Coverity

Here's the place for discussion related to coding in FreeCAD, C++ or Python. Design, interfaces and structures.
Forum rules
Be nice to others! Respect the FreeCAD code of conduct!
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: Coverity

Post by saso »

saso wrote: Sun Nov 12, 2017 6:44 pm Latest results include python, as it is the first time that python results are included in the analysis, they should be reviewed with some extra care to see how useful they are...
A bit of statistics from the last build from version 0.17.12575...

From 1636 total detected issues, 832 have been fixed, 93 dismissed (false positives or intentional). From remaining 711 issues, 588 are in 3rd party libraries (and ignored in the reports). That brings us to 123 issues, from which 65 are from the new python analysis. Finally from the remaining 58 issues, 29 are in the "libarea", which brings us down to only 29 issues in the rest of the code 8-)

Breakdown of the 123 remaining issues by components (workbenches)

C++ (58)
Mod/Sketcher 2
Mod/Points 7
Mod/Path/libarea 29
Mod/Path 11
Mod/PartDesign 2
Mod/Part 1
Mod/Mesh 1
src/Gui 2
src/App 3

Python (65)
Mod/Arch 9
Mod/Draft 14
Mod/Fem 8
Mod/Import 12
Mod/Material 1
Mod/OpenSCAD 7
Mod/PartDesign 5
Mod/Path 3
Mod/Sandbox 1
Mod/Ship 1
Mod/Spreadsheet 1
Tools 3
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: Coverity

Post by saso »

I did a new build today from version 0.17.13051

A small notice on the reported issues, from the email report there were 30 new defects reported, however most of them were actually in the moc files that we ignore. Unfortunately it seems that Coverity does not respect this setting in the email reports, in the online report however this settings work fine, so there are actually reported only 7 new defects (1 in c++ code and 6 in python).

I recommend to use the online report when reviewing the issues, specially everyone with access to the reports and with good python skills is welcomed to review the python issues :roll:
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: Coverity

Post by saso »

Here is a simple tutorial how to create custom views of the report:
1. Chose one of the existing views (for example "All Newly Detected") from the left menu and click on the gear icon,
2. Check "Save it as a Copy" and give it a Name,
3. Set the filters, in this example it is shown how to get all the issues reported in TechDraw, or for example if you would want to see all the python issues you could write "*.py" in this "File" filter, but there are many other filters that one can use to set it up as needed,
4. When clicking OK it will get in the list with other views, you can also select and modify it in the same way later.
Attachments
Untitled1.png
Untitled1.png (98.13 KiB) Viewed 2852 times
Last edited by saso on Sun Feb 04, 2018 3:02 pm, edited 4 times in total.
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: Coverity

Post by saso »

And here is another one on how to review and get more information about an issue:
1. Select the menu icon to open the report views list,
2. Chose one of the views, for example the "Outstanding Defects",
3. You can sort the report by File or whatever you prefer,
4. Select an issue from the list (wait a second or two for everything to load after you select it),
5. The "Events contributing to issue" is a good place to give a quick look at first, it shows general information on how the analysis came to the conclusion about this issue. You can see here that it is able to analyse and trace an issue across multiple files and functions,
6. From the small colored marks on the right of the opened source code file you can get a quick look at how far the steps of the analysis extend in this file;
7. Shows the opened source code file where the issue is and the individual analysis steps colored and with additional information (to understand the issue you would in general review all the steps leading to it, sometimes it can be just one or two steps, other times there can be many, across different functions and across different files),
8. Here are links to more information about the issue type and possible recommended ways to fix it.
Attachments
Untitled.png
Untitled.png (177.86 KiB) Viewed 2929 times
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: Coverity

Post by saso »

And another one on the recommended triage after reviewing or fixing an issue:
1. If the reported issue seems to be real and you decide to fix it, then it can be good practice to mark the issue in the Triage dialog as "Action: Fix Submitted" and add the CID number of the issue to the commit message, so others can be aware of the fix.
2. If the reported issue seems to be wrong, that is when Coverity seems to have problems correctly analyzing and classifying the code, then that issue should be marked in the Triage dialog as "Classification: False Positive & Action: Ignore", this will remove the issue from the "Outstanding Defects" list.
3. In some cases an issue can be identified by Coverity correctly (eg. the logic how the issue is detected is correct), but the issue can still be irrelevant in the way how the code is used in the specific case. Such issues should be marked in the Triage dialog as "Classification: Intentional & Action: Ignore", this will remove the issue from the "Outstanding Defects" list.

Other options from the Triage dialog can of course also be used, in general however at least the above three cases are recommended as a good practice. Some more information on this can also be found at https://devguide.python.org/coverity/
Attachments
Untitled.png
Untitled.png (242.11 KiB) Viewed 2851 times
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: Coverity

Post by saso »

Coverity was down for the past few weeks, it is now back and I made a new build for it yesterday...
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: Coverity

Post by saso »

New Coverity build today from version 0.18.14057, I have also set back the ignore on 3rdParty and eigen3...
mlampert
Veteran
Posts: 1772
Joined: Fri Sep 16, 2016 9:28 pm

Re: Coverity

Post by mlampert »

saso wrote: Sun Jul 08, 2018 10:41 am New Coverity build today from version 0.18.14057, I have also set back the ignore on 3rdParty and eigen3...
It's really nice that it now does the python code too. It picked up an issue pylint doesn't report. Thanks !
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: Coverity

Post by saso »

mlampert wrote: Sun Jul 08, 2018 11:57 pm
saso wrote: Sun Jul 08, 2018 10:41 am New Coverity build today from version 0.18.14057, I have also set back the ignore on 3rdParty and eigen3...
It's really nice that it now does the python code too. It picked up an issue pylint doesn't report. Thanks !
Thank you for the quick fix! :)
User avatar
saso
Veteran
Posts: 1920
Joined: Fri May 16, 2014 1:14 pm
Contact:

Re: Coverity

Post by saso »

mlampert wrote: Sun Jul 08, 2018 11:57 pm It's really nice that it now does the python code too. It picked up an issue pylint doesn't report. Thanks !
For Path python code there are also issues 168953 and 168942... Could you take a look at the issue 168953 ? Issue 168942 I believe we could mark as "Classification: Intentional & Action: Ignore" ? This would then close all current issues in the Path python code.
Post Reply