blob: 6d2f57fc73a007399393bb8007d49ba7fcdd0faf [file] [log] [blame]
Thomas Wouters0e3f5912006-08-11 14:57:12 +00001
2Klocwork has a static analysis tool (K7) which is similar to Coverity.
3They will run their tool on the Python source code on demand.
4The results are available at:
5
6 https://opensource.klocwork.com/
7
8Currently, only Neal Norwitz has access to the analysis reports. Other
9people can be added by request.
10
11K7 was first run on the Python 2.5 source code in mid-July 2006.
12This is after Coverity had been making their results available.
13There were originally 175 defects reported. Most of these
14were false positives. However, there were numerous real issues
15also uncovered.
16
17Each warning has a unique id and comments that can be made on it.
18When checking in changes due to a K7 report, the unique id
19as reported by the tool was added to the SVN commit message.
20A comment was added to the K7 warning indicating the SVN revision
21in addition to any analysis.
22
23False positives were also annotated so that the comments can
24be reviewed and reversed if the analysis was incorrect.
25
Thomas Wouters00ee7ba2006-08-21 19:07:27 +000026A second run was performed on 10-Aug-2006. The tool was tuned to remove
27some false positives and perform some additional checks. ~150 new
28warnings were produced, primarily related to dereferencing NULL pointers.
29
Thomas Wouters0e3f5912006-08-11 14:57:12 +000030Contact python-dev@python.org for more information.