/Misc/README.klocwork

http://unladen-swallow.googlecode.com/ · Unknown · 30 lines · 22 code · 8 blank · 0 comment · 0 complexity · 43e3430c4397b4a5cfac1297621e5a6a MD5 · raw file 

    

  1. Klocwork has a static analysis tool (K7) which is similar to Coverity.
    2. 

  2. They will run their tool on the Python source code on demand.
    3. 

  3. The results are available at:
    4. 

  4. 

  5.      https://opensource.klocwork.com/
    6. 

  6. 

  7. Currently, only Neal Norwitz has access to the analysis reports.  Other
    8. 

  8. people can be added by request.
    9. 

  9. 

  10. K7 was first run on the Python 2.5 source code in mid-July 2006.
    11. 

  11. This is after Coverity had been making their results available.
    12. 

  12. There were originally 175 defects reported.  Most of these
    13. 

  13. were false positives.  However, there were numerous real issues 
    14. 

  14. also uncovered.
    15. 

  15. 

  16. Each warning has a unique id and comments that can be made on it.
    17. 

  17. When checking in changes due to a K7 report, the unique id
    18. 

  18. as reported by the tool was added to the SVN commit message.
    19. 

  19. A comment was added to the K7 warning indicating the SVN revision
    20. 

  20. in addition to any analysis.
    21. 

  21. 

  22. False positives were also annotated so that the comments can
    23. 

  23. be reviewed and reversed if the analysis was incorrect.
    24. 

  24. 

  25. A second run was performed on 10-Aug-2006.  The tool was tuned to remove
    26. 

  26. some false positives and perform some additional checks.  ~150 new
    27. 

  27. warnings were produced, primarily related to dereferencing NULL pointers.
    28. 

  28. 

  29. Contact python-dev@python.org for more information.
    30.