31 lines
1.2 KiB
Plaintext
31 lines
1.2 KiB
Plaintext
|
|
Klocwork has a static analysis tool (K7) which is similar to Coverity.
|
|
They will run their tool on the Python source code on demand.
|
|
The results are available at:
|
|
|
|
https://opensource.klocwork.com/
|
|
|
|
Currently, only Neal Norwitz has access to the analysis reports. Other
|
|
people can be added by request.
|
|
|
|
K7 was first run on the Python 2.5 source code in mid-July 2006.
|
|
This is after Coverity had been making their results available.
|
|
There were originally 175 defects reported. Most of these
|
|
were false positives. However, there were numerous real issues
|
|
also uncovered.
|
|
|
|
Each warning has a unique id and comments that can be made on it.
|
|
When checking in changes due to a K7 report, the unique id
|
|
as reported by the tool was added to the SVN commit message.
|
|
A comment was added to the K7 warning indicating the SVN revision
|
|
in addition to any analysis.
|
|
|
|
False positives were also annotated so that the comments can
|
|
be reviewed and reversed if the analysis was incorrect.
|
|
|
|
A second run was performed on 10-Aug-2006. The tool was tuned to remove
|
|
some false positives and perform some additional checks. ~150 new
|
|
warnings were produced, primarily related to dereferencing NULL pointers.
|
|
|
|
Contact python-dev@python.org for more information.
|