[Python-checkins] r51040 - python/trunk/Misc/README.coverity python/trunk/Misc/README.klocwork

neal.norwitz python-checkins at python.org
Wed Aug 2 09:09:33 CEST 2006 

Author: neal.norwitz
Date: Wed Aug  2 09:09:32 2006
New Revision: 51040

Added:
   python/trunk/Misc/README.coverity   (contents, props changed)
   python/trunk/Misc/README.klocwork   (contents, props changed)
Log:
Add some explanation about Klocwork and Coverity static analysis

Added: python/trunk/Misc/README.coverity
==============================================================================
--- (empty file)
+++ python/trunk/Misc/README.coverity	Wed Aug  2 09:09:32 2006
@@ -0,0 +1,22 @@
+
+Coverity has a static analysis tool (Prevent) which is similar to Klocwork.
+They run their tool on the Python source code (SVN head) on a daily basis.
+The results are available at:
+
+     http://scan.coverity.com/
+
+About 20 people have access to the analysis reports.  Other
+people can be added by request.
+
+Prevent was first run on the Python 2.5 source code in March 2006.
+There were originally about 100 defects reported.  Some of these
+were false positives.  Over 70 issues were uncovered.
+
+Each warning has a unique id and comments that can be made on it.
+When checking in changes due to a warning, the unique id
+as reported by the tool was added to the SVN commit message.
+
+False positives were annotated so that the comments can
+be reviewed and reversed if the analysis was incorrect.
+
+Contact python-dev at python.org for more information.

Added: python/trunk/Misc/README.klocwork
==============================================================================
--- (empty file)
+++ python/trunk/Misc/README.klocwork	Wed Aug  2 09:09:32 2006
@@ -0,0 +1,26 @@
+
+Klocwork has a static analysis tool (K7) which is similar to Coverity.
+They will run their tool on the Python source code on demand.
+The results are available at:
+
+     https://opensource.klocwork.com/
+
+Currently, only Neal Norwitz has access to the analysis reports.  Other
+people can be added by request.
+
+K7 was first run on the Python 2.5 source code in mid-July 2006.
+This is after Coverity had been making their results available.
+There were originally 175 defects reported.  Most of these
+were false positives.  However, there were numerous real issues 
+also uncovered.
+
+Each warning has a unique id and comments that can be made on it.
+When checking in changes due to a K7 report, the unique id
+as reported by the tool was added to the SVN commit message.
+A comment was added to the K7 warning indicating the SVN revision
+in addition to any analysis.
+
+False positives were also annotated so that the comments can
+be reviewed and reversed if the analysis was incorrect.
+
+Contact python-dev at python.org for more information.

More information about the Python-checkins mailing list