Why Python is like C++
Terry Reedy
tjreedy at udel.edu
Sat Dec 21 17:03:11 EST 2013
On 12/21/2013 10:10 AM, Roy Smith wrote:
> On the last large C++ project I worked on, we decided (i.e. obeyed a
> corporate mandate) to start using Coverity's static analysis tool on our
> 15 year old codebase. I learned a few things about static analysis then.
CPython was about that old when Coverity started giving us reports on
the C part of CPython (about 400000 loc). CPython is now essentially
free of errors detected by Coverity.
> 1) It finds bugs you would never find yourself.
Coverity apparently found several for CPython.
> 2) If your code does tricky things, you can fool the static analyzer,
> leading to false positives.
One can define code patterns that are false positives, to silence such
reports.
> Presumably, it also leads to false
> negatives, but you don't know about those :-(
We use unit tests to find logic bugs ;-).
> 3) If you're going to use static analysis, probably the best way is to
> start using it from day one. Trying to duct-tape a static analysis step
> into your development process for a legacy codebase is probably more
> effort than it's worth.
Some of the C coders on the development team thought it *was* for
CPython. The fact that CPython has been compiled for, say, 20 different
systems may have meant that it already depended less on
'implementation-defined' behavior.
--
Terry Jan Reedy
More information about the Python-list
mailing list