and libc combinations do not have this constraint.
+
 ## Development Guidelines
 
 ### Code Organization Principles

build-logic/conventions/src/main/kotlin/com/datadoghq/native/fuzz/FuzzTargetsPlugin.kt

@@ -86,7 +86,7 @@ class FuzzTargetsPlugin : Plugin<Project> {
         val includeFiles = buildIncludePaths(project, extension, homebrewLLVM)
 
         // Build compiler/linker args
-        val compilerArgs = buildFuzzCompilerArgs()
+        val compilerArgs = buildFuzzCompilerArgs(project)
         val linkerArgs = buildFuzzLinkerArgs(homebrewLLVM, clangResourceDir, project.logger)
 
         val fuzzSourceDir = extension.fuzzSourceDir.get().asFile
@@ -194,15 +194,17 @@ class FuzzTargetsPlugin : Plugin<Project> {
         return includes
     }
 
-    private fun buildFuzzCompilerArgs(): List<String> {
+    private fun buildFuzzCompilerArgs(project: Project): List<String> {
+        val version = project.version.toString()
         val args = mutableListOf(
             "-O1",
             "-g",
             "-fno-omit-frame-pointer",
             "-fsanitize=fuzzer,address,undefined",
             "-fvisibility=hidden",
             "-std=c++17",
-            "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"
+            "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION",
+            "-DPROFILER_VERSION=\"$version\""
         )
         if (PlatformUtils.currentPlatform == Platform.LINUX && PlatformUtils.isMusl()) {
             args.add("-D__musl__")