Le ven. 22 mars 2019 à 14:40, Tomaz Canabrava <tcanabr...@kde.org> a écrit :
> On Fri, Mar 22, 2019 at 2:31 PM alcinos <french.ebook.lo...@gmail.com> > wrote: > > > > Is there a way to somehow configure the build process? Their automatic > dependency pulling is getting an outdated version of Melt, and it breaks > the build for us in Kdenlive... > > Yes, you can define a yaml file for it in the root dir, like krita did > here: > https://github.com/KDE/krita/blob/master/.lgtm.yml It seems that they only give a package list? I don't think it would help in our case, the root cause of the issue being that the Mlt package is outdated in the repo of whatever distrib they use to build... > > Le ven. 22 mars 2019 à 07:43, Tomaz Canabrava <tcanabr...@kde.org> a > écrit : > >> > >> On Thu, Mar 21, 2019 at 9:27 PM Albert Astals Cid <aa...@kde.org> > wrote: > >> > > >> > El dijous, 21 de març de 2019, a les 20:31:34 CET, Tomaz Canabrava va > escriure: > >> > > Em qui, 21 de mar de 2019 às 19:48, Albert Astals Cid < > aa...@kde.org> > >> > > escreveu: > >> > > > >> > > > El dijous, 21 de març de 2019, a les 10:04:29 CET, Tomaz > Canabrava va > >> > > > escriure: > >> > > > > Hello kdevelopers, > >> > > > > > >> > > > > I'v come to know the lgtm.com this week and started to enjoy > it quite > >> > > > > a bit. It provides code analisys for various languages like > c/c++ / > >> > > > > java / javascript / python, transforming code to data and > extracting > >> > > > > information using a QL Schema + Deep learning. > >> > > > > > >> > > > > It's opensource > >> > > > > >> > > > Is it? I can't seem to find the code. > >> > > > > >> > > > > , and *already* runs thru all the kde codebase because > >> > > > > our code has a mirror on github (but it also supports gitlab, > >> > > > > bitbucket). Some of the code from kde can't be analized yet > because of > >> > > > > unmatched dependencies, but here's an example of a software we > all > >> > > > > know and love, being analized by their tools. > >> > > > > > >> > > > > https://lgtm.com/projects/g/KDAB/GammaRay/alerts/?mode=list > >> > > > > > >> > > > > I belive we should get in contact with them and ask for a > ~formal~ > >> > > > > partnership and integrate this into our phab / gitlab instances. > >> > > > > >> > > > I'm a bit hesitant about it's quality. > >> > > > > >> > > > It complains about > >> > > > > https://lgtm.com/projects/g/KDAB/GammaRay/snapshot/c9979de8f1206e13596392237af218cd35adc139/files/plugins/sceneinspector/paintanalyzerextension.cpp#x6a2cbfa5e54b631a:1 > >> > > > If you read the description it'd seem it's a memory leak. > >> > > > That's because it doesn't understand QObject ownership > and that > >> > > > deleting a parent will delete its children. > >> > > > > >> > > > It says this is an error > >> > > > > https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/core/synctex/synctex_parser_utils.c#x6d7e052c9ef1e80:1 > >> > > > It's not, i'll agree it's not very common to do this > comparison, > >> > > > but it's valid code > >> > > > > >> > > > It says this is a noop > >> > > > > https://lgtm.com/projects/g/KDE/okular/snapshot/9755abc39706567915f1d1b757b70e2a0f8e3f3a/files/autotests/parttest.cpp?sort=name&dir=ASC&mode=heatmap#x9525a92bb944ee97:1 > >> > > > It's not, qRegisterMetaType does things > >> > > > > >> > > > So I'm happy that those results are out there, but given the > amount of > >> > > > false/questionable positives i found in 5 minutes of looking at > it, I'd be > >> > > > very careful of giving it to "the general population", that may > just > >> > > > propose changes because a tool told them to. > >> > > > > >> > > > Cheers, > >> > > > Albert > >> > > > > >> > > > >> > > They are already working in two of the bugs that you described - > reported > >> > > by the subsurface team. > >> > > > >> > > The source for parts of the tools are here: > >> > > > >> > > https://github.com/Semmle/ql > >> > > > >> > > And of course as any tool that is starting there will be errors. > >> > > >> > Sure, i never said it's useless, in fact it did find some mismatched > free/delete/delete[] calls in both okular and poppler. > >> > > >> > I just want to make sure we don't tell people "these are bugs, go fix > them", because then people will take the tool at 100% correct rate value, > when it's not that kind of tool. > >> > >> I opened bug reports to them: > >> > >> https://github.com/Semmle/ql/issues/1153 > >> this one I'm not convinced yet. > >> > >> https://github.com/Semmle/ql/issues/1154 > >> this one it seems that it was not false positive. > >> > >> :) > >> > >> > Cheers, > >> > Albert > >> > > >> > > > >> > > > >> > > > > >> > > > > > >> > > > > Tomaz > >> > > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > >> > > >> > > >> > > >> > >
