Web lists-archives.com

Re: lgtm integration (automated detection of bugs and problems for programming languages)




On Fri, Mar 22, 2019 at 2:31 PM alcinos <french.ebook.lover@xxxxxxxxx> wrote:
>
> Is there a way to somehow configure the build process? Their automatic dependency pulling is getting an outdated version of Melt, and it breaks the build for us in Kdenlive...

Yes, you can define a yaml file for it in the root dir, like krita did here:
https://github.com/KDE/krita/blob/master/.lgtm.yml

(but krita took so long to build there that they timed it out :(


> Le ven. 22 mars 2019 à 07:43, Tomaz Canabrava <tcanabrava@xxxxxxx> a écrit :
>>
>> On Thu, Mar 21, 2019 at 9:27 PM Albert Astals Cid <aacid@xxxxxxx> wrote:
>> >
>> > El dijous, 21 de març de 2019, a les 20:31:34 CET, Tomaz Canabrava va escriure:
>> > > Em qui, 21 de mar de 2019 às 19:48, Albert Astals Cid <aacid@xxxxxxx>
>> > > escreveu:
>> > >
>> > > > El dijous, 21 de març de 2019, a les 10:04:29 CET, Tomaz Canabrava va
>> > > > escriure:
>> > > > > Hello kdevelopers,
>> > > > >
>> > > > > I'v come to know the lgtm.com this week and started to enjoy it quite
>> > > > > a bit. It provides code analisys for various languages like c/c++ /
>> > > > > java / javascript / python, transforming code to data and extracting
>> > > > > information using a QL Schema + Deep learning.
>> > > > >
>> > > > > It's opensource
>> > > >
>> > > > Is it? I can't seem to find the code.
>> > > >
>> > > > > , and *already* runs thru all the kde codebase because
>> > > > > our code has a mirror on github (but it also supports gitlab,
>> > > > > bitbucket). Some of the code from kde can't be analized yet because of
>> > > > > unmatched dependencies, but here's an example of a software we all
>> > > > > know and love, being analized by their tools.
>> > > > >
>> > > > > https://lgtm.com/projects/g/KDAB/GammaRay/alerts/?mode=list
>> > > > >
>> > > > > I belive we should get in contact with them and ask for a ~formal~
>> > > > > partnership and integrate this into our phab / gitlab instances.
>> > > >
>> > > > I'm a bit hesitant about it's quality.
>> > > >
>> > > > It complains about
>> > > > https://lgtm.com/projects/g/KDAB/GammaRay/snapshot/c9979de8f1206e13596392237af218cd35adc139/files/plugins/sceneinspector/paintanalyzerextension.cpp#x6a2cbfa5e54b631a:1
>> > > >         If you read the description it'd seem it's a memory leak.
>> > > >         That's because it doesn't understand QObject ownership and that
>> > > > deleting a parent will delete its children.
>> > > >
>> > > > It says this is an error
>> > > > https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/core/synctex/synctex_parser_utils.c#x6d7e052c9ef1e80:1
>> > > >         It's not, i'll agree it's not very common to do this comparison,
>> > > > but it's valid code
>> > > >
>> > > > It says this is a noop
>> > > > https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/autotests/parttest.cpp?sort=name&dir=ASC&mode=heatmap#x9525a92bb944ee97:1
>> > > >         It's not, qRegisterMetaType does things
>> > > >
>> > > > So I'm happy that those results are out there, but given the amount of
>> > > > false/questionable positives i found in 5 minutes of looking at it, I'd be
>> > > > very careful of giving it to "the general population", that may just
>> > > > propose changes because a tool told them to.
>> > > >
>> > > > Cheers,
>> > > >   Albert
>> > > >
>> > >
>> > > They are already working in two of the bugs that you described - reported
>> > > by the subsurface team.
>> > >
>> > > The source for parts of the tools are here:
>> > >
>> > > https://github.com/Semmle/ql
>> > >
>> > > And of course as any tool that is starting there will be errors.
>> >
>> > Sure, i never said it's useless, in fact it did find some mismatched free/delete/delete[] calls in both okular and poppler.
>> >
>> > I just want to make sure we don't tell people "these are bugs, go fix them", because then people will take the tool at 100% correct rate value, when it's not that kind of tool.
>>
>> I opened bug reports to them:
>>
>> https://github.com/Semmle/ql/issues/1153
>> this one I'm not convinced yet.
>>
>> https://github.com/Semmle/ql/issues/1154
>> this one it seems that it was not false positive.
>>
>> :)
>>
>> > Cheers,
>> >   Albert
>> >
>> > >
>> > >
>> > > >
>> > > > >
>> > > > > Tomaz
>> > > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > >
>> >
>> >
>> >
>> >