Coverity

[wmayer]

PS: CID 129217 and 129216 should be the last two from the unchecked dynamic_cast type

They are fixed now and few other issues, too.

[saso]

PS: CID 129217 and 129216 should be the last two from the unchecked dynamic_cast type

They are fixed now and few other issues, too.

Great! Thank you for all the work, I was thinking we will need about a year to come this far

I am doing now a new build from commit 8360, results should be up later today or tomorrow...

[saso]

Below is the summary of the latest results. There were a few fixes that seem not to have satisfied the analyse algorithms and are still shown as defects but in general things look much better

There are also about 20 issues that were marked to be ignored but are not yet... To successfully ignore an issue the Classification should be set to either “False positive” or “Intentional”. Here is a quite from the Python Coverity Guide https://docs.python.org/devguide/coverity.html

False positive and intentional issues
If the problem is listed under Known limitations then please set the classification to either “False positive” or “Intentional”, the action to “Ignore”, owner to your own account and add a comment why the issue is considered false positive or intentional.

Analysis Metrics
Version: 0.17.8360
Last Analyzed: Sep 04, 2016
Lines of Code Analyzed: 1,906,445
Lines of Code in Selected Components: 1,150,545
Defect Density: 0.17

Defect changes since previous build dated Aug 07, 2016
Newly detected: 20
Eliminated: 381

Defects by status for current build
Total defects: 460
Outstanding: 195
Dismissed: 45
Fixed: 220

[saso]

I have reset the 29 issues that were marked as "Action:Fix submitted" in previous build but were not resolved with the new build, back to "Action:Undecided" (changes can always be viewed in the triage history).

I have also marked the issues from this commit https://github.com/FreeCAD/FreeCAD/pull ... cd3fedeca4 as "Action:Fix submitted".

[saso]

I did another build from commit 8585 because I wanted to test if results for python will be included, unfortunately they were not and I guess that at the moment mixed (eg C++ and python) analyse is not supported...

[saso]

Sort of related to this topic, via https://www.schneier.com/blog/archives/ ... re_co.html

New C++ Secure Coding Standard
http://www.sei.cmu.edu/news/article.cfm ... &year=2017
https://www.securecoding.cert.org/confl ... pageId=637

[saso]

I did a new Coverity build today from commit 11222 : 17 new, 39 fixed... A positive trend

84 of the remaining 145 reported issues are in "src/Mod/Robot/App/kdl_cp/", "src/Mod/Path/libarea/" and "src/Mod/Mesh/App/WildMagic4/". Are this something we would review and fix or should I add them on ignore list for now, as we did with other 3rd party code?

[yorik]

I think we did fixing here and there in all these 3 libs already, so they are not "pure" anymore (for libarea we could even say that we have the official one, now). But I don't know if someone will ever take the hassle of fixing all the warnings in them...

[realthunder]

Interesting. I'll take a look at libarea when I have time, maybe in a week or two.

[saso]

Latest results include python, as it is the first time that python results are included in the analysis, they should be reviewed with some extra care to see how useful they are...