Re: lgtm integration (automated detection of bugs and problems for programming languages)
- Date: Thu, 21 Mar 2019 19:48:09 +0100
- From: Albert Astals Cid <aacid@xxxxxxx>
- Subject: Re: lgtm integration (automated detection of bugs and problems for programming languages)
El dijous, 21 de març de 2019, a les 10:04:29 CET, Tomaz Canabrava va escriure:
> Hello kdevelopers,
> I'v come to know the lgtm.com this week and started to enjoy it quite
> a bit. It provides code analisys for various languages like c/c++ /
> information using a QL Schema + Deep learning.
> It's opensource
Is it? I can't seem to find the code.
> , and *already* runs thru all the kde codebase because
> our code has a mirror on github (but it also supports gitlab,
> bitbucket). Some of the code from kde can't be analized yet because of
> unmatched dependencies, but here's an example of a software we all
> know and love, being analized by their tools.
> I belive we should get in contact with them and ask for a ~formal~
> partnership and integrate this into our phab / gitlab instances.
I'm a bit hesitant about it's quality.
It complains about https://lgtm.com/projects/g/KDAB/GammaRay/snapshot/c9979de8f1206e13596392237af218cd35adc139/files/plugins/sceneinspector/paintanalyzerextension.cpp#x6a2cbfa5e54b631a:1
If you read the description it'd seem it's a memory leak.
That's because it doesn't understand QObject ownership and that deleting a parent will delete its children.
It says this is an error https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/core/synctex/synctex_parser_utils.c#x6d7e052c9ef1e80:1
It's not, i'll agree it's not very common to do this comparison, but it's valid code
It says this is a noop https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/autotests/parttest.cpp?sort=name&dir=ASC&mode=heatmap#x9525a92bb944ee97:1
It's not, qRegisterMetaType does things
So I'm happy that those results are out there, but given the amount of false/questionable positives i found in 5 minutes of looking at it, I'd be very careful of giving it to "the general population", that may just propose changes because a tool told them to.