Summary

Backport of PR #499 to maint/3.2 for greenlet 3.2.6, targeting Python 3.9-3.13.

The previous backport (3.2.5 / PR #495) only guarded Python < 3.11 (#if !GREENLET_PY311), but the vulnerability exists on all Python versions: Py_IsFinalizing() is set AFTER atexit handlers complete inside Py_FinalizeEx. This PR removes all version guards and makes the fix unconditional.

Design

Two independent guards now protect all shutdown phases:

1. g_greenlet_shutting_down — an atexit handler registered at module init (LIFO = runs first) sets this flag. Covers the atexit phase of Py_FinalizeEx, where Py_IsFinalizing() is still False on all Python versions.

2. Py_IsFinalizing() — covers the GC collection and later phases of Py_FinalizeEx. A compatibility shim maps to _Py_IsFinalizing() on Python < 3.13.

These guards are checked in mod_getcurrent, PyGreenlet_GetCurrent, GreenletChecker, MainGreenletExactChecker, ContextExactChecker, clear_deleteme_list(), ThreadState::~ThreadState(), _green_dealloc_kill_started_non_main_greenlet, and ThreadState_DestroyNoGIL::AddPendingCall.

What changed vs the previous PR #500

The previous version of this PR had all guards wrapped in #if !GREENLET_PY311, making them completely inactive on Python 3.11-3.13. This update:

1. Removes all #if !GREENLET_PY311 guards — fixes are now unconditional across Python 3.9-3.13
2. Adds type checker guards — GreenletChecker, MainGreenletExactChecker, ContextExactChecker now have shutdown protection (these were missing entirely)
3. Adds 5 TDD-certified regression tests — verified RED on greenlet 3.3.2 (UNGUARDED) and GREEN with the fix across Python 3.10-3.14
4. Strengthens 3 smoke tests — assert getcurrent() still returns valid objects before greenlet's cleanup (guards against over-blocking)

What changed (files)

C++ shutdown guards (8 files)

Additional hardening

• clear_deleteme_list() uses std::swap (zero-allocation) instead of copying the PythonAllocator-backed vector
• The deleteme vector uses std::allocator (system malloc) instead of PyMem_Malloc
• ThreadState uses std::malloc/std::free instead of PyObject_Malloc
• clear_deleteme_list() preserves any pending Python exception around its cleanup loop

Tests (3 files)

• 5 new TDD-certified regression tests in test_interpreter_shutdown.py — verified RED on greenlet 3.3.2 and GREEN with fix across Python 3.10-3.14
• 3 strengthened smoke tests — assert getcurrent() still returns valid objects before cleanup
• Updated file docstring and section headers — organized 21 tests into 4 documented groups
• Fixed test_dealloc_catches_GreenletExit_throws_other — use sys.unraisablehook instead of stderr capture (pytest compatibility)
• Fixed test_version — skip gracefully on old setuptools

Other

• SPDX license identifier fixed: Python-2.0 → PSF-2.0
• Flaky USS memory test tolerance on Windows

TDD verification

Docker verification on Python 3.9 and 3.10 confirms both Test A (GC finalization) and Test B (atexit phase) return GUARDED on this branch.

Test plan

• Full local test suite: 159 passed, 1 skipped, 0 failed (pytest, Python 3.10)
• pylint: 10.00/10
• TDD RED/GREEN verification via Docker (Python 3.9 + 3.10)
• All 21 shutdown tests pass
• Full CI on all supported Python versions

Relationship to other PRs

• PR Fix SIGSEGV/SIGABRT during interpreter shutdown on Python < 3.11 #495 (merged): Original fix, only Python < 3.11, tests not TDD-certified
• PR Fix crashes during interpreter shutdown on all Python versions #499 (open, targets master): Universal fix for 3.3.3, this PR is the backport