Re: [Libreoffice-qa] Possibility of monitoring LibreOffice code with SonarQube

2016-04-13 Thread Stephan Bergmann 

On 04/13/2016 09:51 AM, Pasqual Milvaques wrote:

The coverity scan actually is done with gcov/lcov and is quite useful as
you say, SonarQube can do code coverage analysis also by importing gcov
info (http://docs.sonarqube.org/pages/viewpage.action?pageId=531) so
at the end it would present the same data with another gui but it's not
clear if this could more useful than the current UI.


Coverity Scan is a tool to find programming errors via static analysis. 
 I do not know that it would also address code coverage (which is what 
gcov/lcov do).  (We do have a setup to monitor LO code coverage with 
gcov/locv, too, .)



The interesting apportation is that SonarQube can give more information
about other aspects of the project code quality, all the features are
summarized here:
http://www.sonarsource.com/products/features/


From that web site, SonarQube appears to offer a portfolio of features, 
including some means to find programming errors ("Enfore coding 
standards and eradict bugs"), presumably statically.


There are many tools to statically find programming errors, and we 
already use a variety in LO development: compiler warnings, Clang 
plugins, Coverity Scan, Cppcheck, ...


The problem with any such tool is that it typically reports many errors 
and reports false positives among them.  To be practically useful, the 
rate of errors it reports must be driven to zero (by modifying the LO 
source code, and/or by modifying the tool), to make reports about newly 
introduced errors noticeable.  That means that any false positives must 
be addressed, by either massaging the LO source code or by enhancing the 
tool.


From my own experience, doing the latter against a closed-source tool 
is a very frustrating experience.  Especially if the tool's provider is 
not very responsive (as has been the case with Coverity in my 
experience).  When there is a false positive for which you do not 
understand why it is reported by the tool, you need to massage the LO 
source code in a trial-and-error way to hopefully make the false warning 
from the tool go away.  (Which easily leaves the LO source code in a 
poorer state than it was in before.)


That is, I'm personally rather reluctant to deploy any further tool to 
find programming errors, when it is unclear whether that tool can be 
used by LO development in a way that helps more than it hurts.

___
List Name: Libreoffice-qa mailing list
Mail address: Libreoffice-qa@lists.freedesktop.org
Change settings: https://lists.freedesktop.org/mailman/listinfo/libreoffice-qa
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://lists.freedesktop.org/archives/libreoffice-qa/

Re: [Libreoffice-qa] Possibility of monitoring LibreOffice code with SonarQube

2016-04-13 Thread Pasqual Milvaques 
The coverity scan actually is done with gcov/lcov and is quite useful as
you say, SonarQube can do code coverage analysis also by importing gcov
info (http://docs.sonarqube.org/pages/viewpage.action?pageId=531) so at
the end it would present the same data with another gui but it's not clear
if this could more useful than the current UI.
The interesting apportation is that SonarQube can give more information
about other aspects of the project code quality, all the features are
summarized here:
http://www.sonarsource.com/products/features/

The performace impact would be taken in nemo.sonarqube.org as to use this
by free (as in beer) we must use that public instance of the software, c++
plugin is propietary and has an economic cost, as LibreOffice is an open
source project there is the option to use this server by free. The
maintainers of the software indicate that for adding it only has to be
requested it in the forum, a condition to add it is that the project must
be easy to build. In the current state of LibreOffice code I think that
this is true but perhaps they have some argument about it

I''m going to ask for this

Thanks

2016-04-12 16:33 GMT+02:00 V Stuart Foote <vstuart.fo...@utsa.edu>:

> Sure, but do you mean in addition to the very functional Coverity Scan that
> the project already routinely uses?
>
> https://scan.coverity.com/projects/libreoffice
>
> Is that just a "belt + suspenders" idea, or is there really substantive
> advantage to flushing the code base through another quality check?  And,
> whom would you suggest would host it and take the performance hit on their
> build system?
>
>
>
>
> --
> View this message in context:
> http://nabble.documentfoundation.org/Libreoffice-qa-Possibility-of-monitoring-LibreOffice-code-with-SonarQube-tp4180936p4180953.html
> Sent from the QA mailing list archive at Nabble.com.
> ___
> List Name: Libreoffice-qa mailing list
> Mail address: Libreoffice-qa@lists.freedesktop.org
> Change settings:
> https://lists.freedesktop.org/mailman/listinfo/libreoffice-qa
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://lists.freedesktop.org/archives/libreoffice-qa/
___
List Name: Libreoffice-qa mailing list
Mail address: Libreoffice-qa@lists.freedesktop.org
Change settings: https://lists.freedesktop.org/mailman/listinfo/libreoffice-qa
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://lists.freedesktop.org/archives/libreoffice-qa/

Re: [Libreoffice-qa] Possibility of monitoring LibreOffice code with SonarQube

2016-04-12 Thread V Stuart Foote 
Sure, but do you mean in addition to the very functional Coverity Scan that
the project already routinely uses?

https://scan.coverity.com/projects/libreoffice

Is that just a "belt + suspenders" idea, or is there really substantive
advantage to flushing the code base through another quality check?  And,
whom would you suggest would host it and take the performance hit on their
build system?




--
View this message in context: 
http://nabble.documentfoundation.org/Libreoffice-qa-Possibility-of-monitoring-LibreOffice-code-with-SonarQube-tp4180936p4180953.html
Sent from the QA mailing list archive at Nabble.com.
___
List Name: Libreoffice-qa mailing list
Mail address: Libreoffice-qa@lists.freedesktop.org
Change settings: https://lists.freedesktop.org/mailman/listinfo/libreoffice-qa
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://lists.freedesktop.org/archives/libreoffice-qa/

[Libreoffice-qa] Possibility of monitoring LibreOffice code with SonarQube

2016-04-12 Thread Pasqual Milvaques 
Hello

SonarQube is very nice tool used for continuous inspection of code quality,
it's core is open source but the support for some languages (c++, for
example) and some features are closed source.

That makes using it for LibreOffice in a private instance not
straightforward, anyway the maintainers of the product had set up a public
server for use for open source projects, it's located here:
https://nemo.sonarqube.org/

If you think that can be interesting to have some monitoring of LibreOffice
code in nemo.sonarqube.org I can try to contact the sonar maintainers to
try to do a setup for monitoring the LibreOffice code

What do you think about it?

Thanks :)
___
List Name: Libreoffice-qa mailing list
Mail address: Libreoffice-qa@lists.freedesktop.org
Change settings: https://lists.freedesktop.org/mailman/listinfo/libreoffice-qa
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://lists.freedesktop.org/archives/libreoffice-qa/