On 8/30/2013 8:18 AM, Christian Heimes wrote:
By the way Coverity Scan doesn't understand Python code. It can only
analyzes C, C++ and Java code.
Have you (or Coverity) thought about which, if any, of the C defect
categories apply to Python? (Assuming no use of ctypes ;-). Would it
make any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am 30.08.2013 01:24, schrieb Sturla Molden:
>
> Do the numbers add up?
>
> .005 defects in 1,000 lines of code is one defect in every 200,000
> lines of code.
>
> However they also claim that "to date, the Coverity Scan service
> has analyzed near
On 8/29/2013 7:24 PM, Sturla Molden wrote:
Do the numbers add up?
.005 defects in 1,000 lines of code is one defect in every 200,000 lines of
code.
However they also claim that "to date, the Coverity Scan service has analyzed nearly
400,000 lines of Python code and identified 996 new defects
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/29/2013 07:24 PM, Sturla Molden wrote:
>
> Do the numbers add up?
>
> .005 defects in 1,000 lines of code is one defect in every 200,000
> lines of code.
>
> However they also claim that "to date, the Coverity Scan service has
> analyzed near
Do the numbers add up?
.005 defects in 1,000 lines of code is one defect in every 200,000 lines of
code.
However they also claim that "to date, the Coverity Scan service has analyzed
nearly 400,000 lines of Python code and identified 996 new defects – 860 of
which have been fixed by the Pyth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am 30.08.2013 00:46, schrieb Antoine Pitrou:
> On Fri, 30 Aug 2013 00:10:27 +0200 Christian Heimes
> wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
>>
>> Hello,
>>
>> Coverity has published its "Coverity Scan Spotlight Python" a
>> coup
On Fri, 30 Aug 2013 00:10:27 +0200
Christian Heimes wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hello,
>
> Coverity has published its "Coverity Scan Spotlight Python" a couple
> of hours ago. It features a summary of Python's ecosystem, an
> interview with me about Python core
Great work, Christian!
On Thu, Aug 29, 2013 at 3:10 PM, Christian Heimes wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hello,
>
> Coverity has published its "Coverity Scan Spotlight Python" a couple
> of hours ago. It features a summary of Python's ecosystem, an
> interview with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello,
Coverity has published its "Coverity Scan Spotlight Python" a couple
of hours ago. It features a summary of Python's ecosystem, an
interview with me about Python core development and a defect report.
The report is awesome. We have reached a d
Am 26.07.2013 16:29, schrieb Brett Cannon:
> Have you tried asking for help from Coverity? They have been rather nice
> so far and they may be willing to just give us free help in getting the
> modeling file set up properly.
Yes, I'm in contact with Dakshesh. I was able to figure out one model
for
On Fri, Jul 26, 2013 at 7:29 AM, Christian Heimes wrote:
> Am 26.07.2013 14:56, schrieb Eli Bendersky:
> > Just a quick question - is there a chance to convince Coverity to detect
> > Python refcounting leaks in C API code :-) ? This could be useful not
> > only for Python but for extensions too.
Le Fri, 26 Jul 2013 16:29:59 +0200,
Christian Heimes a écrit :
> Coverity is able to detect some cases of refcount leaks. I don't know
> if the software is able to keep track of all reference counts. But it
> understands missing Py_DECREF() in error branches.
>
> For example:
>
> PyObject *n = P
On Fri, Jul 26, 2013 at 8:56 AM, Eli Bendersky wrote:
> Just a quick question - is there a chance to convince Coverity to detect
> Python refcounting leaks in C API code :-) ?
>
You can always ask. =)
> This could be useful not only for Python but for extensions too. As it
> stands now, Coveri
On Thu, Jul 25, 2013 at 6:56 PM, Christian Heimes wrote:
> Am 26.07.2013 00:32, schrieb Terry Reedy:
> > I found the answer here
> > https://docs.google.com/file/d/0B5wQCOK_TiRiMWVqQ0xPaDEzbkU/edit
> > Coverity Integrity Level 1 is 1 (defect/1000 lines)
> > Level 2 is .1 (we have passed that)
> >
Am 26.07.2013 14:56, schrieb Eli Bendersky:
> Just a quick question - is there a chance to convince Coverity to detect
> Python refcounting leaks in C API code :-) ? This could be useful not
> only for Python but for extensions too. As it stands now, Coverity's
> leak detection is Python must be pr
Just a quick question - is there a chance to convince Coverity to detect
Python refcounting leaks in C API code :-) ? This could be useful not only
for Python but for extensions too. As it stands now, Coverity's leak
detection is Python must be pretty weak because almost everything is done
via PyOb
On 7/25/2013 6:56 PM, Christian Heimes wrote:
Am 26.07.2013 00:32, schrieb Terry Reedy:
# Since false positives should stay constant as true positives are
reduced toward 0, false / all should tend toward 1 (100%) if I
understand the ratio correctly.
Which I did not ;-).
About 40% of the di
Am 26.07.2013 00:00, schrieb Terry Reedy:
>> http://www.coverity.com/company/press-releases/read/coverity-introduces-monthly-spotlight-series-for-coverity-scan-open-source-projects
>>
>
> The intention is to promote the best of open source to industry.
I think it's also a marketing tool. They lik
Am 26.07.2013 00:50, schrieb Antoine Pitrou:
> "Excellence"? The term is too weak, I would say "perfection" at least,
> but perhaps we should go as far as "divinity".
Don't forget that Python can offer lots of places to keep your bike
clean and dry ... *scnr*
__
Am 26.07.2013 00:32, schrieb Terry Reedy:
> I found the answer here
> https://docs.google.com/file/d/0B5wQCOK_TiRiMWVqQ0xPaDEzbkU/edit
> Coverity Integrity Level 1 is 1 (defect/1000 lines)
> Level 2 is .1 (we have passed that)
> Level 3 is .01 + no major defects + <20% (all all defects?) false
> po
On Thu, 25 Jul 2013 18:00:55 -0400
Terry Reedy wrote:
> On 7/25/2013 2:48 PM, Christian Heimes wrote:
> > Hello,
> >
> > this is an update on my work and the current status of Coverity Scan.
>
> Great work.
>
> >
> > Maybe you have noticed a checkins made be me that end with the line "CID
> > #"
On 7/25/2013 6:00 PM, Terry Reedy wrote:
Defect Density:0.05
= defects per thousand lines = 20/400
Anything under 1 is good. The release above reports Samba now at .6.
http://www.pcworld.com/article/2038244/linux-code-is-the-benchmark-of-quality-study-concludes.html
reports Linux 3.8 as
On 7/25/2013 2:48 PM, Christian Heimes wrote:
Hello,
this is an update on my work and the current status of Coverity Scan.
Great work.
Maybe you have noticed a checkins made be me that end with the line "CID
#". These are checkins that fix an issue that was discovered by the
static code ana
Hello,
this is an update on my work and the current status of Coverity Scan.
Maybe you have noticed a checkins made be me that end with the line "CID
#". These are checkins that fix an issue that was discovered by the
static code analyzer Coverity. Coverity is a commercial product but it's
a free
Am 08.09.2012 11:35, schrieb Stefan Krah:
> That sounds good in principle. I'm only worried that for casual readers
> of either the commit messages or the tracker issues the importance of
> the Coverity tool might be overstated.
>
> After all, 99.99% of issues are either found by developers themse
On Sat, Sep 8, 2012 at 6:41 AM, wrote:
>
> Zitat von Stefan Krah :
>
> After all, 99.99% of issues are either found by developers themselves or
>> by gcc, Visual Studio, Valgrind, etc. It just occurred to me that for
>> example
>> we don't credit other tools in commit messages.
>>
>
> I agree th
Zitat von Stefan Krah :
After all, 99.99% of issues are either found by developers themselves or
by gcc, Visual Studio, Valgrind, etc. It just occurred to me that for example
we don't credit other tools in commit messages.
I agree that Coverity doesn't need to be mentioned in commit message.
W
Christian Heimes wrote:
> IMHO it makes sense to define a workflow how we are going to handle
> Coverity issues. Each coverity issue has an identifier and can have
> information like an external reference and an action. I've seen that you
> have started to create bugs in our tracker. How about we
Am 06.09.2012 10:59, schrieb Stefan Krah:
> The mailing list would be nice especially if we could get the results in
> verbose text form, but I don't know if that's possible.
I've added my account to the notification list but I've not yet received
a mail as no new issue was introduced. Coverity al
Christian Heimes wrote:
> Coverity has some new features like notification of new possible issue
> and build steps. We could create a new mailing list for coverity scan
> builds and results, The mailing list should be exclusive to core devs as
> the issues may be security relevant.
The mailing li
Am 05.09.2012 18:56, schrieb Brett Cannon:
> And a thanks to Christian and Stefan for picking this up and running
> with it. I have not been the best keeper of this stuff as of late, but
> now that Christian, Stefan, and I all have admin access to the data we
> can spread the load so that none of u
And a thanks to Christian and Stefan for picking this up and running with
it. I have not been the best keeper of this stuff as of late, but now that
Christian, Stefan, and I all have admin access to the data we can spread
the load so that none of us become a bottleneck.
On Wed, Sep 5, 2012 at 12:5
Christian Heimes wrote:
> The people at Coverity are even faster than I hoped. I'm now in the
> possession of the Project password which mean I can upload the builds
> and add new users. I've already added Stefan and uploaded an
> instrumented build successfully:
>
> Your request for analysis of
Am 05.09.2012 14:43, schrieb Christian Heimes:
> I try to get everything in place by tomorrow so we have some time to
> check for bugs before the next RC is deployed.
The people at Coverity are even faster than I hoped. I'm now in the
possession of the Project password which mean I can upload the
Christian Heimes wrote:
> I try to get everything in place by tomorrow so we have some time to
> check for bugs before the next RC is deployed.
Fantastic. Thanks for pushing this forward!
> Stefan:
> Has Brett already requested an account for you or shall I request one
> for you?
Not yet, plea
Am 05.09.2012 14:45, schrieb Brett Cannon:
> I have not for no other reason than I had not thought about it.
Whatever, I wasn't even sure if Stefan has contacted you or asked for a
account in a public message. He might have proclaimed his wish in a
private mail.
Christian
On Wed, Sep 5, 2012 at 8:43 AM, Christian Heimes wrote:
> Am 03.09.2012 15:59, schrieb Christian Heimes:
> > It be nice if we get Coverity scans up and running this week to check
> > the upcoming release candidate for issues.
>
> Updates:
>
> - Noah has set up a VM for me on the PSF infrastructur
Am 03.09.2012 15:59, schrieb Christian Heimes:
> It be nice if we get Coverity scans up and running this week to check
> the upcoming release candidate for issues.
Updates:
- Noah has set up a VM for me on the PSF infrastructure. I've installed
the Coverity tools, build dependencies of Python and
Am 03.09.2012 16:27, schrieb Antoine Pitrou:
> You could ask infrastruct...@python.org for an account on an existing
> machine (dinsdale perhaps, it looks much less loaded now that some
> services have been migrated).
Thanks Antoine! I've contacted the infrastructure team.
Christian
__
On Mon, 03 Sep 2012 15:59:59 +0200
Christian Heimes wrote:
>
> It's easy, doesn't take much effort and can easily be automated, but
> somebody has to do it. The process should also be placed on the Python
> infrastructure and I don't have access. Secondly somebody has to contact
> Coverity to app
Hello everybody,
two weeks ago Stefan Krah asked for a current Coverity scan report.
Coverity has updated us to a new version with a new workflow. Before the
update Coverity pulled the code from our version control system. However
the latest version doesn't work that way. The code must be compiled
Neal Norwitz wrote:
>> For codeobject.c, line 327 should not be reachable.
...
Christian Heimes wrote:
> Please suppress the warning. I removed the last
> two lines and GCC complained ...
Either way, it would be worth adding a comment to the source code so
this doesn't come up again.
-jJ
___
On Jan 10, 2008 8:01 AM, Joseph Armbruster <[EMAIL PROTECTED]> wrote:
> I am not a developer but i'm interested in browsing it. Is it
> possible to be added?
Yes, I've added you to the list. I'll probably send the list off
tomorrow, so let me know if you would like to be added.
n
--
>
>
> On Ja
I am not a developer but i'm interested in browsing it. Is it
possible to be added?
On Jan 10, 2008 10:57 AM, Christian Heimes <[EMAIL PROTECTED]> wrote:
> Neal Norwitz wrote:
> > I think only Coverity can add people. You can send them a message if
> > you would like to be added: [EMAIL PROTECTE
Neal Norwitz wrote:
> I think only Coverity can add people. You can send them a message if
> you would like to be added: [EMAIL PROTECTED] Or you can send
> mail to me and I can forward along all the people that would like to
> be added.
>
> I'll wait a few days to collect names so I can batch u
Neal Norwitz wrote:
> For traceback.c, namebuf defined on line 155 should be moved out one
> block since filename is an alias to namebuf and it is used outside the
> current scope. I think this is unlikely to be a problem in practice,
> but is technically wrong and should be fixed.
Agreed, the ea
On Wed, Jan 09, 2008 at 09:11:21PM -0800, Neal Norwitz wrote:
> For mmapmodule.c, fd should be checked for -1 before calling stat on line
> 1064.
On looking at this, it doesn't seem like an actual problem. fstat(-1,
...) returns a -1 and errno is set to EBADF, 'bad file descriptor'.
/*
On Wed, Jan 09, 2008 at 09:11:21PM -0800, Neal Norwitz wrote:
> For mmapmodule.c, fd should be checked for -1 before calling stat on line
> 1064.
I'll fix the mmap problem.
--amk
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/
On Jan 9, 2008 9:08 AM, <[EMAIL PROTECTED]> wrote:
>
> I went to the run2 page:
>
> http://scan.coverity.com/rung2.html
>
> I shows 6 uninspected defects for Python. How do we see what they are?
> What is an uninspected defect? Any idea how the Coverity folks compute
> Defects/KLOC? For exa
On Jan 9, 2008 9:08 AM, <[EMAIL PROTECTED]> wrote:
>
> Christian> I read the announcement of the Python Users list and figured
> Christian> out that some of the other core developers might be
> Christian> interested in the news, too.
>
> Christian> Among other projects Python was u
On Jan 9, 2008 1:12 PM, Christian Heimes <[EMAIL PROTECTED]> wrote:
> Thomas Heller wrote:
> > Seems they are referring to the results of the rung 1 run (what ever 'rung'
> > means ;-).
> > With the account Neal made me some months ago, I can login on this page:
> >
> >http://scan.coverity.com
Christian Heimes schrieb:
> Thomas Heller wrote:
>> Seems they are referring to the results of the rung 1 run (what ever 'rung'
>> means ;-).
>> With the account Neal made me some months ago, I can login on this page:
>>
>>http://scan.coverity.com:7475/
>>
>> and see the scan results for Pyt
Thomas Heller wrote:
> Seems they are referring to the results of the rung 1 run (what ever 'rung'
> means ;-).
> With the account Neal made me some months ago, I can login on this page:
>
>http://scan.coverity.com:7475/
>
> and see the scan results for Python.
>
> Last run at 2007-12-27: 1
Guido van Rossum schrieb:
> On Jan 9, 2008 9:47 AM, Christian Heimes <[EMAIL PROTECTED]> wrote:
>> [EMAIL PROTECTED] wrote:
>> I shows 6 uninspected defects for Python. How do we see what they are?
>> > What is an uninspected defect? Any idea how the Coverity folks compute
>> > Defects/KLOC? For
[EMAIL PROTECTED] schrieb:
> Christian> I read the announcement of the Python Users list and figured
> Christian> out that some of the other core developers might be
> Christian> interested in the news, too.
>
> Christian> Among other projects Python was upgraded to Rung 2 on the
>
On Jan 9, 2008 9:47 AM, Christian Heimes <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> I shows 6 uninspected defects for Python. How do we see what they are?
> > What is an uninspected defect? Any idea how the Coverity folks compute
> > Defects/KLOC? For example, how does tcl manage to
[EMAIL PROTECTED] wrote:
I shows 6 uninspected defects for Python. How do we see what they are?
> What is an uninspected defect? Any idea how the Coverity folks compute
> Defects/KLOC? For example, how does tcl manage to get a 0.0 score?
I can't answer your question. I don't have access to the
Christian> I read the announcement of the Python Users list and figured
Christian> out that some of the other core developers might be
Christian> interested in the news, too.
Christian> Among other projects Python was upgraded to Rung 2 on the
Christian> Coverity Scan list: ht
Christian Heimes wrote:
> Joseph Armbruster wrote:
>> Christian,
>>
>> Is there any way you (or someone else) could post up the results? It
>> looks like you need a log in to check them out.
>
> I haven't figured out how to access the results.
>
> Who has a login and access to the site?
I know
Joseph Armbruster wrote:
> Christian,
>
> Is there any way you (or someone else) could post up the results? It
> looks like you need a log in to check them out.
I haven't figured out how to access the results.
Who has a login and access to the site?
Christian
_
I read the announcement of the Python Users list and figured out that
some of the other core developers might be interested in the news, too.
Among other projects Python was upgraded to Rung 2 on the Coverity Scan
list: http://scan.coverity.com/
Christian
61 matches
Mail list logo
