source code static analyze with Clang "scan-build"...

Hi all,

You must know that we parse norally all source code with Coverity Scan service and fix step by step the issues detected by the static analyzer.

Since January, git/master cannot be processed by Coverity. The build is complete, but the report is never commited and is send in somewhere in /dev/nulll (:=)))...

Coverity Scan service was acquired by a new company in 2018, and i suspect a side effect to commit report to the remote server. I contacted the Coverity team, who respond that investiguation are under progress, please wait.

So, i finally try to found a new solution to parse week by week all source code to review by another static analyzer. I tried Clang one, and reports are really excellent. I written a script in project/reports/, but it's not yet perfect.

The first report that clang generate is really interesting. I shared the files (web pages) in this archive :

https://drive.google.com/open?id=1EKr9vAMZFZ8-UDOXXIrzKdlt5G8ClVD1

Please take a look and feel free to apply patches is necessary.

I will try to finalize the script while this week end to be able to run the analyzer locally.

Best

Gilles Caulier

Hi all,

My Clang static analyzer script is working well now. It publish in digiKam.org static area the report automatically

url: https://www.digikam.org/report/

The contents is currently and older one. I will run again the script soon to update the contents.

Best

Gilles

2018-05-04 17:48 GMT+02:00 Gilles Caulier <[hidden email]>:

Hi all,

You must know that we parse norally all source code with Coverity Scan service and fix step by step the issues detected by the static analyzer.

Since January, git/master cannot be processed by Coverity. The build is complete, but the report is never commited and is send in somewhere in /dev/nulll (:=)))...

Coverity Scan service was acquired by a new company in 2018, and i suspect a side effect to commit report to the remote server. I contacted the Coverity team, who respond that investiguation are under progress, please wait.

So, i finally try to found a new solution to parse week by week all source code to review by another static analyzer. I tried Clang one, and reports are really excellent. I written a script in project/reports/, but it's not yet perfect.

The first report that clang generate is really interesting. I shared the files (web pages) in this archive :

https://drive.google.com/open?id=1EKr9vAMZFZ8-UDOXXIrzKdlt5G8ClVD1

Please take a look and feel free to apply patches is necessary.

I will try to finalize the script while this week end to be able to run the analyzer locally.

Best

Gilles Caulier

The url has a little bit changed :

https://www.digikam.org/reports/

We have now clang and cppcheck reports posted to digiKam.org...

Gilles

2018-05-05 14:19 GMT+02:00 Gilles Caulier <[hidden email]>:

Hi all,

My Clang static analyzer script is working well now. It publish in digiKam.org static area the report automatically

url: https://www.digikam.org/report/

The contents is currently and older one. I will run again the script soon to update the contents.

Best

Gilles

2018-05-04 17:48 GMT+02:00 Gilles Caulier <[hidden email]>:

Hi all,

You must know that we parse norally all source code with Coverity Scan service and fix step by step the issues detected by the static analyzer.

Since January, git/master cannot be processed by Coverity. The build is complete, but the report is never commited and is send in somewhere in /dev/nulll (:=)))...

Coverity Scan service was acquired by a new company in 2018, and i suspect a side effect to commit report to the remote server. I contacted the Coverity team, who respond that investiguation are under progress, please wait.

So, i finally try to found a new solution to parse week by week all source code to review by another static analyzer. I tried Clang one, and reports are really excellent. I written a script in project/reports/, but it's not yet perfect.

The first report that clang generate is really interesting. I shared the files (web pages) in this archive :

https://drive.google.com/open?id=1EKr9vAMZFZ8-UDOXXIrzKdlt5G8ClVD1

Please take a look and feel free to apply patches is necessary.

I will try to finalize the script while this week end to be able to run the analyzer locally.

Best

Gilles Caulier

Hi Gilles,

Thanks for setting these checks up!

I'd rather not have automatical emails sent to the digikam-devel mailing list for the same reason it is now separate from digikam-bugzilla: Emails in this list should be actual discussions by humans, not generated mail. Otherwise the important email may get overlooked. So I propose to send the updates to digikam-bugzilla or not send them at all. What do you think?

Cheers,
Simon

On 06/05/18 15:39, Gilles Caulier wrote:

The url has a little bit changed :

https://www.digikam.org/reports/

We have now clang and cppcheck reports posted to digiKam.org...

Gilles

2018-05-05 14:19 GMT+02:00 Gilles Caulier <[hidden email]>:

Hi all,

My Clang static analyzer script is working well now. It publish in digiKam.org static area the report automatically

url: https://www.digikam.org/report/

The contents is currently and older one. I will run again the script soon to update the contents.

Best

Gilles

2018-05-04 17:48 GMT+02:00 Gilles Caulier <[hidden email]>:

Hi all,

You must know that we parse norally all source code with Coverity Scan service and fix step by step the issues detected by the static analyzer.

Since January, git/master cannot be processed by Coverity. The build is complete, but the report is never commited and is send in somewhere in /dev/nulll (:=)))...

Coverity Scan service was acquired by a new company in 2018, and i suspect a side effect to commit report to the remote server. I contacted the Coverity team, who respond that investiguation are under progress, please wait.

So, i finally try to found a new solution to parse week by week all source code to review by another static analyzer. I tried Clang one, and reports are really excellent. I written a script in project/reports/, but it's not yet perfect.

The first report that clang generate is really interesting. I shared the files (web pages) in this archive :

https://drive.google.com/open?id=1EKr9vAMZFZ8-UDOXXIrzKdlt5G8ClVD1

Please take a look and feel free to apply patches is necessary.

I will try to finalize the script while this week end to be able to run the analyzer locally.

Best

Gilles Caulier

No, I think that's too much work for not much gain. It was just an idea to "misuse" the bugzilla mailing list for these emails too. But my personal opinion is, that the static check commit emails can be disabled fully, because they don't have actual information about the new report. So you need to look at the actual report anyway.

On 11/05/18 11:38, Gilles Caulier wrote:

You has right. 

Do you mean to create bugzilla bug reports accordingly with clang/cppcheck reports ? this will be an hot task todo...

Gilles

2018-05-11 11:08 GMT+02:00 Simon Frei <[hidden email]>:

Hi Gilles,

Thanks for setting these checks up!

I'd rather not have automatical emails sent to the digikam-devel mailing list for the same reason it is now separate from digikam-bugzilla: Emails in this list should be actual discussions by humans, not generated mail. Otherwise the important email may get overlooked. So I propose to send the updates to digikam-bugzilla or not send them at all. What do you think?

Cheers,
Simon

On 06/05/18 15:39, Gilles Caulier wrote:

The url has a little bit changed :

https://www.digikam.org/reports/

We have now clang and cppcheck reports posted to digiKam.org...

Gilles

2018-05-05 14:19 GMT+02:00 Gilles Caulier <[hidden email]>:

Hi all,

My Clang static analyzer script is working well now. It publish in digiKam.org static area the report automatically

url: https://www.digikam.org/report/

The contents is currently and older one. I will run again the script soon to update the contents.

Best

Gilles

2018-05-04 17:48 GMT+02:00 Gilles Caulier <[hidden email]>:

Hi all,

You must know that we parse norally all source code with Coverity Scan service and fix step by step the issues detected by the static analyzer.

Since January, git/master cannot be processed by Coverity. The build is complete, but the report is never commited and is send in somewhere in /dev/nulll (:=)))...

Coverity Scan service was acquired by a new company in 2018, and i suspect a side effect to commit report to the remote server. I contacted the Coverity team, who respond that investiguation are under progress, please wait.

So, i finally try to found a new solution to parse week by week all source code to review by another static analyzer. I tried Clang one, and reports are really excellent. I written a script in project/reports/, but it's not yet perfect.

The first report that clang generate is really interesting. I shared the files (web pages) in this archive :

https://drive.google.com/open?id=1EKr9vAMZFZ8-UDOXXIrzKdlt5G8ClVD1

Please take a look and feel free to apply patches is necessary.

I will try to finalize the script while this week end to be able to run the analyzer locally.

Best

Gilles Caulier