close
Sign in
Fact-checked by Grok 1 month ago

CPython

CPython is the reference implementation of the Python programming language.[[1]] Written in C and Python, it is the default and most widely used implementation, serving as the canonical version distributed on python.org.[[1]] As the original implementation developed by Guido van Rossum in the early 1990s, new language features typically appear in CPython first.[[2]] The latest stable release is Python 3.14.0, released on October 7, 2025.[[3]]

Design and Architecture

Core Components

CPython's architecture is composed of several interconnected core components that handle the processing and execution of Python code. The parser, implemented in the Parser/ directory, performs lexical analysis and syntactic parsing of source code to produce an Abstract Syntax Tree (AST), using files like Grammar/grammar.c for the grammar rules. The compiler, located in Python/compile.c, transforms the AST into bytecode instructions stored in code objects. The interpreter, or Python Virtual Machine (PVM), in Python/ceval.c, executes this bytecode through an evaluation loop that fetches and dispatches opcodes. Underpinning these is the object model, where all Python entities are represented as PyObject instances, enabling dynamic typing and polymorphism. Memory management combines immediate reference counting for most objects with a generational garbage collector (Python/gcmodule.c) to handle cyclic references.[4]

Bytecode Compilation

A Python compiler is the component in CPython that translates Python source code into bytecode, an intermediate format executed by the Python Virtual Machine (PVM). Python is considered an interpreted language because this compilation is automatic, hidden from the user, and no separate pre-compilation step is required—code runs directly via the interpreter. The process is: source code (.py) → compiler → bytecode (.pyc) → interpretation by the PVM. In contrast, third-party tools like Cython and Nuitka act as ahead-of-time compilers, converting Python code to C/C++ or native machine code for standalone executables.[5][6][7][8] CPython compiles Python source code into bytecode through a multi-stage process that ensures portability across platforms. The compilation begins with lexical analysis and parsing of the source code, which generates an Abstract Syntax Tree (AST) representing the program's structure. This AST is then transformed into bytecode instructions encapsulated within code objects, which include the sequence of operations, constants, and metadata such as variable names.[6] The entire process is handled by the compiler module in the CPython internals, invoked automatically when source files are imported or executed via functions like exec() or eval().[9] Bytecode in CPython consists of a sequence of opcodes, each representing a low-level operation that the Python Virtual Machine (PVM) can execute efficiently. Common opcodes include LOAD_FAST, which pushes a reference to a local variable onto the evaluation stack, and BINARY_ADD, which pops two values, adds them, and pushes the result back onto the stack. Since Python 3.6, each instruction occupies two bytes, with arguments following as needed, and the format is defined in the Include/opcode.h header file. To optimize repeated executions, compiled bytecode is cached in .pyc files alongside the source, containing a magic number for version compatibility and the marshaled code object.[10][5] Developers can inspect and analyze bytecode using the dis module, which provides tools to disassemble code objects into human-readable opcode sequences. For example, dis.dis() can print the bytecode for a function, revealing instructions like LOAD_FAST 0 followed by BINARY_ADD for a simple addition operation. This module is particularly useful for debugging and understanding the internal representation without accessing C source code.[10] The execution of bytecode occurs within an evaluation loop managed by the CPython interpreter. The core function PyEval_EvalFrameEx handles the interpretation of a frame object, which represents the execution context including the code object, locals, and stack. This function iteratively fetches opcodes, dispatches them to appropriate handlers, and manages the stack and exceptions until the frame completes.[11] It forms the heart of the PVM, enabling the step-by-step evaluation of bytecode in a controlled environment.

Concurrency Model

The Global Interpreter Lock (GIL) in CPython is a mutex that protects access to Python objects and interpreter internals, ensuring that only one thread executes Python bytecode at a time.[12] This mechanism serializes thread execution within a single interpreter instance, preventing multiple native threads from simultaneously modifying shared data structures. The GIL's primary rationale stems from CPython's implementation in C, where it simplifies memory management through reference counting by avoiding complex synchronization for atomic operations across threads.[12] It prevents race conditions in the interpreter's core, such as those involving object reference counts or the garbage collector, which could otherwise lead to memory corruption or crashes in a multi-threaded environment.[12] By centralizing control, the GIL reduces the overhead of fine-grained locking, making single-threaded performance more efficient while maintaining thread safety without requiring extensive changes to the C API.[12] To achieve parallelism despite the GIL, developers commonly use the multiprocessing module, which spawns separate OS processes, each running its own Python interpreter and thus its own GIL, allowing true parallel execution on multi-core systems for CPU-bound tasks. For I/O-bound workloads, the asyncio library provides asynchronous I/O via coroutines and an event loop within a single thread, where the GIL poses minimal contention since blocking operations are offloaded without thread switching. Recent developments have introduced experimental enhancements to CPython's concurrency model. Python 3.12 (released in October 2023) implemented a per-interpreter GIL via PEP 684, enabling sub-interpreters to each hold their own GIL, which facilitates isolated execution environments with reduced global contention.[13] Building on this, Python 3.13 (released in October 2024) added optional free-threading support through PEP 703, allowing builds configured with --disable-gil to run without the GIL entirely, though this mode remains experimental and requires compatible extensions for full functionality.[14][12]

Development History

Origins

CPython, the reference implementation of the Python programming language, was conceived and initially developed by Guido van Rossum in the late 1980s while he was working at the Centrum Wiskunde & Informatica (CWI), a national research institute for mathematics and computer science in the Netherlands.[15][16] Van Rossum began implementation in December 1989 during a Christmas holiday, motivated by the need for a more extensible scripting language to support system administration tasks on the Amoeba distributed operating system project at CWI.[15][17] The first public release, Python 0.9.0, occurred on February 20, 1991, introducing core features such as classes with inheritance, functions, exception handling, core data types including lists and dictionaries, and modules with documentation strings.[18] The design of Python drew significant influences from existing languages, particularly the ABC language, on which Van Rossum had worked from 1983 to 1987 at CWI, adopting its emphasis on structured programming and ease of use while addressing ABC's limitations in extensibility and file handling.[16][15] Additionally, Modula-3 inspired Python's module system and object-oriented features.[15] The language was named "Python" after the British comedy series Monty Python's Flying Circus, as Van Rossum was reading its published scripts at the time and sought a short, unique, and somewhat humorous name.[17] CPython's initial implementation was written in the C programming language to ensure portability and performance, targeting the Amoeba operating system but designed with cross-platform compatibility in mind from the outset.[15][17] It featured a simple virtual machine, parser, and runtime environment, prioritizing code readability through significant whitespace indentation for statement grouping and a focus on simplicity to make programming more accessible than in languages like C or shell scripting.[15] Early adoption grew through internal use at CWI and gradual public dissemination, culminating in the release of Python 1.0 on January 26, 1994, which marked the first stable public version and included enhancements like lambda functions, map, filter, and reduce for functional programming support.[18] This release solidified Python's foundation as an open-source project. By 2001, to formalize governance and support ongoing development, the Python Software Foundation (PSF) was established as a non-profit organization, announced on March 6 at the ninth Python Conference.[19]

Major Releases

CPython's major releases have progressively enhanced the Python language's capabilities, focusing on usability, performance, and modernity while maintaining its core philosophy of readability and simplicity. The Python 1.x series, released between 1994 and 1999, established the foundational structure of the language. Python 1.0, released on January 26, 1994, introduced key functional programming constructs such as lambda expressions, along with built-in functions like map(), filter(), and reduce(), enabling more expressive code for data transformations.[20] Subsequent releases in the series refined these elements; for instance, Python 1.5, released on December 31, 1997, introduced built-in package support for hierarchical modules, the assert statement for debugging, the re module for regular expressions, exception classes, and new standard library modules including threading for easier multithreading.[21] These early versions emphasized modular design and extensibility, setting the stage for Python's growth as a general-purpose language. Python 2.0, released on October 16, 2000, marked a significant evolution with the addition of list comprehensions, which provided a concise syntax for creating lists from iterables, inspired by functional languages like Haskell.[22] It also introduced optional cycle-detecting garbage collection to handle memory management for circular references more efficiently, and built-in support for Unicode strings to facilitate international text handling.[22] The series culminated in Python 2.7, released on July 3, 2010, which served as the final 2.x release and incorporated refinements from later development branches while prioritizing backward compatibility. Support for Python 2.7 was extended until January 1, 2020, allowing a gradual transition for legacy codebases.[23] Python 3.0, released on December 3, 2008, represented a deliberate break from backward compatibility to address long-standing design inconsistencies, earning it the nickname "Python 3000."[24] Notable changes included transforming print into a built-in function, implementing floor division for integers with the // operator (replacing true division in Python 2), and adopting Unicode as the default string type to simplify text processing.[24] These reforms aimed at a cleaner, more consistent language core, though they required significant porting efforts for existing code. The Python 3.x series continued to innovate through version 3.10. Python 3.5, released on September 13, 2015, introduced type hints through the typing module, enabling optional static type checking for better code reliability without runtime overhead, as outlined in PEP 484.[25][26] It also added the async and await keywords for native coroutine support, simplifying asynchronous programming patterns as specified in PEP 492.[25][27] By Python 3.10, released on October 4, 2021, structural pattern matching was implemented via the match statement and case clauses, allowing developers to destructure and match complex data structures in a readable manner, as detailed in PEP 634.[28] This feature enhanced control flow for tasks like parsing and validation, building on the series' emphasis on expressive syntax.

Recent Innovations

Python 3.11, released on October 24, 2022, introduced significant performance enhancements through the Faster CPython project, achieving an average speedup of 25% over Python 3.10 across various benchmarks.[29] A key innovation was the specializing adaptive interpreter outlined in PEP 659, which dynamically specializes bytecode for common operations like attribute access and binary operations, adapting to runtime patterns without requiring just-in-time compilation.[30] This approach targeted hotspots in real-world code, yielding up to 60% improvements in specific scenarios while maintaining compatibility. Building on this momentum, Python 3.12, released on October 2, 2023, advanced concurrency support with per-interpreter Global Interpreter Locks (GILs) as proposed in PEP 684, enabling isolated subinterpreters to operate with independent GILs for better parallelism in multi-threaded extensions.[13] Additionally, error messages were substantially improved, incorporating contextual suggestions for common mistakes, such as recommending standard library modules for undefined names, and enhancing traceback readability with better syntax highlighting and line information.[31] These changes reduced debugging time for developers by providing more actionable feedback directly from the interpreter.[13] Python 3.13, released in October 2024, marked a pivotal shift toward optional concurrency restrictions with an experimental free-threaded mode that disables the GIL entirely, allowing true multi-threaded execution on multi-core systems via the build option --disable-gil.[14] This mode, stabilized from prior experimental work, supports extensions compiled against it for improved scalability in CPU-bound tasks. Concurrently, an experimental just-in-time (JIT) compiler was merged into the core, initially focusing on simple optimizations like inline caching and loop unrolling to boost interpretive speed without altering the bytecode model.[14] The latest stable release, Python 3.14, arrived on October 7, 2025, with refinements to the JIT compiler, including broader platform support in official binaries for macOS and Windows, and optimizations that address previous overheads in non-trivial code paths.[32] Subinterpreter capabilities were further enhanced, building on per-interpreter GILs to allow seamless sharing of certain objects across isolated environments while preserving thread safety, facilitating advanced use cases like concurrent plugin loading.[32] Official free-threaded builds became a supported distribution option, encouraging adoption for performance-critical applications. Ongoing development of CPython occurs through the open-source repository at github.com/python/cpython, where contributors propose and review changes via the Python Enhancement Proposal (PEP) process, ensuring community-driven evolution of features like JIT maturation and GIL alternatives.

Distribution and Platforms

Official Releases

The official releases of CPython are managed by the Python core development team through a formalized process that produces source tarballs and coordinates community-built binaries, primarily distributed via the python.org website. This process, detailed in PEP 101, involves stages such as alpha and beta pre-releases, release candidates, and final stable versions, with automation tools handling tagging, building, and uploading to ensure consistency across platforms.[33][34] Users can obtain CPython via pre-built installers for Windows and macOS, which are signed for security and include options for system-wide or user-specific installation. For Unix-like systems and custom builds, source tarballs are downloaded from python.org, unpacked, and compiled using standard commands like ./configure && make followed by make install, requiring dependencies such as a C compiler and development libraries.[34][35] Version management on Windows is facilitated by the built-in py launcher, which allows users to specify and switch between installed Python versions via commands like py -3.12 or py -V:all to list available runtimes. On Unix-like systems, the third-party pyenv tool is commonly used to install, manage, and switch multiple Python versions per user or project, integrating seamlessly with shell environments. Additionally, the standard library module venv enables the creation of isolated virtual environments for projects, using python -m venv /path/to/env to bootstrap a self-contained setup with its own package directory and executable.[36][37][38] CPython is released under the Python Software Foundation License Version 2 (PSF-2.0), a permissive open-source license that grants non-exclusive, royalty-free rights to use, modify, distribute, and sublicense the software while requiring retention of copyright notices. This license ensures broad compatibility, including with the GNU General Public License, and applies to both the interpreter and its documentation.[16]

Operating System Integrations

CPython is deeply integrated into major Linux distributions, where it serves as a foundational component for system tools and user applications. In Ubuntu, the python3 package provides the default CPython interpreter, delivering version 3.12.3 in the latest long-term support release (Ubuntu 24.04 LTS), along with essential standard library modules and dependencies like libpython3-stdlib.[39] Fedora similarly includes CPython by default, with Python 3.13 as the system version in Fedora 41, optimized with compiler flags for enhanced performance and supporting seamless migration of pip-installed packages between releases.[40] Enterprise-oriented distributions prioritize stability; Red Hat Enterprise Linux (RHEL) 9 defaults to Python 3.9 for broad compatibility in production environments, while offering modular access to newer runtimes such as Python 3.11 (via the python3.11 package since RHEL 9.2) and Python 3.12 (since RHEL 9.4).[41] CentOS Stream 9, as a RHEL 9 derivative, mirrors this approach with Python 3.9 as the default, providing modular packages for Python 3.11 and 3.12 to ensure stability in long-term deployments.[41] On Windows, CPython integrates seamlessly through the Microsoft Store, allowing users to install the latest stable release—such as Python 3.13—without administrative privileges, with automatic updates and proper PATH configuration for the current user.[42] The accompanying py launcher facilitates version management, enabling commands like py -3.12 to invoke a specific CPython installation or py --list to enumerate available versions, which is particularly useful in multi-version setups.[36] For macOS, CPython is bundled with the Xcode Command Line Tools, providing a system-integrated version (typically Python 3.9, native on Apple Silicon) essential for development workflows and Apple ecosystem dependencies.[43] However, for installing Python 3.9 on macOS with Apple Silicon, the official python.org installer provides experimental ARM64 support starting from version 3.9.1 through a Universal 2 binary, which may fallback to Rosetta 2 or encounter compatibility issues; Python 3.9.0 lacks native ARM64 support and is Intel-only.[44][45] Homebrew or pyenv can be used to build native ARM64 versions of Python 3.9, though these are less polished than in newer versions like 3.13. Intel-only installers are available for older Intel-based Macs.[46][37] Users seeking the most recent releases, such as Python 3.13, can use the official python.org installer, which provides a universal2 binary with native ARM64 support for M-series chips on Apple Silicon, recommending macOS 11 or later for optimal compatibility.[47][48] Alternatively, Homebrew offers native ARM64 builds via the command brew install [email protected], ensuring access to the latest maintained CPython versions while respecting macOS's site-packages structure and virtual environment best practices.[49][50] For managing multiple versions, pyenv can be installed via Homebrew (brew install pyenv) and used to install and switch between Python versions, including 3.13, on a per-user or per-project basis.[37][48] Across these operating systems, maintenance emphasizes security and compatibility; distributions routinely apply backports for vulnerabilities identified by the Python Security Response Team, which triages issues and coordinates fixes for supported branches without requiring full upgrades.[51] The CPython 3.x series further supports this through its Stable ABI, a subset of the C API that guarantees binary compatibility for extensions across minor versions (e.g., from 3.9 to 3.13), provided they are compiled against the limited API defined in PEP 387.[52]

Cross-Platform Support

CPython is designed for high portability and can be compiled and run on a wide range of operating systems and hardware architectures. It supports Unix-like systems (including various Linux distributions, FreeBSD, and OpenBSD), Windows (via Visual Studio or MinGW), and macOS. Architecturally, it accommodates x86_64, ARM (including native ARM64 support for Apple Silicon that began experimentally with Python 3.9.1 and became more polished in later versions like 3.13, as well as for mobile devices), PowerPC, and others through configure scripts and build tools. This cross-platform capability is facilitated by the Autoconf-based build system for Unix and the distutils/setuptools for Windows, allowing developers to build from source tailored to specific environments. As of November 2025, CPython 3.14 includes enhanced support for experimental free-threading on multiple platforms.[53][36][54][12][47][44][55]

Alternative Implementations

JIT-Based Alternatives

JIT-based alternatives to CPython leverage just-in-time (JIT) compilation to generate machine code at runtime, offering substantial performance improvements over CPython's bytecode interpreter for computationally intensive workloads. These implementations translate frequently executed code paths into optimized native code, reducing interpretation overhead and enabling aggressive optimizations like inlining and loop unrolling. Unlike CPython, which executes Python bytecode directly through a virtual machine, JIT approaches profile runtime behavior to compile "hot" code, resulting in faster execution for long-running programs. PyPy is a prominent JIT-based Python implementation, built using the RPython toolchain—a restricted subset of Python designed for translation into efficient interpreters and compilers.[56] Its JIT compiler, generated automatically from the RPython interpreter, employs meta-tracing to capture and optimize execution traces of hot code paths, producing machine code that can outperform CPython by factors of 3x on average and up to 5-10x for certain CPU-bound tasks, such as numerical simulations or algorithmic computations.[57] PyPy maintains high compatibility with CPython's ecosystem, supporting most C extensions through the cpyext compatibility layer, which emulates the CPython C API to allow seamless integration of libraries like NumPy, though with potential performance penalties due to reference counting overhead.[56] Numba provides a specialized JIT solution for numerical and scientific computing, functioning as a library rather than a full interpreter replacement. It uses the LLVM compiler infrastructure to translate decorated Python functions—particularly those involving NumPy arrays—into optimized machine code, achieving speeds comparable to C or Fortran for array-oriented operations without requiring code rewrites in lower-level languages.[58] Focused on domains like data analysis and simulations, Numba supports parallelization via automatic SIMD vectorization and explicit threading, delivering 2-4x speedups in vectorized loops and broader acceleration in GPU-accelerated environments through CUDA integration.[58] Key differences between these JIT alternatives and CPython lie in their compilation strategies and concurrency handling. PyPy's tracing JIT records dynamic execution paths to generate specialized code, contrasting with CPython's static bytecode interpretation, which lacks runtime optimization and incurs repeated dispatch costs.[59] While both retain a global interpreter lock (GIL) to manage thread safety,[56]

VM-Based Alternatives

VM-based alternatives to CPython implement the Python language on established virtual machines such as the Java Virtual Machine (JVM) and the Common Language Runtime (CLR), enabling seamless interoperability with their respective ecosystems while hosting Python bytecode or equivalent representations. These implementations prioritize integration over standalone performance, allowing Python code to leverage vast libraries in Java or .NET environments, though they often sacrifice full compatibility with CPython's C extensions.[60][61][62] Jython is an implementation of Python that runs on the JVM, compiling Python code to Java bytecode for execution within Java applications. It provides direct access to Java classes and libraries from Python scripts, using constructs like from java.lang import System to invoke Java functionality, and supports embedding Python interpreters in Java via org.python.util.PythonInterpreter. This enables rapid prototyping and scripting in Java-heavy environments, such as enterprise software or Android development, where Python code can be 2-10 times shorter than equivalent Java. However, Jython is limited to Python 2.7 syntax and semantics in its stable releases, with ongoing work toward Python 3 support, and it lacks native support for CPython's C extensions due to the absence of a C runtime on the JVM.[60][63][60] IronPython, supporting Python 2.7 and 3.4, executes Python on the .NET CLR, preserving Python's dynamic typing while exposing .NET assemblies as Python modules through the clr module, such as clr.AddReference("System.Xml") to import and use C# libraries like System.Collections.Generic.List. This integration allows Python developers to call .NET APIs with familiar syntax, including method invocation and property access, and supports bidirectional interoperability where .NET applications can host IronPython scripts. Dynamic features like isinstance() work seamlessly with .NET types, making it suitable for .NET-based web services or desktop applications. Limitations include partial support for advanced .NET features like full COM interop or LINQ expression trees, and it requires .NET Core or Framework for cross-platform use.[61][64][65] GraalPy, formerly known as GraalPython, is a Python 3.12-compliant runtime (as of GraalVM 25, September 2025) built on GraalVM, a polyglot virtual machine that supports interoperability across languages like Java, JavaScript, and Ruby via the Polyglot API.[66] It allows Python code to import Java classes through the java module (e.g., import java.util.ArrayList) and interact with other languages using polyglot.eval(language="js", source="1 + 1"), facilitating mixed-language applications in data science or embedded systems. GraalPy supports embedding in Java via Maven/Gradle plugins and can generate native executables for standalone deployment, with automatic type conversions between Python and foreign objects. While it emulates some CPython C extensions, performance varies, and full compatibility is not guaranteed for all native modules.[62][67] These VM-based implementations are inherently platform-specific, tying Python to the Java or .NET ecosystems for enhanced enterprise interoperability, such as combining Python's data analysis capabilities with Java's scalability or .NET's GUI frameworks. However, they introduce trade-offs including slower startup times due to VM initialization—often longer than CPython's direct execution—and reduced compatibility with the broader CPython ecosystem, particularly C extensions that rely on platform-native code. Despite these, they excel in scenarios requiring tight integration, like polyglot microservices or legacy system extensions, where the interoperability benefits outweigh the overhead.[62][61][68]

Performance and Limitations

Optimization Efforts

Efforts to optimize CPython's performance began in the early 2000s with Psyco, a just-in-time (JIT) compiler extension developed by Armin Rigo that specialized Python code at runtime for pre-2.7 versions, achieving significant speedups in targeted workloads before being discontinued around 2010 due to maintenance challenges.[69] In 2009, Google launched Unladen Swallow, an LLVM-based optimization branch of CPython aimed at delivering up to 5x performance gains through JIT compilation while maintaining compatibility with Python 2.6, but the project was abandoned by 2011 after falling short of goals, encountering LLVM integration issues, and increasing memory usage.[70] The Faster CPython project, initiated in 2021 under the Python Steering Council with contributions from Microsoft and others, has driven systematic performance enhancements in recent releases.[71] A key outcome in Python 3.11 was the introduction of the specializing adaptive interpreter via PEP 659, which uses inline caching and superinstructions to optimize common operations like binary arithmetic, subscripting, and function calls based on runtime types, resulting in an average 25% speedup across the pyperformance benchmark suite compared to Python 3.10.[30][29] Complementing this, frame evaluation optimizations in 3.11 streamlined stack frames with lazy allocation and inlined Python function calls, reducing overhead and yielding up to 1.7x improvements in recursive scenarios.[29] Building on these, Python 3.13 introduced an experimental JIT compiler via PEP 744, which translates hot bytecode to optimized machine code using a copy-and-patch approach with LLVM and is disabled by default. The JIT uses approximately 10-20% more memory than the standard interpreter, with initial benchmarks showing modest speedups of up to 9% in some workloads, though often comparable to or slightly slower than the non-JIT interpreter; the goal is at least 5% overall improvement as development progresses, targeting further gains in loop-intensive code.[72][73] Developers commonly use built-in tools like cProfile for detailed deterministic profiling of execution times and call counts in long-running programs, and timeit for precise benchmarking of small code snippets to measure and validate these optimizations.[74]

Key Limitations

One of the primary limitations of CPython is the Global Interpreter Lock (GIL), which serializes access to Python objects, preventing true parallel execution of CPU-bound threads on multi-core systems. This restriction means that multi-threaded programs cannot fully utilize multiple processors for compute-intensive tasks, often resulting in performance that scales no better than single-threaded execution despite using multiple threads.[75] Workarounds such as multiprocessing incur significant overhead due to inter-process communication and memory duplication, making them less efficient for shared-data scenarios compared to native multi-threading in other languages. CPython's C extension modules face binary compatibility challenges across Python versions, as the C API evolves and can introduce breaking changes in minor releases, requiring recompilation for each new version. Prior to Python 3.2, the ABI was not stable, leading to frequent incompatibilities that disrupted extension deployment; although a stable ABI was introduced in PEP 384 to mitigate this from 3.2 onward, it excludes certain low-level functions and still demands careful versioning for full compatibility.[76] Recent efforts like PEP 809 propose further ABI stability for future releases starting with 3.15, but existing extensions may still encounter issues with free-threaded builds or platform-specific linkers.[77] The interpreter's startup time in CPython is notably slow for short-running scripts or command-line tools, often taking 8 to 100 milliseconds due to initialization of the virtual machine, loading of core modules, and site-specific configurations like .pth files. This cold-start latency becomes a bottleneck in serverless environments or frequent invocations, where it can dominate total execution time for simple programs. Efforts to optimize this, such as pre-warming the VM or lazy imports, have been proposed but remain partial solutions without fully addressing the underlying initialization overhead.[78] CPython's resource demands, including its full standard library and dynamic nature, make it unsuitable for resource-constrained mobile or embedded devices, where memory usage can exceed available RAM on microcontrollers and power efficiency is critical. In such environments, alternatives like MicroPython provide a lightweight subset optimized for IoT and low-power hardware, avoiding CPython's high footprint while retaining core Python syntax.[79] This limitation has driven adoption of specialized implementations for embedded applications, as CPython requires significant adaptations or stripping that compromise its standard features.[80] To address the GIL's drawbacks, Python 3.14 introduced official support for free-threaded builds via PEP 703, allowing users to disable the GIL at compile or runtime for better multi-core utilization in CPU-bound code, though it remains opt-in due to potential compatibility breaks with existing C extensions.[32] As of late 2025, this mode enhances performance for multi-threaded workloads by up to 2x on multi-core systems but introduces a 10-20% overhead in single-threaded scenarios and requires ongoing stability improvements.

Security

CPython and the wider Python ecosystem face ongoing security challenges, including vulnerabilities in the standard library and threats from malicious actors exploiting Python's popularity for malware distribution and supply-chain attacks. A significant vulnerability, CVE-2025-4517, affects the tarfile module in CPython versions 3.12 and later. It permits arbitrary filesystem writes outside the intended extraction directory when handling untrusted tar archives via functions such as TarFile.extractall() or TarFile.extract(). This flaw can lead to path traversal attacks, enabling potential arbitrary code execution or data compromise in applications that process untrusted archives.[81][82] In February 2026, security researchers reported CharlieKirk Grabber, a Python-based information stealer malware targeting Windows systems. Packaged as a PyInstaller executable, the malware collects sensitive data including browser credentials and cookies (from Chromium- and Gecko-based browsers), Discord authentication tokens and account metadata, Wi-Fi profiles, desktop screenshots, and gaming session data (e.g., Minecraft and Steam). Stolen data is compressed into a ZIP archive and exfiltrated to third-party file hosting services such as GoFile, with download links sent to attacker-controlled infrastructure via Discord webhooks or Telegram bots.[83] The Python Package Index (PyPI) has been targeted by threat actors, including the North Korea-linked Lazarus Group, which in early 2026 was observed distributing malicious packages as part of a campaign involving fake cryptocurrency and blockchain job recruitment schemes on platforms like LinkedIn and Reddit. These packages deliver remote access trojans (RATs) that collect system information, enumerate files and processes, and communicate with command-and-control servers.[84] To help mitigate supply-chain risks in the Python ecosystem, new auditing tools such as Skopos have emerged. Skopos acts as a zero-trust gatekeeper, intercepting pip and uv installations to perform static analysis and forensics on package metadata, blocking potentially malicious packages before installation.[85]

References

  1. 4. Execution model — Python 3.14.0 documentation
  2. https://docs.python.org/3/library/functions.html#exec
  3. dis — Disassembler for Python bytecode — Python 3.14.0 ...
  4. https://docs.python.org/3/glossary.html#term-bytecode
  5. The Very High Level Layer — Python 3.14.0 documentation
  6. PEP 703 – Making the Global Interpreter Lock Optional in CPython
  7. What's New In Python 3.12 — Python 3.14.0 documentation
  8. What's New In Python 3.13 — Python 3.14.0 documentation
  9. The Making of Python - Artima
  10. History and License — Python 3.14.0 documentation
  11. General Python FAQ — Python 3.14.0 documentation
  12. A Brief Timeline of Python
  13. Python Software Foundation: Press Release 6-Mar-2001
  14. Python Programming/Version history - Wikibooks, open books for an ...
  15. Releases | Python.org
  16. What's New in Python 2.0 — Python 3.14.0 documentation
  17. Sunsetting Python 2 | Python.org
  18. What's New In Python 3.0 — Python 3.14.0 documentation
  19. What's New In Python 3.5 — Python 3.14.0 documentation
  20. PEP 484 – Type Hints - Python Enhancement Proposals
  21. PEP 492 – Coroutines with async and await syntax | peps.python.org
  22. What's New In Python 3.10 — Python 3.14.0 documentation
  23. What's New In Python 3.11 — Python 3.14.0 documentation
  24. PEP 659 – Specializing Adaptive Interpreter | peps.python.org
  25. Python Release Python 3.12.0
  26. What's new in Python 3.14 — Python 3.14.0 documentation
  27. PEP 101 – Doing Python Releases 101 | peps.python.org
  28. Download Python | Python.org
  29. Python Setup and Usage
  30. 4. Using Python on Windows
  31. pyenv/pyenv: Simple Python version management - GitHub
  32. venv — Creation of virtual environments ... - Python documentation
  33. Ubuntu – Details of package python3 in noble
  34. [f41] Changes in Fedora 41 For Developers
  35. Chapter 2. Installing and using Python | Red Hat Enterprise Linux | 9
  36. Red Hat and Python — Victor Stinner's Notes 1.0 documentation
  37. Get started using Python on Windows for beginners - Microsoft Learn
  38. Why is Python included in Xcode Command Line Tools?
  39. Python - Homebrew Documentation
  40. Python Security | Python.org
  41. C API Stability — Python 3.14.0 documentation
  42. Frequently Asked Questions - PyPy documentation
  43. PyPy Speed
  44. Numba: A High Performance Python Compiler
  45. Applying a Tracing JIT to an Interpreter - PyPy
  46. Multicore Programming in PyPy and CPython
  47. Jython: Home
  48. IronPython .NET Integration
  49. GraalPy - Documentation - GraalVM
  50. https://jython.readthedocs.io/en/latest/
  51. IronPython.net /
  52. IronLanguages/ironpython3: Implementation of Python 3.x ... - GitHub
  53. GraalPy – A high-performance embeddable Python 3 runtime for Java
  54. Difference between various Implementations of Python
  55. Representation-based just-in-time specialization and the psyco ...
  56. PEP 3146 – Merging Unladen Swallow into CPython | peps.python.org
  57. Faster Python: Mark Shannon, author of newly endorsed plan ...
  58. PEP 744 – JIT Compilation | peps.python.org
  59. https://github.com/python/cpython/pull/113465
  60. The Python Profilers — Python 3.14.0 documentation
  61. What Is the Python Global Interpreter Lock (GIL)?
  62. PEP 384 – Defining a Stable ABI - Python Enhancement Proposals
  63. PEP 809 – Stable ABI for the Future | peps.python.org
  64. Reducing Python's startup time - LWN.net
  65. MicroPython - Python for microcontrollers
  66. MicroPython: An Intro to Programming Hardware in Python
  67. Python Releases for macOS
  68. Using Python on macOS
  69. [email protected] — Homebrew Formulae
  70. Python Release Python 3.9.1
  71. Python Release Python 3.9.0
  72. [email protected] — Homebrew Formulae
  73. Python Release Python 3.9.1
  74. Python Release Python 3.13.0
  75. Cython
  76. Nuitka
  77. CVE-2025-4517 Detail
  78. CVE-2025-4517 Affecting python3.12 package
  79. CharlieKirk GRABBER : A PYTHON-BASED INFOSTEALER
  80. Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
  81. Skopos Audit: A zero-trust gatekeeper that intercepts pip/uv

Table of Contents