[Python-Dev] Coverity Scan Spotlight Python
Christian Heimes
christian at python.org
Fri Aug 30 14:18:17 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Am 30.08.2013 01:24, schrieb Sturla Molden:
>
> Do the numbers add up?
>
> .005 defects in 1,000 lines of code is one defect in every 200,000
> lines of code.
>
> However they also claim that "to date, the Coverity Scan service
> has analyzed nearly 400,000 lines of Python code and identified 996
> new defects – 860 of which have been fixed by the Python
> community."
Yes, the numbers add up.
The difference between 860 and 996 are false positive defects and code
that is intentionally written in a way, which looks suspicious to
Coverity Scan. I have documented the most common limitations in the
devguide [1].
By the way Coverity Scan doesn't understand Python code. It can only
analyzes C, C++ and Java code.
[1] Christian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJSII1+AAoJEMeIxMHUVQ1FNsIP/jmiMD8p39zHj8Ggb6NM1q9W
WotnQzM2vLE90s9VfewQB914u4rFjEtYVWD6P88QQEwdcrBfnMs/xvFBcyW/yuVd
EB57hTjqWKSgGdcFsKoAmlFtSzFTUtM3Yc4aiyYHwsn7vJPTbxAO/6GAToGhHeP6
96f0oXz4uqeM4RJNCbHPt57kHT9OUhsITiZ11rtlsYziGwpRKL5K7bd+bbh/HlPy
BDRVfU112vDjOiCRFGPlmMy2ShJabZwT5uZ4+0VGgGo5/Af3H3UU7pYw1cuwnjgh
CIv/jYFH8OgNvC+hwvai2OxQfH7aXtUhcSPUSOOmPUQ/pbkTMY65Ya2iIRtEoIrY
8FwayYTMzGkCkEZoS4HXO1wGNCcj3tM8ivGP89aJDpySYLmuJoLa5x/aNKKxyo+X
n9HT4BAkuYuFi1qQsPh9kW+FR4VCWTob7BSjOXrY7T8X6plon+fwFseQMkE8JUqI
ckwTJCHDIc23d/HiTNhI8Ank3v28JQLdVTIPYnSKU6YpxjDAO0J+BgExAHpAyVwZ
snEz9zVj/x4YRkUgxWwTMj/ctKDEpX9mehg5rytlWIaKUtPbTmR+aWxG06+TCd1c
dg0cEYso+tvVUAYfZX24dn/7NPrmkBHjGM0ph2PH0S+GcpHF861GvflaSwzQ/ceD
kYF3msFihRocFXfy8iNj
=Usp8
-----END PGP SIGNATURE-----
More information about the Python-Dev
mailing list