Coverity, read-only generic account.

[Stephan Bergmann]

On 11/09/2015 11:13 PM, jan iversen wrote:
> I would like that we have a generic account in coverity (read-only), so that
> e.g. I
> can show new people the issues there.

I don't even think the Coverity issues are a good set of tasks for 
newcomers.

We mostly have close to zero open issues there anyway.  If a new bunch 
of issues comes in, that typically is because of a single change causing 
multiple issues, and it is typically not immediately obvious how best to 
solve those issues.

One example is when we recently started to get Coverity/FindBugs issues 
in Java code.  Many of the FindBugs findings need to be taken with a 
grain of salt, and fixing them naively means being overly optimistic. 
(For example, a private field of a class not being used in that class 
does not necessarily mean it should be removed, as it could be used via 
reflection.)

Another example is when the implementation of 
osl_getSystemPathFromFileURL recently happened to start to throw 
std::length_error, and that caused ripple effects of uncaught exceptions 
all through the code.  A std::length_error is a logic error, where the 
"distinguishing characteristic of logic errors is that they are due to 
errors in the internal logic of the program.  In theory, they are 
preventable." ([std.exceptions])  That is, the throwing of such an 
exception is more akin to an assert firing than to throwing an exception 
that is intended to be caught and handled programmatically.  That means 
that it is probably often better to let such an exception lead to 
std::unexpected -> std::abort and a core dump and backtrace that a 
developer can act upon, than to catch and somehow handle it, and thereby 
obscure the root cause of a problem.