DataDog
diff --git a/‎.github/workflows/prof_asan.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/prof_asan.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.gitlab/build-profiler.sh‎
Lines changed: 1 addition & 1 deletion b/‎.gitlab/build-profiler.sh‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.gitlab/ci-images.yml‎
Lines changed: 4 additions & 4 deletions b/‎.gitlab/ci-images.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.gitlab/generate-appsec.php‎
Lines changed: 7 additions & 2 deletions b/‎.gitlab/generate-appsec.php‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎.gitlab/generate-package.php‎
Lines changed: 6 additions & 6 deletions b/‎.gitlab/generate-package.php‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎.gitlab/generate-profiler.php‎
Lines changed: 3 additions & 3 deletions b/‎.gitlab/generate-profiler.php‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.gitlab/generate-shared.php‎
Lines changed: 8 additions & 5 deletions b/‎.gitlab/generate-shared.php‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎.gitlab/generate-tracer.php‎
Lines changed: 3 additions & 2 deletions b/‎.gitlab/generate-tracer.php‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎appsec/cmake/clang-format.cmake‎
Lines changed: 7 additions & 7 deletions b/‎appsec/cmake/clang-format.cmake‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎appsec/cmake/clang-tidy.cmake‎
Lines changed: 10 additions & 10 deletions b/‎appsec/cmake/clang-tidy.cmake‎
Lines changed: 10 additions & 10 deletions
@@ -16,7 +16,7 @@ jobs:
       CARGO_TARGET_DIR: /tmp/build-cargo
       RUST_TOOLCHAIN: nightly-2025-06-13
     container:
-      image: datadog/dd-trace-ci:php-${{matrix.php-version}}_bookworm-6
+      image: datadog/dd-trace-ci:php-${{matrix.php-version}}_bookworm-7
       # https://docs.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user
       options: --user root --privileged
 
@@ -49,7 +49,7 @@ jobs:
           set -eux
           switch-php nts-asan
           cd profiling
-          export CC=clang-17
+          export CC=clang-19
           export CFLAGS='-fsanitize=address  -fno-omit-frame-pointer'
           export LDFLAGS='-fsanitize=address -shared-libasan'
           export RUSTC_LINKER=lld-17
 
@@ -17,7 +17,7 @@ fi
 #  /usr/lib/llvm20/lib/clang/20/include/arm_neon.h:6374:25: error: incompatible constant for this __builtin_neon function
 # etc.
 if [ -f /sbin/apk ] && [ $(uname -m) = "aarch64" ]; then
-    ln -sf ../lib/llvm17/bin/clang /usr/bin/clang
+    ln -sf ../lib/llvm19/bin/clang /usr/bin/clang
 fi
 
 # On CentOS 7 aarch64, clang's resource dir isn't on the default include path,
 
@@ -34,7 +34,7 @@ CentOS:
         - php-7.0
   script:
     - cd dockerfiles/ci/centos/7
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_TOKEN" $CI_REGISTRY
+    - echo "$CI_REGISTRY_TOKEN" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
     - docker buildx bake --no-cache --pull --push $PHP_VERSION
 
 Alpine:
@@ -63,7 +63,7 @@ Alpine:
         - 7.0-alpine
   script:
     - cd dockerfiles/ci/alpine_compile_extension
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_TOKEN" $CI_REGISTRY
+    - echo "$CI_REGISTRY_TOKEN" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
     - docker buildx bake --no-cache --pull --push $PHP_VERSION
 
 Bookworm:
@@ -94,7 +94,7 @@ Bookworm:
         - php-7.0
   script:
     - cd dockerfiles/ci/bookworm
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_TOKEN" $CI_REGISTRY
+    - echo "$CI_REGISTRY_TOKEN" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
     - docker buildx bake --no-cache --pull --push $PHP_VERSION
 
 Buster:
@@ -125,5 +125,5 @@ Buster:
         - php-7.0
   script:
     - cd dockerfiles/ci/buster
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_TOKEN" $CI_REGISTRY
+    - echo "$CI_REGISTRY_TOKEN" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
     - docker buildx bake --no-cache --pull --push $PHP_VERSION
@@ -71,8 +71,13 @@
   image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6
   variables:
     KUBERNETES_CPU_REQUEST: 3
-    KUBERNETES_MEMORY_REQUEST: 4Gi
-    KUBERNETES_MEMORY_LIMIT: 4Gi
+    KUBERNETES_CPU_LIMIT: 3
+    KUBERNETES_MEMORY_REQUEST: 6Gi
+    KUBERNETES_MEMORY_LIMIT: 6Gi
+    KUBERNETES_HELPER_CPU_REQUEST: 1
+    KUBERNETES_HELPER_CPU_LIMIT: 1
+    KUBERNETES_HELPER_MEMORY_REQUEST: 3Gi
+    KUBERNETES_HELPER_MEMORY_LIMIT: 3Gi
   parallel:
     matrix:
       - PHP_MAJOR_MINOR: *all_minor_major_targets
 
@@ -48,13 +48,13 @@
 $asan_build_platforms = [
     [
         "triplet" => "x86_64-unknown-linux-gnu",
-        "image_template" => "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-%s_bookworm-6",
+        "image_template" => "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-%s_bookworm-7",
         "arch" => "amd64",
         "host_os" => "linux-gnu",
     ],
     [
         "triplet" => "aarch64-unknown-linux-gnu",
-        "image_template" => "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-%s_bookworm-6",
+        "image_template" => "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-%s_bookworm-7",
         "arch" => "arm64",
         "host_os" => "linux-gnu",
     ]
@@ -319,7 +319,7 @@
 
 "pecl build":
   stage: tracing
-  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-7.4_bookworm-6"
+  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-7.4_bookworm-7"
   tags: [ "arch:amd64" ]
   needs: [ "prepare code" ]
   script:
@@ -369,7 +369,7 @@
 <?php foreach ($arch_targets as $arch): ?>
 "aggregate tracing extension: [<?= $arch ?>]":
   stage: tracing
-  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-7.4_bookworm-6"
+  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-7.4_bookworm-7"
   tags: [ "arch:amd64" ]
   script: ls ./
   variables:
@@ -1136,7 +1136,7 @@
 
 "pecl tests":
   stage: verify
-  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_VERSION}_bookworm-6"
+  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_VERSION}_bookworm-7"
   tags: [ "arch:amd64" ]
   services:
     - !reference [.services, request-replayer]
@@ -1307,7 +1307,7 @@
   variables:
     VALGRIND: false
     ARCH: "<?= $arch ?>"
-    CONTAINER_SUFFIX: bookworm-6
+    CONTAINER_SUFFIX: bookworm-7
   needs:
     - job: "package loader: [<?= $arch ?>]"
       artifacts: true
 
@@ -43,7 +43,7 @@
         IMAGE_SUFFIX: _centos-7
   script:
     - if [ -d '/opt/rh/devtoolset-7' ]; then set +eo pipefail; source scl_source enable devtoolset-7; set -eo pipefail; fi
-    - if [ -f /sbin/apk ] && [ $(uname -m) = "aarch64" ]; then ln -sf ../lib/llvm17/bin/clang /usr/bin/clang; fi
+    - if [ -f /sbin/apk ] && [ $(uname -m) = "aarch64" ]; then ln -sf ../lib/llvm19/bin/clang /usr/bin/clang; fi
     - if [ -d '/opt/rh/devtoolset-7' ] && [ "$(uname -m)" = "aarch64" ]; then export BINDGEN_EXTRA_CLANG_ARGS="-I$(clang --print-resource-dir)/include"; fi
 
     - cd profiling
@@ -83,7 +83,7 @@
 "clippy NTS":
   stage: test
   tags: [ "arch:amd64" ]
-  image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6
+  image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7
   variables:
     KUBERNETES_CPU_REQUEST: 5
     KUBERNETES_MEMORY_REQUEST: 3Gi
@@ -102,7 +102,7 @@
 "Cargo test":
   stage: test
   tags: [ "arch:amd64" ]
-  image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-8.5_bookworm-5
+  image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-8.5_bookworm-7
   variables:
     KUBERNETES_CPU_REQUEST: 5
     KUBERNETES_MEMORY_REQUEST: 3Gi
 
@@ -21,7 +21,7 @@
       - IMAGE:
         - "datadog/dd-trace-ci:centos-7"
         - "datadog/dd-trace-ci:php-compile-extension-alpine"
-        - "datadog/dd-trace-ci:bookworm-6"
+        - "datadog/dd-trace-ci:bookworm-7"
   script:
     - if [ -f "/opt/libuv/lib/pkgconfig/libuv.pc" ]; then export PKG_CONFIG_PATH="/opt/libuv/lib/pkgconfig:$PKG_CONFIG_PATH"; fi
     - if [ -d "/opt/catch2" ]; then export CMAKE_PREFIX_PATH=/opt/catch2; fi
@@ -45,7 +45,7 @@
 "C components UBSAN":
   tags: [ "arch:amd64" ]
   stage: test
-  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:bookworm-6"
+  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:bookworm-7"
   needs: []
   script:
     - if [ -f "/opt/libuv/lib/pkgconfig/libuv.pc" ]; then export PKG_CONFIG_PATH="/opt/libuv/lib/pkgconfig:$PKG_CONFIG_PATH"; fi
@@ -69,7 +69,7 @@
 "Build & Test Tea":
   tags: [ "arch:amd64" ]
   stage: build
-  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6"
+  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7"
   parallel:
     matrix:
       - PHP_MAJOR_MINOR: *no_asan_minor_major_targets
@@ -98,7 +98,7 @@
 .tea_test:
   tags: [ "arch:amd64" ]
   stage: test
-  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6"
+  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7"
   interruptible: true
   rules:
     - if: $CI_COMMIT_BRANCH == "master"
@@ -122,7 +122,7 @@
   needs: []
   variables:
     PHP_MAJOR_MINOR: "<?= $all_minor_major_targets[count($all_minor_major_targets) - 1] ?>"
-  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6"
+  image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7"
   script:
     - |
       if ! command -v cc >/dev/null 2>&1 && ! command -v clang >/dev/null 2>&1 && ! command -v gcc >/dev/null 2>&1; then
@@ -157,6 +157,9 @@
   extends: .tea_test
   variables:
     PHP_MAJOR_MINOR: "<?= $major_minor ?>"
+<?php if ($switch_php_version == "debug-zts-asan"): ?>
+    ASAN_OPTIONS: "detect_stack_use_after_return=0"
+<?php endif; ?>
   needs:
     - job: "Build & Test Tea"
       parallel:
 
@@ -67,7 +67,7 @@ function before_script_steps($with_docker_auth = false) {
 "compile extension: debug":
   stage: compile
   tags: [ "arch:${ARCH}" ]
-  image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6
+  image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7
   parallel:
     matrix:
       - PHP_MAJOR_MINOR: *all_minor_major_targets
@@ -187,7 +187,7 @@ function before_script_steps($with_docker_auth = false) {
 .base_test:
   stage: test
   tags: [ "arch:${ARCH}" ]
-  image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6
+  image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7
   timeout: 60m
   interruptible: true
   rules:
@@ -311,6 +311,7 @@ function before_script_steps($with_docker_auth = false) {
     PHP_MAJOR_MINOR: "<?= $major_minor ?>"
     ARCH: "amd64"
     TEST_PHP_JUNIT: "${CI_PROJECT_DIR}/tmp/build_extension/artifacts/tests/php-tests.xml"
+    ASAN_OPTIONS: "abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1:detect_stack_use_after_return=0"
   script:
     - mkdir -p "${CI_PROJECT_DIR}/tmp/build_extension/artifacts/tests"
     - make test_c_observer
 
@@ -1,9 +1,9 @@
-set(_LLVM17_FORMAT /opt/homebrew/opt/llvm@17/bin/clang-format)
-if(EXISTS ${_LLVM17_FORMAT})
-    set(CLANG_FORMAT ${_LLVM17_FORMAT})
-    message(STATUS "Using Homebrew LLVM 17 clang-format: ${CLANG_FORMAT}")
+set(_LLVM19_FORMAT /opt/homebrew/opt/llvm@19/bin/clang-format)
+if(EXISTS ${_LLVM19_FORMAT})
+    set(CLANG_FORMAT ${_LLVM19_FORMAT})
+    message(STATUS "Using Homebrew LLVM 19 clang-format: ${CLANG_FORMAT}")
 else()
-    find_program(_CF_VERSIONED clang-format-17)
+    find_program(_CF_VERSIONED clang-format-19)
     if(NOT _CF_VERSIONED STREQUAL _CF_VERSIONED-NOTFOUND)
         set(CLANG_FORMAT ${_CF_VERSIONED})
     else()
@@ -14,15 +14,15 @@ else()
                 OUTPUT_VARIABLE _CF_VERSION
                 OUTPUT_STRIP_TRAILING_WHITESPACE
                 ERROR_QUIET)
-            if(_CF_VERSION MATCHES " 17\\.")
+            if(_CF_VERSION MATCHES " 19\\.")
                 set(CLANG_FORMAT ${_CF_UNVERSIONED})
             endif()
         endif()
     endif()
     if(NOT CLANG_FORMAT)
         set(CLANG_FORMAT ${CMAKE_CURRENT_LIST_DIR}/clang-tools/clang-format)
         if(NOT EXISTS ${CLANG_FORMAT})
-            message(STATUS "Cannot find clang-format version 17, either set CLANG_FORMAT or make it discoverable")
+            message(STATUS "Cannot find clang-format version 19, either set CLANG_FORMAT or make it discoverable")
             return()
         endif()
         message(STATUS "Using Docker-based clang-format wrapper: ${CLANG_FORMAT}")
 
@@ -1,17 +1,17 @@
-# Prefer a locally installed LLVM 17 run-clang-tidy (e.g. via brew install llvm@17)
+# Prefer a locally installed LLVM 19 run-clang-tidy (e.g. via brew install llvm@19)
 # over the Docker-based wrapper, since native execution avoids SDK incompatibilities.
-set(_LLVM17_BIN /opt/homebrew/opt/llvm@17/bin)
-set(_LLVM17_TIDY ${_LLVM17_BIN}/run-clang-tidy)
+set(_LLVM19_BIN /opt/homebrew/opt/llvm@19/bin)
+set(_LLVM19_TIDY ${_LLVM19_BIN}/run-clang-tidy)
 set(CLANG_TIDY_BINARY_OPT "")
-if(EXISTS ${_LLVM17_TIDY})
-    set(CLANG_TIDY ${_LLVM17_TIDY})
-    set(CLANG_TIDY_BINARY_OPT -clang-tidy-binary ${_LLVM17_BIN}/clang-tidy)
-    message(STATUS "Using Homebrew LLVM 17 run-clang-tidy: ${CLANG_TIDY}")
+if(EXISTS ${_LLVM19_TIDY})
+    set(CLANG_TIDY ${_LLVM19_TIDY})
+    set(CLANG_TIDY_BINARY_OPT -clang-tidy-binary ${_LLVM19_BIN}/clang-tidy)
+    message(STATUS "Using Homebrew LLVM 19 run-clang-tidy: ${CLANG_TIDY}")
 else()
-    find_program(_RCT_VERSIONED run-clang-tidy-17)
+    find_program(_RCT_VERSIONED run-clang-tidy-19)
     if(NOT _RCT_VERSIONED STREQUAL _RCT_VERSIONED-NOTFOUND)
         set(CLANG_TIDY ${_RCT_VERSIONED})
-        find_program(_CT_VERSIONED clang-tidy-17)
+        find_program(_CT_VERSIONED clang-tidy-19)
         if(NOT _CT_VERSIONED STREQUAL _CT_VERSIONED-NOTFOUND)
             set(CLANG_TIDY_BINARY_OPT -clang-tidy-binary ${_CT_VERSIONED})
         endif()
@@ -37,7 +37,7 @@ else()
     if(NOT CLANG_TIDY)
         set(CLANG_TIDY ${CMAKE_CURRENT_LIST_DIR}/clang-tools/run-clang-tidy)
         if(NOT EXISTS ${CLANG_TIDY})
-            message(STATUS "Cannot find clang-tidy version 17, either set CLANG_TIDY or make it discoverable")
+            message(STATUS "Cannot find clang-tidy version 19, either set CLANG_TIDY or make it discoverable")
             return()
         endif()
         message(STATUS "Using Docker-based run-clang-tidy wrapper: ${CLANG_TIDY}")