[Python-Dev] About "Coverity Study Ranks LAMP Code Quality"

Fredrik Lundh fredrik at pythonware.com
Tue Mar 14 08:45:27 CET 2006


Neal Norwitz wrote:

> Their reports were high quality and accurate.

absolutely (which is why I'm surprised that someone's using the un-
reviewed numbers are a quality measure; guess I have to go back
and read the article to see who that was...)

> Of the false positives, it was difficult for the tool to determine that
> the condition they are checking really doesn't occur.  One example
> is doing a PyString_Check() then using PyString_AsString() (or Size).
> The tool complained that they could return NULL/negative number,
> which is true in general.

one favourite was a function that used both a return value and an
output argument, and used the following combinations to represent
the different outcomes:

    return=NULL; output=junk => out of memory
    return=junk; output=-1 => cannot do this
    return=pointer; output=value => did this, returned value bytes

i.e.

    p = function(..., &out);
    if (!p)
        return "out of memory";
    if (out == -1)
        use fallback algorithm
        return result;
    else {
        generate result
        free(p);
        return result;
    }

Coverity pointed out that in the out == -1 case, the calling code
never released the p pointer.

while it was easy to flag this as INVALID, I agree that the design
is a bit questionable; I'd probably change the function slightly to
make sure it always returns either NULL or a valid pointer:

    p = function(..., &out);
    if (!p) {
        if (out == -1)
            use fallback algorithm
            return result;
        }
        return "out of memory";
    }
    generate result
    free(p);
    return result;

anyway, this is of course related to why the raw coverity figures can
be grossly misleading: code that uses certain coding patterns may get
really bad figures, without being broken in any way whatsoever.

(on the other hand, you can treat the Coverity result as "even more
warnings than your (current) compiler can provide", and fix as many
false reports as you can, just for stylistic reasons).

</F>





More information about the Python-Dev mailing list