[Python] Set memory policy to "strict"

[guitargeek]

The ROOT Python interfaces have many memory leaks, which is a major pain
point for people using it for long-running scripts in batch jobs.

One source of memory leaks was indentified to be the "heuristic memory
policy" of cppyy. This means that cppyy assumes that every non-const
pointer member function argument was interpreted as the object taking
ownership if the argument.

For examle, take the non-owning RooLinkedList container. It has a
RooLinkedList::Add(RooAbsArg *arg) method. ROOT wrongly assumes that
this means the RooLinkedList takes ownership of arg, and it drops the
ROOT overship. Nobody feels responsible for deleting the object
anymore, and there is a memory leak or arg.

That particular leak was reported in this forum post:
https://root-forum.cern.ch/t/memory-leak-in-fits/56249

Function parameters of type T * are very common in ROOT, and only
rarely do they imply ownership transfer. So changing the memory policy
to "strict" would surely fix also many other memory leaks that are not
reported so far. In fact, upstream cppyy doesn't even have this
heuristic memory policy anymore! So moving ROOT also to the strict
memory policy closes the gap between ROOT and cppyy.

The potential drawback of this change are crashes in usercode if memory
is not properly managed. But these problems should either be fixed by:

• the user

• dedicated pythonizations for these methods to manage shared
  ownership via Python reference counters (i.e., setting the parameter
  as an attribute of the object that the member function was called
  on)

This follows up on PR #4294, in particular it reverts guitargeek@3a12063.

[vepadulano]

I'm coming back to this old PR, I still agree with my previous statement that this is the right direction, but I see more potential misunderstandings and issues creeping up. I'm thinking about approaches we could employ to mitigate them, e.g. by running also these changes in CMSSW CI, or by thinking about more Pythonizations to include (e.g. in TList), or by thinking about if we can add more warnings for users in situations that lead to dangling pointers.

Also, a question that becomes more important now, are all of these changes still required in light of the recent and future improvements to the cppyy we use?

[vepadulano]

This sounds counter-intuitive for a Python user, shall we perhaps discuss making it part of a TList pythonization?

[guitargeek]

The TList Pythonization is now implemented.

[vepadulano]

We should make this perhaps explicit at usage by also raising a warning from the function when calling it.

[guitargeek]

We learned from the ROOT workshop that our users also prefer clear deprecation and removal schedules. Should we aim for removing ROOT.SetMemoryPolicy in 6.42? If people really want to change the policy, they can still use the Cppyy API after the removal of the ROOT wrapper though, so there is an escape hatch that makes the removal seem a bit less drastic. Of course we don't mention that in the release notes 🙂

[guitargeek]

I have added a clear deprecation and removal warning to the release notes and to ROOT.SetMemoryPolicy() in the latest iteration of this PR.

[guitargeek]

Hi @vepadulano, thanks for coming back to this! Let's try to make progress then and merge this soon 🙂

I'm coming back to this old PR, I still agree with my previous statement that this is the right direction, but I see more potential misunderstandings and issues creeping up. I'm thinking about approaches we could employ to mitigate them, e.g. by running also these changes in CMSSW CI, or by thinking about more Pythonizations to include (e.g. in TList), or by thinking about if we can add more warnings for users in situations that lead to dangling pointers.

Good points. I'll address them once we see where we stand with a fresh CI run.

Also, a question that becomes more important now, are all of these changes still required in light of the recent and future improvements to the cppyy we use?

The upcoming cppyy rebase on libinterop is more happening in the backend, and we have no frontend development lined up that change the behavior of these memory heuristics. But what we should consider is that it's better to not change both backend and frontend too much in one release, because it makes potential regressions harder to fix. If we assume that the backend upgrade will hit in 6.42, then this means the best time to update the memory policy is now for 6.40. Otherwise, it would be wiser to wait for 6.44, but this is quite far away.

[guitargeek]

Hi @vepadulano, I have suggested a TList Pythonization now that might address your concerns.

The proposal is that when adding to owning TCollections (checked with IsOwner()), the ownership is always relinquished on the Python side, just like the old memory heuristics implied.

So that means that the behavior change is only for non-owning TCollections, which now add borrowed references instead of letting the elements leak when added from Python.

Is that an acceptable compromise? (no need to rush an answer, I still have to fix test failures with Python 3.14 for Fedora Rawhide 🙂 )

[vepadulano]

Thanks! I like the direction, I left a few more comments/questions.

[vepadulano]

The fact you are now calling both SetOwner(True) and SetOwner(False) in different unittests confuses me as to which is the default behaviour (in C++ and Python) of the TCollection family of classes.

[vepadulano]

Especially important for documentation and to address potential future user questions

[vepadulano]

So from the latest changes I guess that the default behaviour of TList is that it owns its elements, do you agree? I would have guessed the contrary judging by the TList destructor at

root/core/cont/src/TList.cxx

Lines 85 to 92 in e3fba69

	////////////////////////////////////////////////////////////////////////////////
	/// Delete the list. Objects are not deleted unless the TList is the
	/// owner (set via SetOwner()).
	TList::~TList()
	{
	Clear();
	}

. Is there maybe some difference between the C++ implementation and the Pythonization?

[guitargeek]

How did you infer that the default behavior is owning? Maybe I wrote something wrong somewhere? The default behavior is non-owning:

   ------------------------------------------------------------------
  | Welcome to ROOT 6.38.00                        https://root.cern |
  | (c) 1995-2025, The ROOT Team; conception: R. Brun, F. Rademakers |
  | Built for linuxx8664gcc on Nov 27 2025, 08:23:06                 |
  | From tags/6-38-00@6-38-00                                        |
  | With g++ (GCC) 15.2.0 std201703                                  |
  | Try '.help'/'.?', '.demo', '.license', '.credits', '.quit'/'.q'  |
   ------------------------------------------------------------------

root [0] TList l{};
root [1] l.IsOwner()
(bool) false
root [2]

[guitargeek]

The reason why I first do sc.SetOwner(True) is to make the list own the added elements. Then, I do SetOwner(False) after adding the elements, because some of the creates lists are implicitly transferring the ownership of the elements to another list, e.g. in these "append" unit tests.

[guitargeek]

BTW, I don't think that these T(Seq)Collection Pythonizations are used much in user code. They were silently introduced without tutorials, release notes, or documentation:

• [Exp PyROOT] Add TCollection and TIter pythonisations and tests #3298

In my opinion, Pythonizing these legacy classes is a dead end and misleading, because it seems we are encouraging the use of these legacy containers, while we are actually discouraging that. To me, these Pythonizations are a candiadate for deprecation and removal themselves (at least by ROOT 7).

[pcanal]

One usage is indirect. The T(Seq)Collection are used a 'lot' in the other interfaces.

[guitargeek]

Yes sure they are used in tons of interfaces. But I think it would be more Pythonic to Pythonize the constructor of these legacy collection so that they can be implicitly created from Python collections, instead of pythonizing the handling of the legacy collections themselves.

[vepadulano]

So from the latest changes I guess that the default behaviour of TList is that it owns its elements, do you agree? I would have guessed the contrary judging by the TList destructor at

root/core/cont/src/TList.cxx

Lines 85 to 92 in e3fba69

	////////////////////////////////////////////////////////////////////////////////
	/// Delete the list. Objects are not deleted unless the TList is the
	/// owner (set via SetOwner()).
	TList::~TList()
	{
	Clear();
	}

. Is there maybe some difference between the C++ implementation and the Pythonization?