[Python-Dev] Coverity Scan
Christian Heimes
christian at python.org
Fri Jul 26 01:20:01 CEST 2013
Am 26.07.2013 00:00, schrieb Terry Reedy:
>> http://www.coverity.com/company/press-releases/read/coverity-introduces-monthly-spotlight-series-for-coverity-scan-open-source-projects
>>
>
> The intention is to promote the best of open source to industry.
I think it's also a marketing tool. They like to sell their product. I
don't have a problem with that. After all Coverity provides a useful
service for free that supplements our own debugging tools.
>> Lines of Code: 396,179
>
> C only? or does Python code now count as 'source code'?
It's just C code and headers. Coverity doesn't analyze Python code.
According to cloc Python has 296707 + 78126 == 374833 lines of code in C
and header files. I'm not sure why Coverity detects more.
>
>> Defect Density: 0.05
>
> = defects per thousand lines = 20/400
>
> Anything under 1 is good. The release above reports Samba now at .6.
> http://www.pcworld.com/article/2038244/linux-code-is-the-benchmark-of-quality-study-concludes.html
>
> reports Linux 3.8 as having the same for 7.6 million lines.
These are amazing numbers. Python is much smaller.
>
>> Total defects: 1,054
>> Outstanding: 21 (Coverity Connect shows less)
>> Dismissed: 222
>
> This implies that they accept our designation of some things as False
> Positives or Intentional. Does Coverity do any review of such
> designations, so a project cannot cheat?
What's the point of cheating? :)
I could dismiss any remaining defect as intentionally or false positive
but that would only harm ourselves. As you already pointed out Coverity
reserves the right to inspect dismissed bugs for their highest ranking.
I'm in the process of looking through all dismissed defects. Some of
them are relics of deleted files and removed code. Some other may go
away with proper modeling.
Christian
More information about the Python-Dev
mailing list