|
Last change
on this file was 2, checked in by Yuri Dario, 15 years ago |
|
Initial import for vendor code.
|
-
Property svn:eol-style
set to
native
|
|
File size:
1.2 KB
|
| Line | |
|---|
| 1 |
|
|---|
| 2 | Klocwork has a static analysis tool (K7) which is similar to Coverity.
|
|---|
| 3 | They will run their tool on the Python source code on demand.
|
|---|
| 4 | The results are available at:
|
|---|
| 5 |
|
|---|
| 6 | https://opensource.klocwork.com/
|
|---|
| 7 |
|
|---|
| 8 | Currently, only Neal Norwitz has access to the analysis reports. Other
|
|---|
| 9 | people can be added by request.
|
|---|
| 10 |
|
|---|
| 11 | K7 was first run on the Python 2.5 source code in mid-July 2006.
|
|---|
| 12 | This is after Coverity had been making their results available.
|
|---|
| 13 | There were originally 175 defects reported. Most of these
|
|---|
| 14 | were false positives. However, there were numerous real issues
|
|---|
| 15 | also uncovered.
|
|---|
| 16 |
|
|---|
| 17 | Each warning has a unique id and comments that can be made on it.
|
|---|
| 18 | When checking in changes due to a K7 report, the unique id
|
|---|
| 19 | as reported by the tool was added to the SVN commit message.
|
|---|
| 20 | A comment was added to the K7 warning indicating the SVN revision
|
|---|
| 21 | in addition to any analysis.
|
|---|
| 22 |
|
|---|
| 23 | False positives were also annotated so that the comments can
|
|---|
| 24 | be reviewed and reversed if the analysis was incorrect.
|
|---|
| 25 |
|
|---|
| 26 | A second run was performed on 10-Aug-2006. The tool was tuned to remove
|
|---|
| 27 | some false positives and perform some additional checks. ~150 new
|
|---|
| 28 | warnings were produced, primarily related to dereferencing NULL pointers.
|
|---|
| 29 |
|
|---|
| 30 | Contact python-dev@python.org for more information.
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
