Thomas Wouters | 0e3f591 | 2006-08-11 14:57:12 +0000 | [diff] [blame] | 1 | |
| 2 | Klocwork has a static analysis tool (K7) which is similar to Coverity. |
| 3 | They will run their tool on the Python source code on demand. |
| 4 | The results are available at: |
| 5 | |
| 6 | https://opensource.klocwork.com/ |
| 7 | |
| 8 | Currently, only Neal Norwitz has access to the analysis reports. Other |
| 9 | people can be added by request. |
| 10 | |
| 11 | K7 was first run on the Python 2.5 source code in mid-July 2006. |
| 12 | This is after Coverity had been making their results available. |
| 13 | There were originally 175 defects reported. Most of these |
| 14 | were false positives. However, there were numerous real issues |
| 15 | also uncovered. |
| 16 | |
| 17 | Each warning has a unique id and comments that can be made on it. |
| 18 | When checking in changes due to a K7 report, the unique id |
| 19 | as reported by the tool was added to the SVN commit message. |
| 20 | A comment was added to the K7 warning indicating the SVN revision |
| 21 | in addition to any analysis. |
| 22 | |
| 23 | False positives were also annotated so that the comments can |
| 24 | be reviewed and reversed if the analysis was incorrect. |
| 25 | |
Thomas Wouters | 00ee7ba | 2006-08-21 19:07:27 +0000 | [diff] [blame] | 26 | A second run was performed on 10-Aug-2006. The tool was tuned to remove |
| 27 | some false positives and perform some additional checks. ~150 new |
| 28 | warnings were produced, primarily related to dereferencing NULL pointers. |
| 29 | |
Thomas Wouters | 0e3f591 | 2006-08-11 14:57:12 +0000 | [diff] [blame] | 30 | Contact python-dev@python.org for more information. |