summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeal Norwitz <nnorwitz@gmail.com>2006-08-02 07:09:32 (GMT)
committerNeal Norwitz <nnorwitz@gmail.com>2006-08-02 07:09:32 (GMT)
commit30eb9660b6f3f2613e4b3067bea8173274350658 (patch)
tree8a5a503c9019d0645e108428f026cb5cc96c79e1
parent9b0ca79213f262daab54db21d6f3aa17b8dd86dd (diff)
downloadcpython-30eb9660b6f3f2613e4b3067bea8173274350658.zip
cpython-30eb9660b6f3f2613e4b3067bea8173274350658.tar.gz
cpython-30eb9660b6f3f2613e4b3067bea8173274350658.tar.bz2
Add some explanation about Klocwork and Coverity static analysis
-rw-r--r--Misc/README.coverity22
-rw-r--r--Misc/README.klocwork26
2 files changed, 48 insertions, 0 deletions
diff --git a/Misc/README.coverity b/Misc/README.coverity
new file mode 100644
index 0000000..f5e1bf6
--- /dev/null
+++ b/Misc/README.coverity
@@ -0,0 +1,22 @@
+
+Coverity has a static analysis tool (Prevent) which is similar to Klocwork.
+They run their tool on the Python source code (SVN head) on a daily basis.
+The results are available at:
+
+ http://scan.coverity.com/
+
+About 20 people have access to the analysis reports. Other
+people can be added by request.
+
+Prevent was first run on the Python 2.5 source code in March 2006.
+There were originally about 100 defects reported. Some of these
+were false positives. Over 70 issues were uncovered.
+
+Each warning has a unique id and comments that can be made on it.
+When checking in changes due to a warning, the unique id
+as reported by the tool was added to the SVN commit message.
+
+False positives were annotated so that the comments can
+be reviewed and reversed if the analysis was incorrect.
+
+Contact python-dev@python.org for more information.
diff --git a/Misc/README.klocwork b/Misc/README.klocwork
new file mode 100644
index 0000000..a22715e
--- /dev/null
+++ b/Misc/README.klocwork
@@ -0,0 +1,26 @@
+
+Klocwork has a static analysis tool (K7) which is similar to Coverity.
+They will run their tool on the Python source code on demand.
+The results are available at:
+
+ https://opensource.klocwork.com/
+
+Currently, only Neal Norwitz has access to the analysis reports. Other
+people can be added by request.
+
+K7 was first run on the Python 2.5 source code in mid-July 2006.
+This is after Coverity had been making their results available.
+There were originally 175 defects reported. Most of these
+were false positives. However, there were numerous real issues
+also uncovered.
+
+Each warning has a unique id and comments that can be made on it.
+When checking in changes due to a K7 report, the unique id
+as reported by the tool was added to the SVN commit message.
+A comment was added to the K7 warning indicating the SVN revision
+in addition to any analysis.
+
+False positives were also annotated so that the comments can
+be reviewed and reversed if the analysis was incorrect.
+
+Contact python-dev@python.org for more information.