[Python-Dev] Coverity Scan
Terry Reedy
tjreedy at udel.edu
Fri Jul 26 01:24:34 CEST 2013
On 7/25/2013 6:56 PM, Christian Heimes wrote:
> Am 26.07.2013 00:32, schrieb Terry Reedy:
>> # Since false positives should stay constant as true positives are
>> reduced toward 0, false / all should tend toward 1 (100%) if I
>> understand the ratio correctly.
Which I did not ;-).
> About 40% of the dismissed cases are cause by a handful of issues. I
> have documented these issues as "known limitations"
> http://docs.python.org/devguide/coverity.html#known-limitations .
>
> For example about 35 false positives are related to PyLong_FromLong()
> and our small integer optimization. A correct modeling file would
> eliminate the false positive defects. My attempts don't work as hoped
> and I don't have access to all professional coverity tools to debug my
> trials.
Perhaps Coverity will help when doing an audit.
> Nearly 20 false positives are caused by Py_BuildValue("N"). I'm still
> astonished that Coverity understands Python's reference counting most of
> the time. :)
>
> Did I mention that we have almost reached Level 3? All major defects
It is hard to measure the benefit of preventitive medicine, but I
imagine that we should see fewer mysterious crashes and heisenbugs than
we would have. In any case, Level 3 certification should help people
promoting the use of Python in organizational settings, whether as
employees or consultants.
> have been dealt with (one of them locally on the test machine until
> Larry pushes his patch soonish), 4 of 7 minor issues must be closed and
.1 * 390 allows 3 defects (or 4 if they round up) -- astonishingly good!
> our dismissed rate is just little over 20% (222 out of 1054 = 21%).
So merely verifying the 35 PyLong_FromLong dismissals will put us under.
Thanks for clarifying the proper denominator -- all defects ever found.
It seems obvious in retrospect, but I was focused on current stats, not
the history.
--
Terry Jan Reedy
More information about the Python-Dev
mailing list