Message 256370 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Alexander Riccio
Recipients	Alexander Riccio, christian.heimes, loewis, paul.moore, r.david.murray, steve.dower, tim.golden, zach.ware
Date	2015-12-14.06:32:38
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1450074759.36.0.749217937059.issue25847@psf.upfronthosting.co.za>
In-reply-to

Content
> Is analyze something that can be used from the command line only, or does it require the GUI? You can do it from the command line - Chrome/chromium makes use of it as such. See: https://code.google.com/p/chromium/issues/detail?id=427616 The /analyze option is documented here: https://msdn.microsoft.com/en-us/library/ms173498.aspx /analyze:WX- Prevents compilation failure when compiling with /WX (warn as errors) and /analyze warnings are disabled the same way that normal warnings are. For example, /analyze an extremely large number of variable shadowing issues, which I think should be suppressed (as CPython's code base tolerates them?), to get to the more important issues. > Also, we aren't likely to make the code more complex in order to deal with shortcomings in analyze's algorithms I assume you're referring to the out-of-bounds in complex conditions? I can't imagine how making the code more complex would help :) > I'm surprised it is catching things that coverity doesn't. Every tool has its strengths and weaknesses; I am, however surprised that coverity didn't catch these issues, as they're common, and platform agnostic. /analyze can pick up many issues that coverity doesn't, simply because /analyze understands SAL, so it understands how the Windows API is supposed to be used. Also: Of the three issues that I opened, one is already fix, and two are in the pipeline. Impressive!

> Is analyze something that can be used from the command line only, or does it require the GUI?

You can do it from the command line - Chrome/chromium makes use of it as such.
See: https://code.google.com/p/chromium/issues/detail?id=427616


The /analyze option is documented here:
https://msdn.microsoft.com/en-us/library/ms173498.aspx

/analyze:WX- Prevents compilation failure when compiling with /WX (warn as errors) and /analyze warnings are disabled the same way that normal warnings are.

For example, /analyze an extremely large number of variable shadowing issues, which I think should be suppressed (as CPython's code base tolerates them?), to get to the more important issues. 


> Also, we aren't likely to make the code more complex in order to deal with shortcomings in analyze's algorithms

I assume you're referring to the out-of-bounds in complex conditions? I can't imagine how making the code *more* complex would help :)


> I'm surprised it is catching things that coverity doesn't.

Every tool has its strengths and weaknesses; I am, however surprised that coverity didn't catch these issues, as they're common, and platform agnostic.

/analyze can pick up many issues that coverity doesn't, simply because /analyze understands SAL, so it understands how the Windows API is supposed to be used.

Also: Of the three issues that I opened, one is already fix, and two are in the pipeline. Impressive!

History
Date	User	Action	Args
2015-12-14 06:32:39	Alexander Riccio	set	recipients: + Alexander Riccio, loewis, paul.moore, christian.heimes, tim.golden, r.david.murray, zach.ware, steve.dower
2015-12-14 06:32:39	Alexander Riccio	set	messageid: <1450074759.36.0.749217937059.issue25847@psf.upfronthosting.co.za>
2015-12-14 06:32:39	Alexander Riccio	link	issue25847 messages
2015-12-14 06:32:38	Alexander Riccio	create