Slashdot Mirror
Open-Source Python Code Shows Lowest Defect Density
cold fjord sends news that a study by Coverity has found open-source Python code to contain a lower defect density than any other language. "The 2012 Scan Report found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, as compared to the accepted industry standard defect density for good quality software of 1.0. Python's defect density of .005 significantly surpasses this standard, and introduces a new level of quality for open source software. To date, the Coverity Scan service has analyzed nearly 400,000 lines of Python code and identified 996 new defects — 860 of which have been fixed by the Python community."
"Coverity fails to detect errors in python" would be my headline of choice here. Seem a much more reasonable explanation for the results.
Python is readable and readable code is easier to fix.
Also smarter guy have tendency to use Python/Haskell/Erlang
Oh yeah? Well, I'm working on a readable Perl script to refute that statement. How long do they accept comments in these threads?
Most of Python isn't written in Python, smart ass. They're talking about the language interpreter itself, written in C/C++ etc.
TFA seems to be about the Python interpreter, also known as CPython (because it's implemented in C), rather than about code written in Python itself. So maybe it has nothing to do with the Python language, but everything to do with the fact that the Python authors are apparently awesome C programmers.
That's great, but most people interpret "Open Source Python Code" to mean code written in Python that is Open Source, not code written in C (to implement the Python interpreter) that is Open Source.
The Slashdot summary is confusing, as is the eweek.com headline. Reading the article, it is clear that it is about the code that powers the official Python interpreter, AKA CPython, AKA /usr/bin/python. When I clicked the link, I thought Coverity had surveyed the entire world of open source Python code and discovered that Python programmers as a whole publish higher quality code than people who e.g. program in Ruby. That's not what the article's about.
It'd be great if the headline in Slashdot were to be fixed to say, "Python interpreter has fewer code defects compared to other open source C programs, says Coverity."
|/usr/games/fortune
0.005 defects per thousand lines times 400,000 lines gives a total defect count of 2.
So where did the other 994 defects come from?
So a private, for-profit company named "Coverity" has released a report that shows that their "Coverity Scan" software finds the fewest vaguely-defined "defects" in a programming language whose community has added the "Coverity platform" product to their development process? I was about to say "excellent marketing" by writing a fluff piece for free Slashdot traffic, but it's really not even excellent marketing.
An old-timer with old-timey ideas.
Coverity sells software that does static analysis on source code and looks for patterns that suggest defects. E.G., a code sequence that allocates memory, followed later by something that de-allocates that memory, followed later by something that de-allocates the same memory again (a double-free).
The product is not open source software, but a number of open source software projects use it to scan their software to find defects: https://scan.coverity.com/ It's a win-win, in the sense that Coverity gets reports from real users using it on real code, as well as press for their product. The open source software projects get reports on potential defects before users have to suffer with them.
- David A. Wheeler (see my Secure Programming HOWTO)
Coverity's services have been useful to a number of open-source projects. But this article is carefully picking its terms to get a headline worthy result. Compare against the Coverity scan of PostgreSQL done in 2005 for example, and CPython's defect rate isn't very exciting at all. But that was "Coverity Prevent" and this is "Coverity Scan"...whatever that means.
Here's the python dev's own page describing it and how to get to the results.
Python is readable and readable code is easier to fix.
Also smarter guy have tendency to use Python/Haskell/Erlang
Oh yeah? Well, I'm working on a readable Perl script to refute that statement. How long do they accept comments in these threads?
How is this possible? Perl is a write only language.
The result in question tested the Python project's code, which is commonly known as CPython, which is the Python interpreter written in C.
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
@*(&^)&^)^$
Perl programmers write their code in cartoon profanity!
While it can be useful in pinpointing common code defects, interpreting coverity results as an absolute indicator of code quality is just retarded. 90% of coverity's defect's tend to be really false positives that would be obvious to even the average code monkey... Not sure that massaging a code base to please coverity and getting a 'high score' is really any kind of achievement and may be more an indicator that you have way too much time on your hands...
Help! I am a self-aware entity trapped in an abstract function!
Python is readable and readable code is easier to fix.
True and true. But Python's use of semantic whitespace is also very brittle very easy to break, and a huge pain in the ass to fix compared to languages that use braces, or keywords to define 'blocks'.
But that's not even terribly relevant here, because this article is about the source code used for the python interpreter, which is C, not python.
But Python's use of semantic whitespace is also very brittle very easy to break, and a huge pain in the ass to fix compared to languages that use braces, or keywords to define 'blocks'.
This is one thing I never quite get about python criticism. Sure, whitespace is significant, but I've never had it break easily or be "brittle" as you say. Then again, I don't go past 2 or 3 levels of nesting, class nesting included. And all my units of work are in separate methods/functions instead of being child blocks inside a giant function which I've regularly seen done. Perhaps the use of whitespace isn't the real issue many people have with python, but rather delineating blocks using whitespace exposes a bit of an inherent flaw in the way they structure their program's flow.
Either way, having a proper IDE when writing python code will go a long way to making you comfortable with using whitespace instead of braces. Initially it was weird and unsettling for me, because I didn't understand all the consequences that whitespace could have. But a little fluid and constant coding in a IDE will rid you of that quick enough.
it might have an advantage in forcing lazy programmers with no concept of 'code etiquette' to write semi-readable code as indentation is forced by syntax.
on the other hand, making indentation part of the language creates all sorts of other readability problems.
You'd be surprised at how much syntax in python actively ignores whitespace. As soon as you open up any brackets, it's a veritable free-for-all when it comes to whitespace and indentation. In such a scenario, a proper coding standard document is imperative for readable code.
Great. Now where the hell do you quote it from, since that sure as hell isn't in the linked to article anywhere.
That makes it pretty clear that they are talking about the Python executable itself. Version 3.3.2 to be exact.
... and that clearly shows that they are talking about the interpreter, written in C, which has pointers, malloc() and free(). Python has a memory manager with garbage collection and doesn't use pointers. The Python programmer doesn't allocate and free memory resources directly.
I especially love how you criticized a language earlier, when you clearly have literally no knowledge of said language.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Nope, nobody at all http://www.python.org/about/success/
Jeez.
- Michael T. Babcock (Yes, I blog)
Sure, whitespace is significant, but I've never had it break easily or be "brittle" as you say.
Not python, but one example of this type of thing would be in a Makefile where target commands are indented by a tab. Some newer versions of (g)make will allow spaces, but most require a tab. Cut and paste that in an X-Windows session (tabs are converted to spaces) and you're screwed. From Make Software: Makefiles
Each command line must begin with a tab character to be recognized as a command. The tab is a whitespace character, but the space character does not have the same special meaning. This is problematic, since there may be no visual difference between a tab and a series of space characters. This aspect of the syntax of makefiles is often subject to criticism.
It must have been something you assimilated. . . .
This is one thing I never quite get about python criticism. Sure, whitespace is significant, but I've never had it break easily or be "brittle" as you say.
Anytime you refactor stuff, or modify something even somewhat nested, especially in a 'dumb text editor', it's a pain in the ass.
Anytime you need to pass code snippets via email, forums, etc... well... you just don't because its a total waste of time. :)
Its also easy to barf all over code going into word processors, pdf files, and so forth. Its nice to be able to copy-paste some C out of a PDF file or an email, or off a forum, and then tell the ide to just reformat it.
erhaps the use of whitespace isn't the real issue many people have with python, but rather delineating blocks using whitespace exposes a bit of an inherent flaw in the way they structure their program's flow.
No. Because we use whitespace / indenting in our C / C++ etc projects too. We even have standards requiring it, and our IDEs / toolchains may even be set up to reformat it just-so before commits. We want all the benefits of well formatted code.
We just like the IDE to do all the work actually formatting it, and reformatting it as neccessary.
Either way, having a proper IDE
Is how you lose the argument. Everyone but python groupies agrees that any programming language worth considering MUST have its programs represented as plaintext files, with no proprietary / binary stuff that can only be accessed with specialized tools. Requiring an IDE is the sign of a bad language.
Python passes this test, but it can be pretty hideous to use with an arbitrary text editor. And really, even brainfuck wouldn't be too bad with the right IDE, right?
Blaming Python because you don't have a rudimentary coding editor is like blaming math because you don't have a calculator with a cosine button.
I don't have the luxury of designing "math". Irrational numbers, periodic functions, and so forth aren't optional.
But we do have the luxury of designing programming languages, and semantic white space is a choice.