cpython/Misc/README.klocwork

31 lines
1.2 KiB
Plaintext
Raw Normal View History

Klocwork has a static analysis tool (K7) which is similar to Coverity.
They will run their tool on the Python source code on demand.
The results are available at:
https://opensource.klocwork.com/
Currently, only Neal Norwitz has access to the analysis reports. Other
people can be added by request.
K7 was first run on the Python 2.5 source code in mid-July 2006.
This is after Coverity had been making their results available.
There were originally 175 defects reported. Most of these
were false positives. However, there were numerous real issues
also uncovered.
Each warning has a unique id and comments that can be made on it.
When checking in changes due to a K7 report, the unique id
as reported by the tool was added to the SVN commit message.
A comment was added to the K7 warning indicating the SVN revision
in addition to any analysis.
False positives were also annotated so that the comments can
be reviewed and reversed if the analysis was incorrect.
A second run was performed on 10-Aug-2006. The tool was tuned to remove
some false positives and perform some additional checks. ~150 new
warnings were produced, primarily related to dereferencing NULL pointers.
Contact python-dev@python.org for more information.