Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!xlned.com!feeder3.xlned.com!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'essentially': 0.04; 'patterns': 0.04; 'static': 0.04; 'cpython': 0.05; 'say,': 0.05; 'subject:Python': 0.06; 'coders': 0.09; 'logic': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'reports.': 0.09; 'subject:Why': 0.09; 'things,': 0.09; 'jan': 0.12; '(about': 0.16; ':-(': 0.16; 'detected': 0.16; 'finds': 0.16; 'for,': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'reedy': 0.16; 'roy': 0.16; 'silence': 0.16; 'wrote:': 0.18; 'trying': 0.19; 'meant': 0.20; 'tests': 0.22; 'header:User- Agent:1': 0.23; 'subject:like': 0.24; 'compiled': 0.26; 'define': 0.26; 'header:X-Complaints-To:1': 0.27; 'header:In-Reply-To:1': 0.27; 'on,': 0.29; 'am,': 0.29; 'errors': 0.30; 'then.': 0.30; 'code': 0.31; 'apparently': 0.31; 'yourself.': 0.31; 'probably': 0.32; 'worked': 0.33; '(i.e.': 0.33; 'bugs': 0.33; 'tool': 0.35; 'but': 0.35; 'c++': 0.36; 'false': 0.36; 'leads': 0.36; 'effort': 0.37; 'reports': 0.37; 'unit': 0.37; 'project': 0.37; 'step': 0.37; 'to:addr:python-list': 0.38; 'fact': 0.38; 'does': 0.39; 'to:addr:python.org': 0.39; 'received:org': 0.40; 'analysis,': 0.60; 'free': 0.61; 'received:173': 0.61; "you're": 0.61; 'such': 0.63; 'decided': 0.64; 'our': 0.64; 'more': 0.64; 'different': 0.65; 'corporate': 0.67; 'smith': 0.68; 'analysis': 0.75; 'day': 0.76; 'depended': 0.84; 'negatives,': 0.84; 'received:fios.verizon.net': 0.84; 'tricky': 0.84 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Terry Reedy Subject: Re: Why Python is like C++ Date: Sat, 21 Dec 2013 17:03:11 -0500 References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: pool-173-75-254-207.phlapa.fios.verizon.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 In-Reply-To: X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 38 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1387663424 news.xs4all.nl 2977 [2001:888:2000:d::a6]:59998 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:62515 On 12/21/2013 10:10 AM, Roy Smith wrote: > On the last large C++ project I worked on, we decided (i.e. obeyed a > corporate mandate) to start using Coverity's static analysis tool on our > 15 year old codebase. I learned a few things about static analysis then. CPython was about that old when Coverity started giving us reports on the C part of CPython (about 400000 loc). CPython is now essentially free of errors detected by Coverity. > 1) It finds bugs you would never find yourself. Coverity apparently found several for CPython. > 2) If your code does tricky things, you can fool the static analyzer, > leading to false positives. One can define code patterns that are false positives, to silence such reports. > Presumably, it also leads to false > negatives, but you don't know about those :-( We use unit tests to find logic bugs ;-). > 3) If you're going to use static analysis, probably the best way is to > start using it from day one. Trying to duct-tape a static analysis step > into your development process for a legacy codebase is probably more > effort than it's worth. Some of the C coders on the development team thought it *was* for CPython. The fact that CPython has been compiled for, say, 20 different systems may have meant that it already depended less on 'implementation-defined' behavior. -- Terry Jan Reedy