OrangeC
OrangeC copied to clipboard
LADSoft
Coverity: component setup needs an update
Some unused parts were deleted from the repo, ocide was moved out and occ was restructured. It would be nice to have the new layout be matched in the components at Coverity and then do upload a new build there.
yeah i tried to redo the configuration at some point after the above changes, but the coverity site didn't take the change. I didn't have time to play with it at the time... when I get a chance I will look at at again.
i forgot, I was using travis integration for coverity scan. Since travis is gone I have to find another way. Here is someone's idea of how to do the same thing on appveyor, but it may be out of date. Will look into it at some point: https://thehermeticvault.com/software-development/using-coverity-scan-with-appveyor
A CI integration is primarily useful if it is to be triggered regularly and automated (for example for each tag).
As it is not run that often, I suggest to just do this locally and upload the the result manually https://scan.coverity.com/projects/ladsoft-orangec/builds/new
yeah i've done that before... maybe I will try it again to see how I fair.
in the past i haven't had much luck though, the uploads are simply huge. And I was having problems with them stalling in the middle... i eventually had to get the travis integration working again to get around connectivity problems on my end...
Cool, worked out: https://scan.coverity.com/projects/ladsoft-orangec?tab=overview now it would be interesting to know what the 236,000+ LOC in "other" are :-)
i missed occpr as a separate project... but it looks like the microsoft header files are being considered in the count as well. At least, there are some errors flagged for review in the microsoft headers...
I see, so it is good to add a new group for those and setting it to ignore (that's the same I've done for GnuCOBOL):
system headers */usr/include/* ignore:yes
Ok I think I've got it mostly cleaned up now. Defect density went up to 1.31 with all the new exclusions... there are 109 new defects which I will look at before closing this issue :smile:
I think this was about running coverity with the "current state" back then and inspecting the newly reported defects. The current release did not go through https://scan.coverity.com/projects/ladsoft-orangec, it would be useful to do so, maybe after the issues @dcb314 found are tackled.
yeah we had scheduled the scanning of OCC itself for milestone 4, then at the last minute we inserted milestone 3.5 which was supposed to deal only with getting the libcxx tests working and didn't really think about the impact on the code analysis sub-projects.
I don't want to take this on immediately because I'm restructuring the parser code again... I took on the relatively simple task of retrofitting the symbol tables but it morphed into an episode of squishing c-style lists out of the code. Basically any structure with a 'next' member is getting moved into a std::list<T> rather than having explict prev/next members... only doing this in the parser at this point though...
Can I suggest to re-run analysis before the upcoming release (and maybe fix low-hanging fruits) - and if there are no changes in the components closing this issue afterwards (for working on fixing most issues reported we already have #397)?
yeah i was thinking about this the other day, I will plan on actually doing something with it.
Something else that needs to be done is run clang-format on the code base, haven't done that in a long while lol...