Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Add some explanation about Klocwork and Coverity static analysis

This commit is contained in:
Neal Norwitz 2006-08-02 07:09:32 +00:00
parent 9b0ca79213
commit 30eb9660b6
2 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Misc/README.coverity Normal file
View File

@ -0,0 +1,22 @@
Coverity has a static analysis tool (Prevent) which is similar to Klocwork.
They run their tool on the Python source code (SVN head) on a daily basis.
The results are available at:
http://scan.coverity.com/
About 20 people have access to the analysis reports. Other
people can be added by request.
Prevent was first run on the Python 2.5 source code in March 2006.
There were originally about 100 defects reported. Some of these
were false positives. Over 70 issues were uncovered.
Each warning has a unique id and comments that can be made on it.
When checking in changes due to a warning, the unique id
as reported by the tool was added to the SVN commit message.
False positives were annotated so that the comments can
be reviewed and reversed if the analysis was incorrect.
Contact python-dev@python.org for more information.

26
Misc/README.klocwork Normal file
View File

@ -0,0 +1,26 @@
Klocwork has a static analysis tool (K7) which is similar to Coverity.
They will run their tool on the Python source code on demand.
The results are available at:
https://opensource.klocwork.com/
Currently, only Neal Norwitz has access to the analysis reports. Other
people can be added by request.
K7 was first run on the Python 2.5 source code in mid-July 2006.
This is after Coverity had been making their results available.
There were originally 175 defects reported. Most of these
were false positives. However, there were numerous real issues
also uncovered.
Each warning has a unique id and comments that can be made on it.
When checking in changes due to a K7 report, the unique id
as reported by the tool was added to the SVN commit message.
A comment was added to the K7 warning indicating the SVN revision
in addition to any analysis.
False positives were also annotated so that the comments can
be reviewed and reversed if the analysis was incorrect.
Contact python-dev@python.org for more information.