Message 256265 - Python tracker (original) (raw)

Visual Studio comes with static analysis, enabled by /analyze (command line) or "Code analysis" in the project configuration dialog. Currently, none of the CPython projects in PCbuild have Code Analysis turned on, in any configuration.

I was going to write my first patch, for , but noticed this, ran a (partial) build with /analyze, and ended up filing three bugs instead (Issue25844, Issue25845, Issue25846) from bugs /analyze found.

There's quite a bad signal-to-noise ratio at the moment, as there's lots of variable shadowing, and there's lots of code that /analyze doesn't understand is benign (parsing a tuple into a variable confuses /analyze), but there is also lots of code that isn't obviously incorrect.

Of the code that's not obviously incorrect, /analyze usually complains about possibly out-of-bounds reads in very complex conditions, and I really can't tell. Some assertions would probably help.

Thoughts?