Why Python is like C++

Terry Reedy tjreedy at udel.edu
Sat Dec 21 23:03:11 CET 2013


On 12/21/2013 10:10 AM, Roy Smith wrote:

> On the last large C++ project I worked on, we decided (i.e. obeyed a
> corporate mandate) to start using Coverity's static analysis tool on our
> 15 year old codebase.  I learned a few things about static analysis then.

CPython was about that old when Coverity started giving us reports on 
the C part of CPython (about 400000 loc). CPython is now essentially 
free of errors detected by Coverity.

> 1) It finds bugs you would never find yourself.

Coverity apparently found several for CPython.

> 2) If your code does tricky things, you can fool the static analyzer,
> leading to false positives.

One can define code patterns that are false positives, to silence such 
reports.

>  Presumably, it also leads to false
> negatives, but you don't know about those :-(

We use unit tests to find logic bugs ;-).

> 3) If you're going to use static analysis, probably the best way is to
> start using it from day one.  Trying to duct-tape a static analysis step
> into your development process for a legacy codebase is probably more
> effort than it's worth.

Some of the C coders on the development team thought it *was* for 
CPython. The fact that CPython has been compiled for, say, 20 different 
systems may have meant that it already depended less on 
'implementation-defined' behavior.

-- 
Terry Jan Reedy




More information about the Python-list mailing list