Qiskit / qiskit / 13862432148 / 1
88%
main: 88%

LAST BUILD BRANCH: c-target-get-params
DEFAULT BRANCH: main
Ran
Files 789
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 88.081% (-0.04%) from 88.12%
13862432148.1

push

github

web-flow 
 Introduce custom sympy srepr parser [stable/2.0] (#14023)

* Introduce custom sympy srepr parser

This commit introduces a custom parser to QPY for parameter expression
payloads that were generated using sympy. Prior to QPY version 10 this
was the only way we supported serializing parameter expressions in QPY.
For QPY version 10, 11, and 12 sympy could optionally be used if the
payload was generated explicitly to not use symengine (in qiskit 1.0 it
defaulted to use symengine).
This serialization format relied on sympy to generate a string
representation of the expression which we then put in the payload. On
deserialization we called sympy's `parse_expr()` function which
internally is calling sympy's `sympify()` internally. Sympy documents
that `sympify()` relies on Python's `eval()` for string input and
should not be used with untrusted input. But `parse_expr()` didn't have
such a warning (at the time, I plan to contribute adding one), so
using this function provides an avenue for arbitrary code execution
during QPY deserialization.

This commit fixes this issue by writing a custom parser for the string
repesentation in a QPY payload based on python's ast module. This parser
walks the abstract syntax tree and builds the sympy expression object as
it it goes. It is restricted to the operations that
`ParameterExpression` supports and if any part of the string tries to
use functionality outside that set it will error.

* Simplify visitor logic

* Fix lint

* Add sanity checks that we only call sympify if coming from symengine

* Apply suggestions from code review

Co-authored-by: Elena Peña Tapia <57907331+ElePT@users.noreply.github.com>

* Bump version numbers to prepare rc2

* Fix PGO build

PGO fails when we build qiskit-cext both as cdylib in addition to rlib,
due to missing Python symbols. This could be due to us not setting the
pyo3/extension-module correctly; which we want enabled when we compile
the crate for use in the Python extension crate qi... (continued)

72691 of 82527 relevant lines covered (88.08%)

358009.04 hits per line

Source Files on job 13862432148.1