[Python-Dev] Static analysis of CPython using coccinelle/spatch

David Malcolm dmalcolm at redhat.com
Wed Nov 18 20:09:52 CET 2009

On Tue, 2009-11-17 at 13:03 -0800, Brett Cannon wrote:
> On Mon, Nov 16, 2009 at 12:27, David Malcolm <dmalcolm at redhat.com> wrote:
> > Has anyone else looked at using Coccinelle/spatch[1] on CPython source
> > code?

> Running the tool over the code base and reporting the found bugs would
> be appreciated.

Discounting the false positives, the only issue it finds in python
itself (trunk) is the deliberate mistake in Modules/xxmodule.c

I also ran it on a random sample of extension modules and found some
real bugs (only reported downstream so far, within Fedora's bug
    - DBus python bindings assume in one place that "unsigned long" is
32 bits wide: https://bugzilla.redhat.com/show_bug.cgi?id=538225
    - MySQL-python assumes in one place that sizeof(int) ==
    - rpm.ps.append() uses unrecognized 'N' format specifier:

More information about the Python-Dev mailing list