[Python-Dev] Coverity Scan (original) (raw)
Eli Bendersky eliben at gmail.com
Fri Jul 26 14:56:25 CEST 2013
- Previous message: [Python-Dev] Coverity Scan
- Next message: [Python-Dev] Coverity Scan
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Just a quick question - is there a chance to convince Coverity to detect Python refcounting leaks in C API code :-) ? This could be useful not only for Python but for extensions too. As it stands now, Coverity's leak detection is Python must be pretty weak because almost everything is done via PyObject refcounts.
Eli
On Thu, Jul 25, 2013 at 11:48 AM, Christian Heimes <christian at python.org>wrote:
Hello,
this is an update on my work and the current status of Coverity Scan. Maybe you have noticed a checkins made be me that end with the line "CID #". These are checkins that fix an issue that was discovered by the static code analyzer Coverity. Coverity is a commercial product but it's a free service for some Open Source projects. Python has been analyzed by Coverity since about 2007. Guido, Neal, Brett, Stefan and some other developers have used Coverity before I took over. I fixed a couple of issues before 3.3 reached the RC phase and more bugs in the last couple of months. Coverity is really great and its web GUI is fun to use, too. I was able to identify and fix resource leaks, NULL pointer issues, buffer overflows and missing checks all over the place. Because it's a static analyzer that follows data-flows and control-flows the tool can detect issues in error paths that are hardly visited at all. I have started to document Coverity here: http://docs.python.org/devguide/coverity.html
Interview --------- A week ago I was contacted by Coverity. They have started a series of articles and press releases about Open Source projects that use their free service Coverity Scan, see
http://www.coverity.com/company/press-releases/read/coverity-introduces-monthly-spotlight-series-for-coverity-scan-open-source-projects Two days ago I had a lovely phone interview about my involvement in the Python project and our development style. They are going to release a nice article in a couple of weeks. In the mean time we have time to fix the remaining couple issues. We might be able to reach the highest coverity integrity level! I have dealt with all major issues so we just have to fix a couple of issues. Current stats ------------- Lines of Code: 396,179 Defect Density: 0.05 Total defects: 1,054 Outstanding: 21 (Coverity Connect shows less) Dismissed: 222 Fixed: 811 http://i.imgur.com/NoELjcj.jpg http://i.imgur.com/eJSzTUX.jpg open issues ----------- http://bugs.python.org/issue17899 http://bugs.python.org/issue18556 http://bugs.python.org/issue18555 http://bugs.python.org/issue18552 http://bugs.python.org/issue18551 http://bugs.python.org/issue18550 http://bugs.python.org/issue18528 Christian
Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/eliben%40gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20130726/f4ad2c13/attachment.html>
- Previous message: [Python-Dev] Coverity Scan
- Next message: [Python-Dev] Coverity Scan
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]