Change the future

Saturday 12:10 p.m.–12:40 p.m.

Death by a thousand leaks: what statically-analysing 370 Python extensions looks like

David Malcolm

Audience level:
Python Internals


What happens when you run a custom C static analysis tool ("cpychecker") on hundreds of Python extensions? I'll talk about the kinds of errors that my tool found, how to run it on your own code, and how to prevent memory leaks and crasher bugs in the C code of your Python extension modules.


gcc-with-cpychecker is a static analysis tool I've written that can automatically detect reference- counting bugs in the C code of Python extension modules (and various other mistakes).

I've run the tool on hundreds of Python extensions, and it has found hundreds of real bugs.


  • intro to the cpychecker tool
  • how to run the tool on your own code
  • the bugs that the tool found: an attempt to categorize the problems, and describe the patterns of common mistake that I ran into
  • recommendations on dealing with C and C++ from Python
  • Q&A