Python Code Auditing Tool

Neil Benn benn at cenix-bioscience.com
Wed Feb 2 05:14:18 EST 2005 

Diez B. Roggisch wrote:

>>I suppose that I am willing to lessen my expectations from _all_ to most.
>>;-) Regarding your example I could also do:
>>
>><
>>    
>>
<snip>

>>There is AFAIK only one language that this can de accomplished - java, and
>>that's because of these checked exceptions of theirs. But checked
>>exceptions are considered harmful:
>>
>>http://www.gcek.net/ref/books/sw/ooad/tip/#_Toc41169682
>>
>>I totally agree with that - in java, I tend to throw SystemExceptions to rid
>>myself of endless try/catch clauses that obscure the real problem.
>>
>>    
>>
<snip>
Hello,

   I'm afraid that the only reliable way to gather what exceptions are 
raised is to read docs and/or come up with test cases.  This has been a 
bugbear of mine in Python as it's not common to find a nice :Exceptions: 
IOError <desc>, IllegalArgumentError <desc> type of description in the docs.

    However if you want an incomplete test, you could parse the code and 
check for raises and retrieve the class name of the exception - however 
this would be patchy at best.  Therefore it would sort of negate the 
point of doing the analysis in the first place.

          Even in Java you cannot find every exception that will be 
thrown, only 'checked' exceptions but this is a percentage of all the 
exceptions (BTW why do you throw SystemException - it's a CORBA 
exception!  OK, it's a runtime exception but why not just simply extend 
RuntimeException?).  Also, if someone ever puts - catch (Exception e){} 
in their code they deserve to be kneecapped, IMHO the fault is with 
sloppy coding not with the supplied tools.

    Unfortunately its docs and testing again, that's why we get paid (if 
you're doing a job) or not paid (if you're doing it for fun!).  Although 
one language which comes closer is Eiffel which has require and ensure 
clauses on every method (following Meyer's Programming by contract 
philosophy).

Cheers,

Neil

-- 

Neil Benn
Senior Automation Engineer
Cenix BioScience
BioInnovations Zentrum
Tatzberg 46
D-01307
Dresden
Germany

Tel : +49 (0)351 4173 154
e-mail : benn at cenix-bioscience.com
Cenix Website : http://www.cenix-bioscience.com

More information about the Python-list mailing list