[Python-Dev] Coverity Scan (original) (raw)

Terry Reedy tjreedy at udel.edu
Fri Jul 26 01:24:34 CEST 2013

On 7/25/2013 6:56 PM, Christian Heimes wrote:

Am 26.07.2013 00:32, schrieb Terry Reedy:

# Since false positives should stay constant as true positives are reduced toward 0, false / all should tend toward 1 (100%) if I understand the ratio correctly.

Which I did not ;-).

About 40% of the dismissed cases are cause by a handful of issues. I have documented these issues as "known limitations" http://docs.python.org/devguide/coverity.html#known-limitations .

For example about 35 false positives are related to PyLongFromLong() and our small integer optimization. A correct modeling file would eliminate the false positive defects. My attempts don't work as hoped and I don't have access to all professional coverity tools to debug my trials.

Perhaps Coverity will help when doing an audit.

Nearly 20 false positives are caused by PyBuildValue("N"). I'm still astonished that Coverity understands Python's reference counting most of the time. :)

Did I mention that we have almost reached Level 3? All major defects

It is hard to measure the benefit of preventitive medicine, but I imagine that we should see fewer mysterious crashes and heisenbugs than we would have. In any case, Level 3 certification should help people promoting the use of Python in organizational settings, whether as employees or consultants.

have been dealt with (one of them locally on the test machine until Larry pushes his patch soonish), 4 of 7 minor issues must be closed and

.1 * 390 allows 3 defects (or 4 if they round up) -- astonishingly good!

our dismissed rate is just little over 20% (222 out of 1054 = 21%).

So merely verifying the 35 PyLong_FromLong dismissals will put us under. Thanks for clarifying the proper denominator -- all defects ever found. It seems obvious in retrospect, but I was focused on current stats, not the history.

-- Terry Jan Reedy

More information about the Python-Dev mailing list