-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 30.08.2013 01:24, schrieb Sturla Molden: > > Do the numbers add up? > > .005 defects in 1,000 lines of code is one defect in every 200,000 > lines of code. > > However they also claim that "to date, the Coverity Scan service > has analyzed nearly 400,000 lines of Python code and identified 996 > new defects – 860 of which have been fixed by the Python > community."
Yes, the numbers add up. The difference between 860 and 996 are false positive defects and code that is intentionally written in a way, which looks suspicious to Coverity Scan. I have documented the most common limitations in the devguide [1]. By the way Coverity Scan doesn't understand Python code. It can only analyzes C, C++ and Java code. [1] Christian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCgAGBQJSII1+AAoJEMeIxMHUVQ1FNsIP/jmiMD8p39zHj8Ggb6NM1q9W WotnQzM2vLE90s9VfewQB914u4rFjEtYVWD6P88QQEwdcrBfnMs/xvFBcyW/yuVd EB57hTjqWKSgGdcFsKoAmlFtSzFTUtM3Yc4aiyYHwsn7vJPTbxAO/6GAToGhHeP6 96f0oXz4uqeM4RJNCbHPt57kHT9OUhsITiZ11rtlsYziGwpRKL5K7bd+bbh/HlPy BDRVfU112vDjOiCRFGPlmMy2ShJabZwT5uZ4+0VGgGo5/Af3H3UU7pYw1cuwnjgh CIv/jYFH8OgNvC+hwvai2OxQfH7aXtUhcSPUSOOmPUQ/pbkTMY65Ya2iIRtEoIrY 8FwayYTMzGkCkEZoS4HXO1wGNCcj3tM8ivGP89aJDpySYLmuJoLa5x/aNKKxyo+X n9HT4BAkuYuFi1qQsPh9kW+FR4VCWTob7BSjOXrY7T8X6plon+fwFseQMkE8JUqI ckwTJCHDIc23d/HiTNhI8Ank3v28JQLdVTIPYnSKU6YpxjDAO0J+BgExAHpAyVwZ snEz9zVj/x4YRkUgxWwTMj/ctKDEpX9mehg5rytlWIaKUtPbTmR+aWxG06+TCd1c dg0cEYso+tvVUAYfZX24dn/7NPrmkBHjGM0ph2PH0S+GcpHF861GvflaSwzQ/ceD kYF3msFihRocFXfy8iNj =Usp8 -----END PGP SIGNATURE----- _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
