Web lists-archives.com

Re: lgtm integration (automated detection of bugs and problems for programming languages)

El dijous, 21 de març de 2019, a les 10:04:29 CET, Tomaz Canabrava va escriure:
> Hello kdevelopers,
> I'v come to know the lgtm.com this week and started to enjoy it quite
> a bit. It provides code analisys for various languages like c/c++ /
> java / javascript / python, transforming code to data and extracting
> information using a QL Schema + Deep learning.
> It's opensource

Is it? I can't seem to find the code.

> , and *already* runs thru all the kde codebase because
> our code has a mirror on github (but it also supports gitlab,
> bitbucket). Some of the code from kde can't be analized yet because of
> unmatched dependencies, but here's an example of a software we all
> know and love, being analized by their tools.
> https://lgtm.com/projects/g/KDAB/GammaRay/alerts/?mode=list
> I belive we should get in contact with them and ask for a ~formal~
> partnership and integrate this into our phab / gitlab instances.

I'm a bit hesitant about it's quality. 

It complains about https://lgtm.com/projects/g/KDAB/GammaRay/snapshot/c9979de8f1206e13596392237af218cd35adc139/files/plugins/sceneinspector/paintanalyzerextension.cpp#x6a2cbfa5e54b631a:1
	If you read the description it'd seem it's a memory leak.
	That's because it doesn't understand QObject ownership and that deleting a parent will delete its children.

It says this is an error https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/core/synctex/synctex_parser_utils.c#x6d7e052c9ef1e80:1
	It's not, i'll agree it's not very common to do this comparison, but it's valid code

It says this is a noop https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/autotests/parttest.cpp?sort=name&dir=ASC&mode=heatmap#x9525a92bb944ee97:1
	It's not, qRegisterMetaType does things

So I'm happy that those results are out there, but given the amount of false/questionable positives i found in 5 minutes of looking at it, I'd be very careful of giving it to "the general population", that may just propose changes because a tool told them to.


> Tomaz