Add free-threading (no-GIL) support for Python 3.13t+

[bodono]

Summary

Enables scs-python to run correctly on free-threaded CPython builds (3.13t+), building on the earlier work in #131 and incorporating follow-up fixes from review and CI.

The main user-facing outcome is that:

• separate SCS instances can be used safely from multiple threads on free-threaded Python
• the same SCS instance is also safe to call from multiple threads, but access is serialized with a per-instance lock

What Changed

Python extension changes

• Declare the extension modules as not requiring the GIL via PyUnstable_Module_SetGIL(..., Py_MOD_GIL_NOT_USED) in scs/scsmodule.h.
• Add a per-instance PyThread_type_lock protecting work / sol in scs/scsobject.h.
  • The lock wraps SCS_solve, SCS_update, and SCS_finish.
  • This makes same-instance access safe by serializing it.
  • This lock is currently present on all builds, not just Py_GIL_DISABLED builds.
• Fix free-threading reference-safety issues while parsing Python objects:
  • PyDict_GetItemString -> PyDict_GetItemStringRef
  • PyList_GetItem -> PyList_GetItemRef
• Fix the self->work TOCTOU race by moving the null check under the instance lock in SCS_solve and SCS_update.
• Document the different lock-release orderings used in SCS_solve vs SCS_update.

scs_source update

• Update the scs_source submodule to current upstream master.
• This includes the upstream thread-safe ctrl-c / signal-handling fix (cvxgrp/scs#375) and the later upstream changes that landed after that point.
• Link thread support in the build where needed for the upstream ctrl-c fix.

Build / packaging / CI

• Enable free-threaded wheel builds in cibuildwheel for CPython 3.13t+.
• Add a dedicated free-threading CI workflow covering:
  • free-threaded Python 3.13t
  • free-threaded Python 3.14t
  • parallel threaded test execution with pytest-run-parallel
  • ThreadSanitizer and AddressSanitizer jobs
• Set OPENBLAS_NUM_THREADS=1 in TSan runs to avoid noise from non-instrumented OpenBLAS worker threads.
• Move sanitizer suppression files into test/.

Tests

• Add test/test_free_threading.py with concurrency and stress coverage for:
  • independent solver instances
  • shared solver instances
  • concurrent solve() / update() usage
  • warm starts
  • result isolation
  • error-path lock release behavior
  • rapid create / solve / destroy cycles
• Keep test/test_thread_safety.py and mark thread-creating tests appropriately for pytest-run-parallel.
• Add test/conftest.py to fail the test run if the GIL gets silently re-enabled during free-threaded testing.
• Convert random/problem-generation tests away from global RNG state to explicit per-test RandomState(...) usage so they are deterministic and thread-safe.

Design Notes

• Different SCS instances should be able to solve concurrently once the interpreter no longer serializes threads with the GIL.
• Shared use of a single SCS instance is made safe by serialization, not by making the underlying workspace re-entrant.
• SCS_init is still left unlocked; the intended model is that object construction is thread-local.
• On ordinary GIL builds, this branch still adds the instance lock path, so the overhead is small but not literally zero.

Closes #130.

Test Coverage

This branch adds or updates coverage for:

• existing build/test matrix on regular CPython
• free-threaded CPython 3.13t / 3.14t
• threaded parallel test execution
• sanitizer-based race checking
• deterministic random-problem backend tests

[ngoldbaum]

Hi! I’ll try to give this a once-over next week sometime.

[bodono]

That would be amazing, thanks @ngoldbaum !

[ngoldbaum]

I looked over the C code (with the help of Claude) and I think there are two thread safety issues that aren't addressed in this PR:

• Uses of PyList_GetItem and PyDict_GetItemString on possibly shared containers.

  • You can fix this by using PyList_GetItemRef and PyDict_GetItemRef instead. Both are available in pythoncapi-compat, which it looks like you already have vendored. You'll also need to adjust the reference counting, since the new functions I'm suggesting return owned references.

• Time-of-use vs Time-of-update races around the workspace pointer.

  • The (!self->work) check on line 832 of scsobject.h, in SCS_update, happens without holding the lock. Another thread could concurrently trigger SCS_finish or SCS_init, which both set self->work = NULL with the lock held. If that happens, you could have a null pointer dereference. I think both SCS_solve and SCS_update should move those checks into code blocks where they have the lock held.
  • That said, I'm pretty sure either of these scenarios are mostly theoretical, I don't think it's possible to trigger SCS_finish unless the object's refcount goes to zero. It is possible to manually re-trigger __init__, but that's a super weird thing to do. Either way, probably better to move the checks for whether the workspace exists into code where the lock is held, if only to make the code clearer.

• PyThread_acquire_lock can fail and you're supposed to check for failure. Almost no code actually does that though so this is more of a minor nit.

[ngoldbaum]

Oh also, it looks like there isn't a test that shares an SCS objects between threads and simultaneously calls update and solve. That shouldn't race, assuming the locking is correct. You might even consider adding a test run that uses a TSan-instrumented build of CPython and scs-python if you want to be very sure there aren't any data races.

[bodono]

Thanks for the very thorough review @ngoldbaum ! I am also working with Claude and I think we have addressed your comments.

#: 1
Comment: Use PyList_GetItemRef / PyDict_GetItemRef
Addressed?: Yes
Notes: All list/dict access uses owned-reference variants
────────────────────────────────────────
#: 2
Comment: TOCTOU races — check workspace under lock
Addressed?: Yes
Notes: Both SCS_solve and SCS_update check !self->work inside the lock
────────────────────────────────────────
#: 3
Comment: Check PyThread_acquire_lock return
Addressed?: Yes
Notes: Checked in solve/update; dealloc path intentionally unchecked (documented)
────────────────────────────────────────
#: 4
Comment: Drop 3.13t, focus on 3.14t
Addressed?: No
Notes: We test both 3.13t and 3.14t; happy to drop 3.13t if you feel strongly
────────────────────────────────────────
#: 5
Comment: Integrate into pixi-based CI
Addressed?: No
Notes: Kept as separate workflow — the sanitizer jobs build CPython from source with --disable-gil, and uv python
install 3.14t is simpler than wiring free-threaded Python through pixi. Different test invocations (sequential +
--parallel-threads) also make it a poor fit for the existing matrix.
────────────────────────────────────────
#: 6
Comment: faulthandler_timeout in pytest config
Addressed?: Yes
Notes: Added faulthandler_exit_on_timeout = true as well
────────────────────────────────────────
#: 7
Comment: conftest.py GIL check
Addressed?: Yes
Notes: NumPy-style pytest_terminal_summary hook detects GIL re-enablement
────────────────────────────────────────
#: 8
Comment: Concurrent solve/update test + TSan
Addressed?: Yes
Notes: test_shared_instance_concurrent_solve_and_update uses barrier-synchronized threads; TSan and ASan CI jobs run against these tests

[ngoldbaum]

Awesome, I’ll try to give this another once-over next week.

[ngoldbaum]

Overall looks good. I had a few minor comments inline. I used Claude to review this and didn't read all the new tests in detail. I did read the changes to scsobject.h and the CI/sanitizer config in detail.

[ngoldbaum]

At this point I'd call this stable!

[bodono]

Good catch — changed to 3 - Stable. Also fixed the classifier string: the previous one had an extraneous Implementation :: segment that isn't in the trove-classifiers list, so PyPI would have rejected it on upload.

[ngoldbaum]

It turns out cibuildwheel is going to remove this option in the next release, so you might as well never enable it in the first place: pypa/cibuildwheel#2787

[bodono]

Dropped. Verified that on cibuildwheel 3.4.1 (which we pin), 3.14t wheels build without the flag — see the v3.4.1 release notes. Side effect: we no longer ship 3.13t wheels, which matches the migration direction in your earlier comment anyway.

[ngoldbaum]

pytest-run-parallel marks these as unsafe automatically: https://github.com/Quansight-Labs/pytest-run-parallel/blob/52486283381cf881f8fd229ab4a77528466748ef/src/pytest_run_parallel/thread_unsafe_detection.py#L52-L60

[bodono]

Dropped, thanks.

[ngoldbaum]

why the pthreads dependency?

[bodono]

It's for the upstream thread-safe ctrl-c fix (cvxgrp/scs#375). scs_source/src/ctrlc.c now uses a pthread_mutex_t to protect the ref-counted signal-handler registration, so the extension needs to link against the pthread library on platforms where libc doesn't pull it in by default. dependency('threads') is the meson-idiomatic, portable way to ask for that (it resolves to -lpthread on glibc, nothing on musl/macOS, the right Windows shim, etc.).

[ngoldbaum]

Generally I've been operating under the assumption that objects are only ever initialized once and anyone calling __init__ directly like this is doing something that shouldn't be made thread-safe. It makes it a lot simpler to reason about code if you make the assumption that the initializer always runs on an unshared instance.

But if you do care and want to protect against this, I think that means SCS_init should acquire the lock when it checks for the workspace pointer.

[bodono]

Agreed — went with the first option. SCS_init stays unlocked, the re-init concurrency test is gone (39c1579), and SCS.__init__ now has a docstring note making the thread-local-construction assumption explicit. Matches the pattern in NumPy/SciPy/h5py/etc.

[bodono]

Thanks again for all your help @ngoldbaum !