equal
deleted
inserted
replaced
|
1 |
|
2 Klocwork has a static analysis tool (K7) which is similar to Coverity. |
|
3 They will run their tool on the Python source code on demand. |
|
4 The results are available at: |
|
5 |
|
6 https://opensource.klocwork.com/ |
|
7 |
|
8 Currently, only Neal Norwitz has access to the analysis reports. Other |
|
9 people can be added by request. |
|
10 |
|
11 K7 was first run on the Python 2.5 source code in mid-July 2006. |
|
12 This is after Coverity had been making their results available. |
|
13 There were originally 175 defects reported. Most of these |
|
14 were false positives. However, there were numerous real issues |
|
15 also uncovered. |
|
16 |
|
17 Each warning has a unique id and comments that can be made on it. |
|
18 When checking in changes due to a K7 report, the unique id |
|
19 as reported by the tool was added to the SVN commit message. |
|
20 A comment was added to the K7 warning indicating the SVN revision |
|
21 in addition to any analysis. |
|
22 |
|
23 False positives were also annotated so that the comments can |
|
24 be reviewed and reversed if the analysis was incorrect. |
|
25 |
|
26 A second run was performed on 10-Aug-2006. The tool was tuned to remove |
|
27 some false positives and perform some additional checks. ~150 new |
|
28 warnings were produced, primarily related to dereferencing NULL pointers. |
|
29 |
|
30 Contact python-dev@python.org for more information. |