Static code analysis - the easiest way to improve

Jaroslaw Staniek staniek at kde.org
Sun Feb 28 15:44:31 GMT 2016


On 28 February 2016 at 16:26, Tomas Mecir <
​​
mecirt at gmail.com> wrote:

> Well, I'd like to, but when I log in and try to access the KDE stuff,
> I can see the summary, but accessing the actual defect list gives me a
> red box with this:
>
> It may take a few minutes before you can view your defects, when you
> change your email or password or sign-in with Github for the first
> time.
>
> Been that way for more than a week now - tried both github and
> password login. Someone else was reporting the same problem, I think.
> Any ideas?
>
>
​Adding ​Nick who maintains the analysis.
Tomas, I've sent you invitation to mecirt at gmail.com. The
https://scan.coverity.com/projects/kde should then work. Calligra alone has
~1800 potential issues with high level of accuracy.[*]

But yes, I added two analysis for individual repos and they give me the
same red error box recently. Maybe Coverity needs to approve the request by
hand and they're slow in doing this.


​[*] PS: some of them are ​false-positives because of the nature of
d-pointer private classes that by-design have uninitialized members (often
only 'parent' class initialize them); we can't even globally blacklist such
classes because they can actually contain really uninitialized or unused
variables (it happened to my code already). So no auto-solution for that
unless someone initializes d->* variables in the implementation of 'd'. I
am marking these bits as false-positive.

Example:
​ ​
CID 1354191 (#1 of 1): Uninitialized pointer field. (UNINIT_CTOR)2.
uninit_member: Non-static class member editor is not initialized in this
constructor nor in any functions that it calls.



> Tomas
>
>
> 2016-02-28 15:59 GMT+01:00 Jaroslaw Staniek <staniek at kde.org>:
> > Hi,
> > Just to remind. If someone has some time to fix bugs, KDE
> > apps/Calligra/Frameworks static analysis is the easiest way to improve
> > Calligra.
> > Code defects are well explained (like uninitialized variables or
> > NULL-related failures). Much easier than actually reading that bug
> reports,
> > analysing them and testing.
> >
> > So please, these are low-hanging fruits. Hundreds of them.
> >
> > Visit:
> > https://scan.coverity.com/projects/kde
> > You can request access if you don't have it yet.
> >
> > Let us know in this thread if code you're interested in isn't there.
> >
> > --
> > regards, Jaroslaw Staniek
> >
> > KDE:
> > : A world-wide network of software engineers, artists, writers,
> translators
> > : and facilitators committed to Free Software development -
> http://kde.org
> > Calligra Suite:
> > : A graphic art and office suite - http://calligra.org
> > Kexi:
> > : A visual database apps builder - http://calligra.org/kexi
> > Qt Certified Specialist:
> > : http://www.linkedin.com/in/jstaniek
> >
> > _______________________________________________
> > calligra-devel mailing list
> > calligra-devel at kde.org
> > https://mail.kde.org/mailman/listinfo/calligra-devel
> >
> _______________________________________________
> calligra-devel mailing list
> calligra-devel at kde.org
> https://mail.kde.org/mailman/listinfo/calligra-devel
>



-- 
regards, Jaroslaw Staniek

KDE:
: A world-wide network of software engineers, artists, writers, translators
: and facilitators committed to Free Software development - http://kde.org
Calligra Suite:
: A graphic art and office suite - http://calligra.org
Kexi:
: A visual database apps builder - http://calligra.org/kexi
Qt Certified Specialist:
: http://www.linkedin.com/in/jstaniek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/calligra-devel/attachments/20160228/fc424b07/attachment.htm>


More information about the calligra-devel mailing list