| |
| Klocwork has a static analysis tool (K7) which is similar to Coverity. |
| They will run their tool on the Python source code on demand. |
| The results are available at: |
| |
| https://opensource.klocwork.com/ |
| |
| Currently, only Neal Norwitz has access to the analysis reports. Other |
| people can be added by request. |
| |
| K7 was first run on the Python 2.5 source code in mid-July 2006. |
| This is after Coverity had been making their results available. |
| There were originally 175 defects reported. Most of these |
| were false positives. However, there were numerous real issues |
| also uncovered. |
| |
| Each warning has a unique id and comments that can be made on it. |
| When checking in changes due to a K7 report, the unique id |
| as reported by the tool was added to the SVN commit message. |
| A comment was added to the K7 warning indicating the SVN revision |
| in addition to any analysis. |
| |
| False positives were also annotated so that the comments can |
| be reviewed and reversed if the analysis was incorrect. |
| |
| A second run was performed on 10-Aug-2006. The tool was tuned to remove |
| some false positives and perform some additional checks. ~150 new |
| warnings were produced, primarily related to dereferencing NULL pointers. |
| |
| Contact python-dev@python.org for more information. |
