On 11/09/2015 11:13 PM, jan iversen wrote:
I would like that we have a generic account in coverity (read-only), so that e.g. I can show new people the issues there.
I don't even think the Coverity issues are a good set of tasks for newcomers.
We mostly have close to zero open issues there anyway. If a new bunch of issues comes in, that typically is because of a single change causing multiple issues, and it is typically not immediately obvious how best to solve those issues.
One example is when we recently started to get Coverity/FindBugs issues in Java code. Many of the FindBugs findings need to be taken with a grain of salt, and fixing them naively means being overly optimistic. (For example, a private field of a class not being used in that class does not necessarily mean it should be removed, as it could be used via reflection.)
Another example is when the implementation of osl_getSystemPathFromFileURL recently happened to start to throw std::length_error, and that caused ripple effects of uncaught exceptions all through the code. A std::length_error is a logic error, where the "distinguishing characteristic of logic errors is that they are due to errors in the internal logic of the program. In theory, they are preventable." ([std.exceptions]) That is, the throwing of such an exception is more akin to an assert firing than to throwing an exception that is intended to be caught and handled programmatically. That means that it is probably often better to let such an exception lead to std::unexpected -> std::abort and a core dump and backtrace that a developer can act upon, than to catch and somehow handle it, and thereby obscure the root cause of a problem.