Em qui, 21 de mar de 2019 às 19:48, Albert Astals Cid <aa...@kde.org> escreveu:
> El dijous, 21 de març de 2019, a les 10:04:29 CET, Tomaz Canabrava va > escriure: > > Hello kdevelopers, > > > > I'v come to know the lgtm.com this week and started to enjoy it quite > > a bit. It provides code analisys for various languages like c/c++ / > > java / javascript / python, transforming code to data and extracting > > information using a QL Schema + Deep learning. > > > > It's opensource > > Is it? I can't seem to find the code. > > > , and *already* runs thru all the kde codebase because > > our code has a mirror on github (but it also supports gitlab, > > bitbucket). Some of the code from kde can't be analized yet because of > > unmatched dependencies, but here's an example of a software we all > > know and love, being analized by their tools. > > > > https://lgtm.com/projects/g/KDAB/GammaRay/alerts/?mode=list > > > > I belive we should get in contact with them and ask for a ~formal~ > > partnership and integrate this into our phab / gitlab instances. > > I'm a bit hesitant about it's quality. > > It complains about > https://lgtm.com/projects/g/KDAB/GammaRay/snapshot/c9979de8f1206e13596392237af218cd35adc139/files/plugins/sceneinspector/paintanalyzerextension.cpp#x6a2cbfa5e54b631a:1 > If you read the description it'd seem it's a memory leak. > That's because it doesn't understand QObject ownership and that > deleting a parent will delete its children. > > It says this is an error > https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/core/synctex/synctex_parser_utils.c#x6d7e052c9ef1e80:1 > It's not, i'll agree it's not very common to do this comparison, > but it's valid code > > It says this is a noop > https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/autotests/parttest.cpp?sort=name&dir=ASC&mode=heatmap#x9525a92bb944ee97:1 > It's not, qRegisterMetaType does things > > So I'm happy that those results are out there, but given the amount of > false/questionable positives i found in 5 minutes of looking at it, I'd be > very careful of giving it to "the general population", that may just > propose changes because a tool told them to. > > Cheers, > Albert > They are already working in two of the bugs that you described - reported by the subsurface team. The source for parts of the tools are here: https://github.com/Semmle/ql And of course as any tool that is starting there will be errors. > > > > > Tomaz > > > > > > >
