fix: thread-safety hardening of Configuration (cache and in-place mutation races)

[fgmacedo]

Summary

Fixes two thread-safety races in Configuration introduced indirectly by the
caching / no-copy fast paths added in 3.1.0 (#592). The sync engine is
documented as supporting concurrent reads of .configuration while another
thread sends events; both races violate that contract.

Race A — cached states could return None

Configuration.states checked self._cached is not None and then returned
self._cached. Another thread invalidating between the check and return
caused None to be returned and a TypeError in list(machine.configuration).
Fixed by snapshotting _cached and _cached_value locally before the
freshness check (commit d2ddf1e).

Race B — in-place mutation of the model's OrderedSet

Configuration.add() / discard() mutated the same OrderedSet reference
the model holds, in place, then rewrote the same ref. A concurrent reader
iterating that reference inside Configuration.states could crash with
RuntimeError: Set changed size during iteration, and the cache identity
check could briefly hand back a stale resolved set. Fixed by copy-on-write
in add and discard (commit 38f8eef).

Race B is only reachable when atomic_configuration_update=False
(the StateChart default, where parallel regions need it). The atomic path
used by StateMachine was never affected.

Tests

• tests/test_threading.py::TestThreadSafety::test_concurrent_send_and_read_configuration
  covers Race A.
• New test_concurrent_parallel_region_send_and_read exercises a parallel
  StateChart under concurrent writes and reads.
• New test_add_discard_produce_fresh_orderedset is a deterministic
  contract pin for copy-on-write (fails on pre-fix code without timing).

100% branch coverage on statemachine/configuration.py preserved.

Performance

Copy-on-write in add/discard reintroduces an O(n) shallow copy of the
active configuration on every state entry and exit. Median results
(macOS / Python 3.14, pytest-benchmark), 3.1.0 → 3.1.1:

Benchmark	3.1.0	3.1.1	Δ
test_parallel_region_events	175.2 μs	184.5 μs	+5.3%
test_many_transitions_reset	125.9 μs	139.5 μs	+10.9%
test_guarded_transitions	70.0 μs	75.7 μs	+8.2%
test_history_pause_resume	88.4 μs	91.4 μs	+3.4%
test_many_transitions_full_cycle	156.9 μs	162.1 μs	+3.3%
test_flat_self_transition	38.7 μs	39.1 μs	+1.0%

Overall 4.7x–7.7x event throughput vs 3.0.0 (declared in 3.1.0) is
unchanged.

Release

Lands as 3.1.1. See docs/releases/3.1.1.md.

Notes for reviewers

• Atomic mode (StateMachine default) was never affected, _write_to_model
  is already called with a fresh OrderedSet from the engine.
• The cache benefit from perf: optimize engine hot paths — 5x-7x event throughput improvement #592 is unchanged for reads; only add/discard
  now allocate a new typically 0–7-element OrderedSet per call.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (847f1d5) to head (b242a3b).

Additional details and impacted files

@@            Coverage Diff            @@
##           develop      #620   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           42        42           
  Lines         5027      5029    +2     
  Branches       812       812           
=========================================
+ Hits          5027      5029    +2     

Flag	Coverage Δ
unittests	100.00% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud