[Python-Dev] Coverity Scan, Python upgraded to rung 2 (original) (raw)

Neal Norwitz nnorwitz at gmail.com
Thu Jan 10 06:11:21 CET 2008

On Jan 9, 2008 9:08 AM, <skip at pobox.com> wrote:

Christian> I read the announcement of the Python Users list and figured Christian> out that some of the other core developers might be Christian> interested in the news, too. Christian> Among other projects Python was upgraded to Rung 2 on the Christian> Coverity Scan list: http://scan.coverity.com/ I went to the run2 page: http://scan.coverity.com/rung2.html I shows 6 uninspected defects for Python. How do we see what they are? What is an uninspected defect? Any idea how the Coverity folks compute Defects/KLOC? For example, how does tcl manage to get a 0.0 score?

The 6 have been inspected by me and I never came to a conclusion of whether they were a problem or not. There are 3 things which should be fixed and I haven't gotten around to them. They are not a big deal:

Python/traceback.c line 177 Objects/codeobject.c line 322 Modules/mmapmodule.c line 1080

For traceback.c, namebuf defined on line 155 should be moved out one block since filename is an alias to namebuf and it is used outside the current scope. I think this is unlikely to be a problem in practice, but is technically wrong and should be fixed.

For codeobject.c, line 327 should not be reachable. I kinda like the code as it is even though it is currently dead. I never decided if I wanted to change that or suppress the warning.

For mmapmodule.c, fd should be checked for -1 before calling stat on line 1064.

The rest were not obvious problems to me, and I never returned to them.

n

More information about the Python-Dev mailing list