GitHub CodeQL (formerly Semmle LGTM)

Here's the place for discussion related to coding in FreeCAD, C++ or Python. Design, interfaces and structures.
Forum rules
Be nice to others! Respect the FreeCAD code of conduct!
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: LGTM (split from 'Code quality checker' thread)

Post by saso »

Kunda1 wrote: Mon Nov 04, 2019 3:13 pm
saso wrote: Fri Oct 25, 2019 9:27 pm yay, you have pushed it to code quality A
There are still many more recommendations for us to consider
Well, but in general reviewing the errors and warnings is more important then the recommendations... Things can always be better but in general I would say we are doing quite ok :)
User avatar
Kunda1
Veteran
Posts: 13434
Joined: Thu Jan 05, 2017 9:03 pm

Re: LGTM (split from 'Code quality checker' thread)

Post by Kunda1 »

Context: https://forum.freecadweb.org/viewtopic. ... 16#p354621
vocx wrote: Tue Dec 17, 2019 7:59 pm
Kunda1 wrote: Tue Dec 17, 2019 3:52 am @furti heads-up:
https://lgtm.com/projects/g/FreeCAD/Fre ... c3c40525:1

Code: Select all

        for i in range(8):
            parts.append(Part.makeBox(20, 20, 1000 - 60,
                                      FreeCAD.Vector((2000 / 9 * (i + 1)) - 10, 15, 30)))
LGTM wrote:Result of division may be truncated as its left and right arguments may both be integers.
This is a warning about Python 2, because in Python 2 the division operator truncates the decimal part if both quantities are integers. That is, 2000/9 = 222.

In Python 3 it works as expected, 2000/9 = 222.222.

To solve this for Python 2, at least one value must be a float, 2000.0/9

See pull request #2788.
vocx wrote: Wed Dec 18, 2019 4:53 pm this isn't a problem in Python 3 only in Python 2. We shouldn't care any more about Python 2.

Kunda, is there a way you can set LGTM to check only Python 3 errors? This would be better.
I can't seem to discern if there is a way to tell LGTM to ignore python2 warnings/recommendations/errors.
Edit: Actually, I think the answer is in https://lgtm.com/help/lgtm/showing-hiding-query-results

First, is there a consensus about this?
Alone you go faster. Together we go farther
Please mark thread [Solved]
Want to contribute back to FC? Checkout:
'good first issues' | Open TODOs and FIXMEs | How to Help FreeCAD | How to report Bugs
vocx
Veteran
Posts: 5197
Joined: Thu Oct 18, 2018 9:18 pm

Re: LGTM (split from 'Code quality checker' thread)

Post by vocx »

Kunda1 wrote: Thu Dec 19, 2019 10:11 am I can't seem to discern if there is a way to tell LGTM to ignore python2 warnings/recommendations/errors.
Edit: Actually, I think the answer is in https://lgtm.com/help/lgtm/showing-hiding-query-results

First, is there a consensus about this?
It's not like a hard deprecation, but de-facto Python 2 is done. We should move forward with only Python 3.

https://pythonclock.org

The only thread where this is mentioned lately is this: Python2 in FreeCAD 0.19 is being abandoned

Werner says we should use Py3/Qt5. Small fixes, to make it compatible with Python 2 can still be done, but nothing major. This is the case of my fix above.
Always add the important information to your posts if you need help. Also see Tutorials and Video tutorials.
To support the documentation effort, and code development, your donation is appreciated: liberapay.com/FreeCAD.
User avatar
Kunda1
Veteran
Posts: 13434
Joined: Thu Jan 05, 2017 9:03 pm

Re: LGTM (split from 'Code quality checker' thread)

Post by Kunda1 »

@saso IMHO I think we should make a step by step tutorial for external workbench authors that makes it easy to get them to implement LGTM in their repos. Thoughts ?
Alone you go faster. Together we go farther
Please mark thread [Solved]
Want to contribute back to FC? Checkout:
'good first issues' | Open TODOs and FIXMEs | How to Help FreeCAD | How to report Bugs
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: LGTM (split from 'Code quality checker' thread)

Post by saso »

Kunda1 wrote: Fri Dec 20, 2019 10:59 am @saso IMHO I think we should make a step by step tutorial for external workbench authors that makes it easy to get them to implement LGTM in their repos. Thoughts ?
There is really nothing to it, when you are logged in to LGTM just go to the "My projects" page, there you can add any project you want. This will start the LGTM to regularly analyze the project and can be enough for most cases... If there is the need for more specific configuration then it is best to first look in to LGTM Help pages https://lgtm.com/help , ask in the LGTM community https://discuss.lgtm.com/ or ask here so we can try to find the solution together.

Here are a few of our related projects (one can also use the LGTM Search to find out if a project is already there)
https://lgtm.com/projects/g/FreeCAD/FreeCAD/
https://lgtm.com/projects/g/yorikvanhav ... Workbench/
https://lgtm.com/projects/g/tomate44/CurvesWB/
https://lgtm.com/projects/g/wonderworks ... re/PyFlow/
https://lgtm.com/projects/g/microelly2/NodeEditor/
https://lgtm.com/search?q=freecad

Update: A note about the shut down of LGTM.com
https://github.blog/2022-08-15-the-next ... -scanning/
Last edited by saso on Wed Sep 07, 2022 11:45 am, edited 2 times in total.
User avatar
Kunda1
Veteran
Posts: 13434
Joined: Thu Jan 05, 2017 9:03 pm

Re: LGTM (Semmle CodeQL)

Post by Kunda1 »

I've been slowly making PRs to various FreeCAD add-ons. I'm tracking LGTM integration in upstream add-on repos in the ticket below for anyone that is interested or wants to help:
https://github.com/FreeCAD/FreeCAD-addons/issues/163
Alone you go faster. Together we go farther
Please mark thread [Solved]
Want to contribute back to FC? Checkout:
'good first issues' | Open TODOs and FIXMEs | How to Help FreeCAD | How to report Bugs
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: LGTM (Semmle CodeQL)

Post by saso »

LGTM (CodeQL) supports the export of results to the Static Analysis Results Interchange Format (SARIF). There is a SARIF viewer for Visual Studio and VS Code. For VS Code, release 3.0.0 or newer of the SARIF viewer should work ok. I didn't test the Visual Studio version yet. Below is a screenshot of the LGTM report saved in the SARIF format and opened in VS Code.

https://sarifweb.azurewebsites.net/
https://github.com/microsoft/sarif-vscode-extension
https://github.com/Microsoft/sarif-visu ... extension/
https://github.com/microsoft/sarif-python-om
https://pypi.org/project/sarif-om/
https://docs.oasis-open.org/sarif/sarif ... -v2.0.html
https://github.com/chennes/CleanSARIF

sarif.png
sarif.png (292.63 KiB) Viewed 2297 times
Last edited by saso on Fri Jul 23, 2021 10:38 am, edited 7 times in total.
User avatar
Kunda1
Veteran
Posts: 13434
Joined: Thu Jan 05, 2017 9:03 pm

Re: LGTM (Semmle CodeQL)

Post by Kunda1 »

saso wrote: Sun Aug 30, 2020 9:18 am There is a SARIF viewer for Visual Studio and VS Code
Thanks for the heads up ;)
Alone you go faster. Together we go farther
Please mark thread [Solved]
Want to contribute back to FC? Checkout:
'good first issues' | Open TODOs and FIXMEs | How to Help FreeCAD | How to report Bugs
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: LGTM (Semmle CodeQL)

Post by saso »

Another small note, in the online LGTM report one can get more information about the individual alerts from the links to the help pages of the related queries, but one can also search for this from the "Search LGTM" (top left in the main page https://lgtm.com/ or from the freecad project https://lgtm.com/projects/g/FreeCAD/FreeCAD/), for example, this search https://lgtm.com/search?q=Missing%20hea ... rd&t=rules gives some details on this rule -> https://lgtm.com/rules/2163210746/
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: LGTM (Semmle CodeQL)

Post by saso »

New report from build 0.19.22366 has been created, differently then the python results that are build automatically and available on the LGTM website, I am building the cpp results manually, similar to the Coverity and PVS-Studio...
Post Reply