Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

10.04.19 14:01, Victor Stinner пише: Disabling Py_TRACE_REFS by default in debug mode reduces the Python memory footprint. Py_TRACE_REFS costs 2 pointers per PyObject: 16 bytes on 64-bit platforms. Does not the memory allocator in debug mode have even larger cost per allocated block? ___

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

On Wed, Apr 10, 2019 at 1:50 PM Steve Dower wrote: > > On 10Apr2019 1227, Nathaniel Smith wrote: > > On Wed, Apr 10, 2019, 04:04 Victor Stinner > > wrote: > > I don't think that I ever used sys.getobjects(), whereas many projects > > use gc.get_objects() which

Re: [Python-Dev] PEP 590 discussion

On 2019-04-10 18:25, Petr Viktorin wrote: Hello! I've had time for a more thorough reading of PEP 590 and the reference implementation. Thank you for the work! And thank you for the review! I'd now describe the fundamental difference between PEP 580 and PEP 590 as: - PEP 580 tries to optimize

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

Le mer. 10 avr. 2019 à 21:45, Brett Cannon a écrit : >> Can anyone explain what pydebug builds are... for? Confession: I've never >> used them myself, and don't know why I would want to. > > There is a bunch of extra things done in a debug build, e.g. all freed memory > is blanked out with a kno

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

Le mer. 10 avr. 2019 à 20:09, Steve Dower a écrit : > > The main question is if anyone ever used Py_TRACE_REFS? Does someone > > use sys.getobjects() or PYTHONDUMPREFS environment variable? > > > > Using PYTHONDUMPREFS=1 on a debug build (with Py_TRACE_REFS) does > > simply crash Python 3.7 at exi

Re: [Python-Dev] (no subject)

On 2019-04-10 22:00, Terry Reedy wrote: On 4/10/2019 7:24 AM, Robert Okadar wrote: Hi community, I have developed a tkinter GUI component, Python v3.7. It runs very well in Linux but seeing a huge performance impact in Windows 10. While in Linux an almost real-time performance is achieved, in W

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

On 4/10/2019 2:45 PM, Steve Dower wrote: It's debug mode, and so you should expect less efficient memory and CPU usage. On my Windows machine, 'python -m test -ugui' takes about twice as long. That's why we have two modes - so that it's easier to debug issues. -- Terry Jan Reedy ___

Re: [Python-Dev] (no subject)

On 4/10/2019 7:24 AM, Robert Okadar wrote: Hi community, I have developed a tkinter GUI component, Python v3.7. It runs very well in Linux but seeing a huge performance impact in Windows 10. While in Linux an almost real-time performance is achieved, in Windows it is slow to an unusable level.

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

On 10Apr2019 1227, Nathaniel Smith wrote: On Wed, Apr 10, 2019, 04:04 Victor Stinner > wrote: I don't think that I ever used sys.getobjects(), whereas many projects use gc.get_objects() which is also available in release builds (not only in debug builds).

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

On Wed, Apr 10, 2019 at 12:30 PM Nathaniel Smith wrote: > On Wed, Apr 10, 2019, 04:04 Victor Stinner wrote: > >> Le mar. 9 avr. 2019 à 22:16, Steve Dower a >> écrit : >> > What are the other changes that would be required? >> >> I don't know. >> >> > And is there another >> > way to get the sam

Re: [Python-Dev] (no subject)

Hi Steven, Thank you for pointing me in the right direction. Will search for help on places you mentioned. Not sure how can we help you with developing the Python interpreter, as I doubt we have any knowledge that this project might use it. When I say 'we', I mean on my colleague and me. All the

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

On Wed, Apr 10, 2019, 04:04 Victor Stinner wrote: > Le mar. 9 avr. 2019 à 22:16, Steve Dower a écrit > : > > What are the other changes that would be required? > > I don't know. > > > And is there another > > way to get the same functionality without ABI modifications? > > Py_TRACE_REFS is a dou

Re: [Python-Dev] Need help to fix HTTP Header Injection vulnerability

On Wed, Apr 10, 2019 at 11:00 AM Ivan Pozdeev via Python-Dev < python-dev@python.org> wrote: > > On 10.04.2019 7:30, Karthikeyan wrote: > > Thanks Gregory. I think it's a good tradeoff to ensure this validation > only for URLs of http scheme. > > I also agree handling newline is little problematic

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

I recall finding memory leaks using this. (E.g. I remember a leak in Zope due to a cache that was never pruned.) But presumably gc.get_objects() would have been sufficient. (IIRC it didn't exist at the time.) On Wed, Apr 10, 2019 at 11:48 AM Steve Dower wrote: > On 10Apr2019 1109, Steve Dower w

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

On 10Apr2019 1109, Steve Dower wrote: On 10Apr2019 0401, Victor Stinner wrote: I think it's worthwhile if we can really get to debug and non-debug builds being ABI compatible. Getting partway there in this case doesn't seem to offer any benefits. Disabling Py_TRACE_REFS by default in debug mod

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

On 10Apr2019 0401, Victor Stinner wrote: Le mar. 9 avr. 2019 à 22:16, Steve Dower a écrit : What are the other changes that would be required? I don't know. And is there another way to get the same functionality without ABI modifications? Py_TRACE_REFS is a double linked list of *all* Pyt

Re: [Python-Dev] Need help to fix HTTP Header Injection vulnerability

On 10.04.2019 7:30, Karthikeyan wrote: Thanks Gregory. I think it's a good tradeoff to ensure this validation only for URLs of http scheme. I also agree handling newline is little problematic over the years and the discussion over the level at which validation should occur also prolongs some

Re: [Python-Dev] PEP 590 discussion

Hello! I've had time for a more thorough reading of PEP 590 and the reference implementation. Thank you for the work! Overall, I like PEP 590's direction. I'd now describe the fundamental difference between PEP 580 and PEP 590 as: - PEP 580 tries to optimize all existing calling conventions - P

Re: [Python-Dev] (no subject)

Hi Robert, This mailing list is for the development of the Python interpreter, not a general help desk. There are many other forums where you can ask for help, such as the comp.lang.python newsgroup, Stackoverflow, /r/python on Reddit, the IRC channel, and more. Perhaps you can help us though,

[Python-Dev] (no subject)

Hi community, I have developed a tkinter GUI component, Python v3.7. It runs very well in Linux but seeing a huge performance impact in Windows 10. While in Linux an almost real-time performance is achieved, in Windows it is slow to an unusable level. The code is somewhat stripped down from the o

Re: [Python-Dev] Need help to fix HTTP Header Injection vulnerability

> 1. Is there a library of URL / Header injection tests e.g. for fuzzing > that we could generate additional test cases with or from? https://github.com/swisskyrepo/PayloadsAllTheThings seems to contain payload related stuff but not sure how useful it is for URL parsing. > > 2. Are requests.get(

Re: [Python-Dev] No longer enable Py_TRACE_REFS by default in debug build

Le mar. 9 avr. 2019 à 22:16, Steve Dower a écrit : > What are the other changes that would be required? I don't know. > And is there another > way to get the same functionality without ABI modifications? Py_TRACE_REFS is a double linked list of *all* Python objects. To get this functionality, y

Re: [Python-Dev] Need help to fix HTTP Header Injection vulnerability

Hi, I dig into Python code history and the bug tracker. I would like to say that this issue is a work-in-progress since 2004. Different fixes have been pushed, but there are *A LOT* of open issues: https://bugs.python.org/issue30458#msg339846 I would suggest to discuss on https://bugs.python.org/

Re: [Python-Dev] Need help to fix HTTP Header Injection vulnerability

1. Is there a library of URL / Header injection tests e.g. for fuzzing that we could generate additional test cases with or from? 2. Are requests.get() and requests.post() also vulnerable? 3. Despite the much-heralded UNIX pipe protocols' utility, filenames containing newlines (the de-facto line