Umbrella issue: code review reports from cpython-review-toolkit #146103
Description
Bug report
What happened?
This is an umbrella issue for code review reports crafted using cpython-review-toolkit, covering ~350K lines of CPython C code in ~146 files (Modules/, Objects/, Python/).
The idea of this issue is that you read a report, find something you're interested in, and propose an issue based on that. If the issue is considered valid and worth fixing, you can then open a PR.
Some of the FIX-level bugs have already been collected in #146102, be sure to check that issue before picking a bug from the reports.
Edit: Some of the issues were found on alpha 6 and not confirmed in HEAD, be sure to check the issue reproduces on latest revision before investing time in it.
One important thing is that we used fewer agents than available when analyzing some of these files, so if you run the tool on a single file, it's probable it'll find more issues than present in the reports below.
Bug Classification
- FIX: Confirmed code defect requiring a fix (crash, leak, data corruption, wrong behavior)
- CONSIDER: Potential issue that may be acceptable depending on design intent
- POLICY: Code quality observation, not a correctness bug
| Directory | Files Analyzed | Lines of Code | FIX-level Bugs |
|---|---|---|---|
| Modules/ | ~47 modules | ~137,000 | ~120 |
| Objects/ | 49 files | ~117,000 | 18 |
| Python/ | ~50 files | ~93,000 | 31 |
| Total | ~146 files | ~347,000 | ~170 |
Methodology
- Automated agents: Specialized refcount-auditor and error-path-analyzer agents examined each file
- Manual verification: Promising findings validated by reading source code
- Crash reproducers: 35+ bugs confirmed with Python-level reproducers
- OOM injection:
_testcapi.set_nomemory()used to trigger allocation failures - ASan builds: AddressSanitizer-instrumented debug build for memory error detection
Tools Used
cpython-review-toolkitagents: refcount-auditor, error-path-analyzer, null-safety-scanner, memory-pattern-analyzer, gil-discipline-checker_testcapi.set_nomemory(N, 0)for persistent OOM injectionresource.setrlimit(RLIMIT_AS, ...)for non-ASan OOM testing- ASan-instrumented
--with-pydebugbuild
Report Gist Index
Summary Reports
These offer important information and insights on methodology and results.
| Gist | Report |
|---|---|
| CPython C Code Audit — Overview & Methodology | 00_overview |
| Modules/ Directory Audit — Summary Report | 01_modules_summary |
| Objects/ Directory Audit — Summary Report | 02_objects_summary |
| Python/ Directory Audit — Summary Report | 03_python_summary |
Modules/ Reports
Objects/ Reports
| Gist | Report |
|---|---|
| abstract.c + frameobject.c + odictobject.c | 3 FIX |
| Objects/ Batch 4A — Small-Medium Files | 4 FIX |
| Objects/ Batch 4B — Small Files (11 files) | 0 FIX |
| bytesobject.c + bytearrayobject.c | 0 FIX (refcount), 2 non-refcount issues noted |
| codeobject.c + object.c | 4 FIX |
| dictobject.c (8,337 lines) | 0 FIX |
| exceptions.c + memoryobject.c | 2 FIX |
| genobject.c + funcobject.c + descrobject.c | 0 FIX |
| listobject.c + setobject.c | 0 FIX |
| longobject.c (6,988 lines) | 0 FIX |
| obmalloc.c + unicode_format.c + unicode_writer.c + bytes_methods.c | 2 FIX |
| Objects/ Directory Review — Final Summary | objects_summary |
| typeobject.c (12,843 lines) | 3 FIX |
| typevarobject.c + floatobject.c + moduleobject.c + unicode_formatter.c | 0 FIX |
| unicodeobject.c (14,971 lines) | 0 FIX |
Python/ Reports
| Gist | Report |
|---|---|
| ceval.c + bltinmodule.c | python_ceval_bltinmodule |
| Compiler Pipeline (codegen + compile + symtable + flowgraph + assemble) | 6 FIX |
| crossinterp.c + pystate.c + marshal.c | 4 FIX |
| errors.c + _warnings.c + codecs.c + traceback.c + pythonrun.c | 1 FIX |
| hamt.c + context.c + gc.c + getargs.c | 2 FIX |
| import.c + sysmodule.c | 2 FIX |
| pylifecycle.c + initconfig.c + fileutils.c | 6 FIX |
| optimizer + specialize + instrumentation | 3 FIX |
| Small Python/ files batch | 4 FIX |
| Python/ Directory Review — Final Summary | python_summary |
These reports were created with Claude Opus 4.6, using the /cpython-review-toolkit:explore [file or directory] all deep command.
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.15.0a7+ (heads/main:e0f7c1097e1, Mar 17 2026, 18:10:52) [Clang 21.1.2 (2ubuntu6)