Static code analysis - the easiest way to improve
Hi, Just to remind. If someone has some time to fix bugs, KDE apps/Calligra/Frameworks static analysis is the easiest way to improve Calligra. Code defects are well explained (like uninitialized variables or NULL-related failures). Much easier than actually reading that bug reports, analysing them and testing. So please, these are low-hanging fruits. Hundreds of them. Visit: https://scan.coverity.com/projects/kde You can request access if you don't have it yet. Let us know in this thread if code you're interested in isn't there. -- regards, Jaroslaw Staniek KDE: : A world-wide network of software engineers, artists, writers, translators : and facilitators committed to Free Software development - http://kde.org Calligra Suite: : A graphic art and office suite - http://calligra.org Kexi: : A visual database apps builder - http://calligra.org/kexi Qt Certified Specialist: : http://www.linkedin.com/in/jstaniek
Re: Static code analysis - the easiest way to improve
Am Sonntag, 28. Februar 2016, 15:59:46 schrieb Jaroslaw Staniek: Hi, > Let us know in this thread if code you're interested in isn't there. Could we have kdegames there? Regards, Frederik
Re: Static code analysis - the easiest way to improve
On 28 February 2016 at 16:26, Tomas Mecir < mec...@gmail.com> wrote: > Well, I'd like to, but when I log in and try to access the KDE stuff, > I can see the summary, but accessing the actual defect list gives me a > red box with this: > > It may take a few minutes before you can view your defects, when you > change your email or password or sign-in with Github for the first > time. > > Been that way for more than a week now - tried both github and > password login. Someone else was reporting the same problem, I think. > Any ideas? > > Adding Nick who maintains the analysis. Tomas, I've sent you invitation to mec...@gmail.com. The https://scan.coverity.com/projects/kde should then work. Calligra alone has ~1800 potential issues with high level of accuracy.[*] But yes, I added two analysis for individual repos and they give me the same red error box recently. Maybe Coverity needs to approve the request by hand and they're slow in doing this. [*] PS: some of them are false-positives because of the nature of d-pointer private classes that by-design have uninitialized members (often only 'parent' class initialize them); we can't even globally blacklist such classes because they can actually contain really uninitialized or unused variables (it happened to my code already). So no auto-solution for that unless someone initializes d->* variables in the implementation of 'd'. I am marking these bits as false-positive. Example: CID 1354191 (#1 of 1): Uninitialized pointer field. (UNINIT_CTOR)2. uninit_member: Non-static class member editor is not initialized in this constructor nor in any functions that it calls. > Tomas > > > 2016-02-28 15:59 GMT+01:00 Jaroslaw Staniek : > > Hi, > > Just to remind. If someone has some time to fix bugs, KDE > > apps/Calligra/Frameworks static analysis is the easiest way to improve > > Calligra. > > Code defects are well explained (like uninitialized variables or > > NULL-related failures). Much easier than actually reading that bug > reports, > > analysing them and testing. > > > > So please, these are low-hanging fruits. Hundreds of them. > > > > Visit: > > https://scan.coverity.com/projects/kde > > You can request access if you don't have it yet. > > > > Let us know in this thread if code you're interested in isn't there. > > > > -- > > regards, Jaroslaw Staniek > > > > KDE: > > : A world-wide network of software engineers, artists, writers, > translators > > : and facilitators committed to Free Software development - > http://kde.org > > Calligra Suite: > > : A graphic art and office suite - http://calligra.org > > Kexi: > > : A visual database apps builder - http://calligra.org/kexi > > Qt Certified Specialist: > > : http://www.linkedin.com/in/jstaniek > > > > ___ > > calligra-devel mailing list > > calligra-de...@kde.org > > https://mail.kde.org/mailman/listinfo/calligra-devel > > > ___ > calligra-devel mailing list > calligra-de...@kde.org > https://mail.kde.org/mailman/listinfo/calligra-devel > -- regards, Jaroslaw Staniek KDE: : A world-wide network of software engineers, artists, writers, translators : and facilitators committed to Free Software development - http://kde.org Calligra Suite: : A graphic art and office suite - http://calligra.org Kexi: : A visual database apps builder - http://calligra.org/kexi Qt Certified Specialist: : http://www.linkedin.com/in/jstaniek
Re: Static code analysis - the easiest way to improve
On 28 February 2016 at 16:21, Frederik Schwarzer wrote: > Am Sonntag, 28. Februar 2016, 15:59:46 schrieb Jaroslaw Staniek: > > Hi, > > > Let us know in this thread if code you're interested in isn't there. > > Could we have > > kdegames there? > > Good idea, CC'd Nick as he updates the builds, with good results as we can see below. The build is based on whatever is enabled in kdesrc-build and takes many hours. [image: Inline images 1] > > -- regards, Jaroslaw Staniek KDE: : A world-wide network of software engineers, artists, writers, translators : and facilitators committed to Free Software development - http://kde.org Calligra Suite: : A graphic art and office suite - http://calligra.org Kexi: : A visual database apps builder - http://calligra.org/kexi Qt Certified Specialist: : http://www.linkedin.com/in/jstaniek
Re: Static code analysis - the easiest way to improve
On Sun, Feb 28, 2016 at 3:59 PM, Jaroslaw Staniek wrote: > Hi, > Just to remind. If someone has some time to fix bugs, KDE > apps/Calligra/Frameworks static analysis is the easiest way to improve > Calligra. > Code defects are well explained (like uninitialized variables or > NULL-related failures). Much easier than actually reading that bug reports, > analysing them and testing. > > So please, these are low-hanging fruits. Hundreds of them. > > Visit: > https://scan.coverity.com/projects/kde > You can request access if you don't have it yet. > > Let us know in this thread if code you're interested in isn't there. To be honest, I've tried to use it many times, but I always seem to end up diving in warnings in other projects. It's hard to filter for projects I have a grasp on. How do you deal with this? Regards, Aleix
Re: Static code analysis - the easiest way to improve
On 28 February 2016 at 20:21, Aleix Pol wrote: > On Sun, Feb 28, 2016 at 3:59 PM, Jaroslaw Staniek wrote: > > Hi, > > Just to remind. If someone has some time to fix bugs, KDE > > apps/Calligra/Frameworks static analysis is the easiest way to improve > > Calligra. > > Code defects are well explained (like uninitialized variables or > > NULL-related failures). Much easier than actually reading that bug > reports, > > analysing them and testing. > > > > So please, these are low-hanging fruits. Hundreds of them. > > > > Visit: > > https://scan.coverity.com/projects/kde > > You can request access if you don't have it yet. > > > > Let us know in this thread if code you're interested in isn't there. > > To be honest, I've tried to use it many times, but I always seem to > end up diving in warnings in other projects. It's hard to filter for > projects I have a grasp on. > > How do you deal with this? > > The GUI is admittedly over-engineered, I am clicking on the Edit Settings icon http://i.imgur.com/VDOrEkq.png, add component Calligra to narrow the scope, and entering *kexi* wildcard to Filters. Then I am naming the settings as "kexi". It then can appear in the sidebar. Maybe this link works https://scan5.coverity.com/reports.htm#v43930/p10103 Regards, > Aleix > ___ > calligra-devel mailing list > calligra-de...@kde.org > https://mail.kde.org/mailman/listinfo/calligra-devel > -- regards, Jaroslaw Staniek KDE: : A world-wide network of software engineers, artists, writers, translators : and facilitators committed to Free Software development - http://kde.org Calligra Suite: : A graphic art and office suite - http://calligra.org Kexi: : A visual database apps builder - http://calligra.org/kexi Qt Certified Specialist: : http://www.linkedin.com/in/jstaniek
Re: Static code analysis - the easiest way to improve
Am Sonntag, 28. Februar 2016, 20:18:22 schrieb Nick Shaforostoff: > > > Let us know in this thread if code you're interested in isn't > > > there.> > > Could we have kdegames there? > > ok, i'll include them in the next build (in a week or so) Thank you.
Re: Static code analysis - the easiest way to improve
On 28 February 2016 at 16:26, Tomas Mecir wrote: > Well, I'd like to, but when I log in and try to access the KDE stuff, > I can see the summary, but accessing the actual defect list gives me a > red box with this: > > It may take a few minutes before you can view your defects, when you > change your email or password or sign-in with Github for the first > time. > Hi, Just tried it for some projects again and the red box is apparently gone. -- regards, Jaroslaw Staniek KDE: : A world-wide network of software engineers, artists, writers, translators : and facilitators committed to Free Software development - http://kde.org Calligra Suite: : A graphic art and office suite - http://calligra.org Kexi: : A visual database apps builder - http://calligra.org/kexi Qt Certified Specialist: : http://www.linkedin.com/in/jstaniek
Re: Static code analysis - the easiest way to improve
No change for me, unfortunately, still getting that red box (tried both password and github login). Tomas 2016-03-15 17:28 GMT+01:00 Jaroslaw Staniek : > > > On 28 February 2016 at 16:26, Tomas Mecir wrote: >> >> Well, I'd like to, but when I log in and try to access the KDE stuff, >> I can see the summary, but accessing the actual defect list gives me a >> red box with this: >> >> It may take a few minutes before you can view your defects, when you >> change your email or password or sign-in with Github for the first >> time. > > > > Hi, > Just tried it for some projects again and the red box is apparently gone. > > -- > regards, Jaroslaw Staniek > > KDE: > : A world-wide network of software engineers, artists, writers, translators > : and facilitators committed to Free Software development - http://kde.org > Calligra Suite: > : A graphic art and office suite - http://calligra.org > Kexi: > : A visual database apps builder - http://calligra.org/kexi > Qt Certified Specialist: > : http://www.linkedin.com/in/jstaniek
Re: Static code analysis - the easiest way to improve
On 15 March 2016 at 17:33, Tomas Mecir wrote: > No change for me, unfortunately, still getting that red box (tried > both password and github login). > I see. All I did is asking scan-ad...@coverity.com 2 times or so. And waiting 2+ weeks. Maybe they're fixing/enabling access one-by-one. > > Tomas > > > 2016-03-15 17:28 GMT+01:00 Jaroslaw Staniek : > > > > > > On 28 February 2016 at 16:26, Tomas Mecir wrote: > >> > >> Well, I'd like to, but when I log in and try to access the KDE stuff, > >> I can see the summary, but accessing the actual defect list gives me a > >> red box with this: > >> > >> It may take a few minutes before you can view your defects, when you > >> change your email or password or sign-in with Github for the first > >> time. > > > > > > > > Hi, > > Just tried it for some projects again and the red box is apparently gone. > > > > -- > > regards, Jaroslaw Staniek > > > > KDE: > > : A world-wide network of software engineers, artists, writers, > translators > > : and facilitators committed to Free Software development - > http://kde.org > > Calligra Suite: > > : A graphic art and office suite - http://calligra.org > > Kexi: > > : A visual database apps builder - http://calligra.org/kexi > > Qt Certified Specialist: > > : http://www.linkedin.com/in/jstaniek > ___ > calligra-devel mailing list > calligra-de...@kde.org > https://mail.kde.org/mailman/listinfo/calligra-devel > -- regards, Jaroslaw Staniek KDE: : A world-wide network of software engineers, artists, writers, translators : and facilitators committed to Free Software development - http://kde.org Calligra Suite: : A graphic art and office suite - http://calligra.org Kexi: : A visual database apps builder - http://calligra.org/kexi Qt Certified Specialist: : http://www.linkedin.com/in/jstaniek
Re: Static code analysis - the easiest way to improve
I created an account a few weeks ago, asked to join and was able to access the KDE group fine the next day. Who is granting the access? Maybe contact that person directly. KDEGames is not there yet, though. Regards, Frederik Am Dienstag, 15. März 2016, 17:45:44 schrieb Jaroslaw Staniek: > On 15 March 2016 at 17:33, Tomas Mecir wrote: > > No change for me, unfortunately, still getting that red box (tried > > both password and github login). > > I see. All I did is asking scan-ad...@coverity.com 2 times or so. > And waiting 2+ weeks. Maybe they're fixing/enabling access > one-by-one. > > > Tomas > > > > 2016-03-15 17:28 GMT+01:00 Jaroslaw Staniek : > > > On 28 February 2016 at 16:26, Tomas Mecir wrote: > > >> Well, I'd like to, but when I log in and try to access the KDE > > >> stuff, I can see the summary, but accessing the actual defect > > >> list gives me a red box with this: > > >> > > >> It may take a few minutes before you can view your defects, > > >> when you change your email or password or sign-in with Github > > >> for the first time. > > > > > > Hi, > > > Just tried it for some projects again and the red box is > > > apparently gone. > > > > > > -- > > > regards, Jaroslaw Staniek > > > > > > KDE: > > > : A world-wide network of software engineers, artists, writers, > > > > translators > > > > > : and facilitators committed to Free Software development - > > > > http://kde.org > > > > > Calligra Suite: > > > : A graphic art and office suite - http://calligra.org > > > > > > Kexi: > > > : A visual database apps builder - http://calligra.org/kexi > > > > > > Qt Certified Specialist: > > > : http://www.linkedin.com/in/jstaniek > > > > ___ > > calligra-devel mailing list > > calligra-de...@kde.org > > https://mail.kde.org/mailman/listinfo/calligra-devel
Re: Static code analysis - the easiest way to improve
On 15 March 2016 at 18:10, Frederik Schwarzer wrote: > I created an account a few weeks ago, asked to join and was able to > access the KDE group fine the next day. Who is granting the access? > Maybe contact that person directly. > > Nick Shaforostoff But I do not mean just the "KDE" scans, that I accessed easily, I mean new ones, see below. For the free service aimed at scan-ad...@coverity.com is only available, please don't email the supp...@coverity.com as this is a separate commercial support. > KDEGames is not there yet, though. > This is why some people like me create own small scans sometimes just for single repos. Another reason is that if you want to create, say, 3 scans a week, you don't need to upload gigabytes for the "KDE" scan and perform too much of filtering. Also the same code should not be reviewed in separate scans, otherwise marking false positives again and again will be a waste of time... (I guess resolutions of errors isn't global) Of course it's also important that more people should not work on the same code areas in the same scan but this can be coordinated per-repo I hope (a wiki page displaying who's reading what scan would be good). > > Regards, > Frederik > > Am Dienstag, 15. März 2016, 17:45:44 schrieb Jaroslaw Staniek: > > On 15 March 2016 at 17:33, Tomas Mecir wrote: > > > No change for me, unfortunately, still getting that red box (tried > > > both password and github login). > > > > I see. All I did is asking scan-ad...@coverity.com 2 times or so. > > And waiting 2+ weeks. Maybe they're fixing/enabling access > > one-by-one. > > > > > Tomas > > > > > > 2016-03-15 17:28 GMT+01:00 Jaroslaw Staniek : > > > > On 28 February 2016 at 16:26, Tomas Mecir > wrote: > > > >> Well, I'd like to, but when I log in and try to access the KDE > > > >> stuff, I can see the summary, but accessing the actual defect > > > >> list gives me a red box with this: > > > >> > > > >> It may take a few minutes before you can view your defects, > > > >> when you change your email or password or sign-in with Github > > > >> for the first time. > > > > > > > > Hi, > > > > Just tried it for some projects again and the red box is > > > > apparently gone. > > > > > > > > -- > > > > regards, Jaroslaw Staniek > > > > > > > > KDE: > > > > : A world-wide network of software engineers, artists, writers, > > > > > > translators > > > > > > > : and facilitators committed to Free Software development - > > > > > > http://kde.org > > > > > > > Calligra Suite: > > > > : A graphic art and office suite - http://calligra.org > > > > > > > > Kexi: > > > > : A visual database apps builder - http://calligra.org/kexi > > > > > > > > Qt Certified Specialist: > > > > : http://www.linkedin.com/in/jstaniek > > > > > > ___ > > > calligra-devel mailing list > > > calligra-de...@kde.org > > > https://mail.kde.org/mailman/listinfo/calligra-devel > > ___ > calligra-devel mailing list > calligra-de...@kde.org > https://mail.kde.org/mailman/listinfo/calligra-devel > -- regards, Jaroslaw Staniek KDE: : A world-wide network of software engineers, artists, writers, translators : and facilitators committed to Free Software development - http://kde.org Calligra Suite: : A graphic art and office suite - http://calligra.org Kexi: : A visual database apps builder - http://calligra.org/kexi Qt Certified Specialist: : http://www.linkedin.com/in/jstaniek
Re[2]: Static code analysis - the easiest way to improve
> > Let us know in this thread if code you're interested in isn't there. > Could we have kdegames there? ok, i'll include them in the next build (in a week or so)
Re[2]: Static code analysis - the easiest way to improve
> To be honest, I've tried to use it many times, but I always seem to > end up diving in warnings in other projects. It's hard to filter for > projects I have a grasp on. > > How do you deal with this? i just sort by filepath/name (the column is on the right, you need to scroll horizontally to get to it), then scroll to the project I'm interested in.
