Why Python is like C++
tjreedy at udel.edu
Sat Dec 21 23:03:11 CET 2013
On 12/21/2013 10:10 AM, Roy Smith wrote:
> On the last large C++ project I worked on, we decided (i.e. obeyed a
> corporate mandate) to start using Coverity's static analysis tool on our
> 15 year old codebase. I learned a few things about static analysis then.
CPython was about that old when Coverity started giving us reports on
the C part of CPython (about 400000 loc). CPython is now essentially
free of errors detected by Coverity.
> 1) It finds bugs you would never find yourself.
Coverity apparently found several for CPython.
> 2) If your code does tricky things, you can fool the static analyzer,
> leading to false positives.
One can define code patterns that are false positives, to silence such
> Presumably, it also leads to false
> negatives, but you don't know about those :-(
We use unit tests to find logic bugs ;-).
> 3) If you're going to use static analysis, probably the best way is to
> start using it from day one. Trying to duct-tape a static analysis step
> into your development process for a legacy codebase is probably more
> effort than it's worth.
Some of the C coders on the development team thought it *was* for
CPython. The fact that CPython has been compiled for, say, 20 different
systems may have meant that it already depended less on
Terry Jan Reedy
More information about the Python-list