diff options
| author | Neal Norwitz <nnorwitz@gmail.com> | 2006-08-02 07:09:32 (GMT) |
|---|---|---|
| committer | Neal Norwitz <nnorwitz@gmail.com> | 2006-08-02 07:09:32 (GMT) |
| commit | 30eb9660b6f3f2613e4b3067bea8173274350658 (patch) | |
| tree | 8a5a503c9019d0645e108428f026cb5cc96c79e1 /Misc | |
| parent | 9b0ca79213f262daab54db21d6f3aa17b8dd86dd (diff) | |
| download | cpython-30eb9660b6f3f2613e4b3067bea8173274350658.zip cpython-30eb9660b6f3f2613e4b3067bea8173274350658.tar.gz cpython-30eb9660b6f3f2613e4b3067bea8173274350658.tar.bz2 | |
Add some explanation about Klocwork and Coverity static analysis
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/README.coverity | 22 | ||||
| -rw-r--r-- | Misc/README.klocwork | 26 |
2 files changed, 48 insertions, 0 deletions
diff --git a/Misc/README.coverity b/Misc/README.coverity new file mode 100644 index 0000000..f5e1bf6 --- /dev/null +++ b/Misc/README.coverity @@ -0,0 +1,22 @@ + +Coverity has a static analysis tool (Prevent) which is similar to Klocwork. +They run their tool on the Python source code (SVN head) on a daily basis. +The results are available at: + + http://scan.coverity.com/ + +About 20 people have access to the analysis reports. Other +people can be added by request. + +Prevent was first run on the Python 2.5 source code in March 2006. +There were originally about 100 defects reported. Some of these +were false positives. Over 70 issues were uncovered. + +Each warning has a unique id and comments that can be made on it. +When checking in changes due to a warning, the unique id +as reported by the tool was added to the SVN commit message. + +False positives were annotated so that the comments can +be reviewed and reversed if the analysis was incorrect. + +Contact python-dev@python.org for more information. diff --git a/Misc/README.klocwork b/Misc/README.klocwork new file mode 100644 index 0000000..a22715e --- /dev/null +++ b/Misc/README.klocwork @@ -0,0 +1,26 @@ + +Klocwork has a static analysis tool (K7) which is similar to Coverity. +They will run their tool on the Python source code on demand. +The results are available at: + + https://opensource.klocwork.com/ + +Currently, only Neal Norwitz has access to the analysis reports. Other +people can be added by request. + +K7 was first run on the Python 2.5 source code in mid-July 2006. +This is after Coverity had been making their results available. +There were originally 175 defects reported. Most of these +were false positives. However, there were numerous real issues +also uncovered. + +Each warning has a unique id and comments that can be made on it. +When checking in changes due to a K7 report, the unique id +as reported by the tool was added to the SVN commit message. +A comment was added to the K7 warning indicating the SVN revision +in addition to any analysis. + +False positives were also annotated so that the comments can +be reviewed and reversed if the analysis was incorrect. + +Contact python-dev@python.org for more information. |