ABI compatibility checker for C/C++ shared libraries
Project description
abicheck
abicheck detects breaking changes in C/C++ shared libraries before they reach production. It compares two versions of a shared library — along with their public headers — and reports whether existing binaries will continue to work or break at runtime.
It catches removed or renamed symbols, changed function signatures, struct layout drift, vtable reordering, enum value reassignment, and many more — 183 ABI/API change types in total — that cause crashes, silent data corruption, or linker failures after a library upgrade.
Platforms: Linux (ELF), Windows (PE/COFF), macOS (Mach-O). Binary and header AST analysis on all platforms; debug-info cross-check uses DWARF (Linux, macOS) and PDB (Windows).
Full documentation: napetrov.github.io/abicheck
Installation
pip install abicheck
# or
conda install -c conda-forge abicheck
abicheck also needs castxml and a C++ compiler for header AST analysis (the conda-forge package pulls these in automatically). Without them, abicheck still works in binary-only mode. See Getting Started for per-platform setup and cross-compilation.
Naming note: this project (
napetrov/abicheckon PyPI) is distinct from distro-packaged tools with similar names (abi-compliance-checkerwrappers in Debiandevscripts, orabicheckin Fedora'slibabigail-tools). Runabicheck --versionto confirm — it should printabicheck X.Y.Z (napetrov/abicheck). If there is a conflict, invoke viapython -m abicheck.
Quick start
Compare two library versions:
abicheck compare libfoo.so.1 libfoo.so.2 \
--old-header include/v1/foo.h --new-header include/v2/foo.h
Save a baseline snapshot at release time, then compare every new build against it:
abicheck dump libfoo.so -H include/foo.h --version 1.0 -o baseline.json
abicheck compare baseline.json ./build/libfoo.so --new-header include/foo.h
Supported output formats: markdown (default), json, sarif, html, and junit.
abicheck compare old.so new.so -H foo.h --format sarif -o report.sarif
See Getting Started for the full tutorial and CLI Usage for the complete command reference.
Which command do I need?
| I want to… | Use |
|---|---|
| Check whether a library upgrade breaks existing consumers | abicheck compare |
| Compare a multi-library release (a co-versioned bundle, e.g. oneDAL) as a single bundle | abicheck compare-release |
| Check whether my application breaks with a new library version | abicheck appcompat |
| Validate a binary's full dependency stack across two sysroots | abicheck stack-check |
Drop-in replacement for abi-compliance-checker |
abicheck compat |
| Save a reusable ABI baseline snapshot | abicheck dump |
Exit codes
Use these to gate CI pipelines.
| Exit code | Verdict | Meaning |
|---|---|---|
0 |
NO_CHANGE / COMPATIBLE / COMPATIBLE_WITH_RISK |
Safe — no binary ABI break |
1 |
SEVERITY_ERROR |
Severity-driven error (with --severity-* flags) |
2 |
API_BREAK |
Source-level break (recompile needed, binary may still work) |
4 |
BREAKING |
Binary ABI break (old binaries will crash or misbehave) |
8 |
REMOVED_LIBRARY |
Library removed in new version (compare-release only) |
appcompat, stack-check, and compat use the same scheme with per-mode additions — see the full exit code reference.
GitHub Action
- uses: napetrov/abicheck@v0.3.0
with:
old-library: abi-baseline.json
new-library: build/libfoo.so
new-header: include/foo.h
format: sarif
upload-sarif: true
The action installs Python, castxml, and abicheck automatically. Outputs: verdict, exit-code, report-path. See the GitHub Action docs for matrix builds, cross-compilation, and gating flags (fail-on-breaking, fail-on-api-break).
Policies and suppressions
Policies classify detected changes (BREAKING, COMPATIBLE, …); suppressions silence known or intentional changes so they don't fail CI.
abicheck compare old.so new.so -H foo.h \
--policy sdk_vendor \
--suppress suppressions.yaml
Built-in profiles: strict_abi (default), sdk_vendor, plugin_abi. Custom YAML policies are supported, and the ABICC compat CLI accepts -symbols-list/-types-list whitelist flags.
Full references:
- Policy Profiles
- Suppressions (YAML schema, expiry, justification)
- Migrating from ABICC
Python API
from pathlib import Path
from abicheck.service import run_compare
result, old_snapshot, new_snapshot = run_compare(
old_input=Path("libfoo.so.1"),
new_input=Path("libfoo.so.2"),
old_headers=[Path("include/v1/foo.h")],
new_headers=[Path("include/v2/foo.h")],
)
print(result.verdict) # e.g. Verdict.BREAKING
print(len(result.changes)) # number of detected changes
See abicheck.service for the full signature, plus the MCP server integration for AI-agent workflows.
Examples
The examples/ directory contains 121 real-world ABI/API scenarios (116 single-library cases plus 5 multi-library bundle cases) with ground-truth verdicts. Most are single-library v1/v2 examples with a consumer app; bundle/release-level cases use release-style layouts. The full catalog is the development regression corpus; a smaller historical cross-tool subset is kept in the reference docs for release-to-release comparison with libabigail and ABICC.
Validation snapshot
The main validation target is the full 121-case catalog. To scan it for the current checkout:
python scripts/benchmark_comparison.py --suite all
The command writes benchmark_reports/benchmark_report.json with the selected suite, abicheck version, git commit, tool versions, the ground_truth.json SHA-256, and per-tool accuracy. Cases that require bundle/release harnesses or unavailable compiler features are marked as unscored instead of being folded into single-library verdict accuracy.
For apples-to-apples comparison with libabigail and ABICC, release workflows also run the historical pinned cross-tool subset (case01-case73 + case26b) and attach that report to GitHub Releases:
python scripts/benchmark_comparison.py --suite pinned74
Per-case matrix, methodology, full-catalog notes, and the pinned cross-tool comparison table: Tool Comparison & Benchmarks.
Documentation
- Start here: Getting Started
- User guide: CLI Usage · Application compatibility · Output formats · GitHub Action
- Concepts: Verdicts · Architecture · ABI/API Handling & Recommendations · Limitations
- Reference: Change Kinds · Exit Codes · Platforms · Tool Comparison
- Troubleshooting: Troubleshooting guide
Contributing
See CONTRIBUTING.md for setup, testing, code style, and PR workflow. Project status and roadmap: development/goals.md.
License
Licensed under the Apache License, Version 2.0. See LICENSE and NOTICE.md.
Copyright 2026 Nikolay Petrov
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file abicheck-0.3.0.tar.gz.
File metadata
- Download URL: abicheck-0.3.0.tar.gz
- Upload date:
- Size: 1.2 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a92123500cc2f4ad34d8e52ad0ec004f0b68ee0a6bc353f450b4224532f4529d
|
|
| MD5 |
e8d383e642815e6e637bbdfd9e4eeb40
|
|
| BLAKE2b-256 |
bd5977ea78f09d09255a7dd99a94b38ed226c8fb7feac2924076cbd23b13748f
|
Provenance
The following attestation bundles were made for abicheck-0.3.0.tar.gz:
Publisher:
publish.yml on napetrov/abicheck
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
abicheck-0.3.0.tar.gz -
Subject digest:
a92123500cc2f4ad34d8e52ad0ec004f0b68ee0a6bc353f450b4224532f4529d - Sigstore transparency entry: 1712084136
- Sigstore integration time:
-
Permalink:
napetrov/abicheck@519e5ed91372ae6ec23bb6e32ace87cc61103bb0 -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/napetrov
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@519e5ed91372ae6ec23bb6e32ace87cc61103bb0 -
Trigger Event:
release
-
Statement type:
File details
Details for the file abicheck-0.3.0-py3-none-any.whl.
File metadata
- Download URL: abicheck-0.3.0-py3-none-any.whl
- Upload date:
- Size: 595.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cc12d69a8b74fbbfe5cc977630c99cd8849b6663c49defd81a7fa4bf372d58ba
|
|
| MD5 |
7b93f1766895f288093a6f7035e224ad
|
|
| BLAKE2b-256 |
37bff4e30359e38f89c76a288a833dfbf7876ca7431a34e22cfef2b184ad2664
|
Provenance
The following attestation bundles were made for abicheck-0.3.0-py3-none-any.whl:
Publisher:
publish.yml on napetrov/abicheck
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
abicheck-0.3.0-py3-none-any.whl -
Subject digest:
cc12d69a8b74fbbfe5cc977630c99cd8849b6663c49defd81a7fa4bf372d58ba - Sigstore transparency entry: 1712084426
- Sigstore integration time:
-
Permalink:
napetrov/abicheck@519e5ed91372ae6ec23bb6e32ace87cc61103bb0 -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/napetrov
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@519e5ed91372ae6ec23bb6e32ace87cc61103bb0 -
Trigger Event:
release
-
Statement type: