static-analysis | 易学教程

In Java what is meant by “calling context” (and some other terms)?

阅读更多关于 In Java what is meant by “calling context” (and some other terms)?

问题 I am trying to understand static analysis of Java bytecode/source-code. These terms frequently come up for which I am not able to find satisfactory definitions on the Internet: context (in)sensitive analysis calling context active call site points-to analysis Can anyone please elaborate in layman terms what the above terms mean in the context of Java. A search of "context" "programming" on Google brings up stuff about context sensitive grammar, language theory, etc., but not the definitions I

Golang static identifier resolution

阅读更多关于 Golang static identifier resolution

问题 I'm attempting to do some static analysis on function calls in a Go project using the go/parse , go/token and go/ast modules, but I can't figure out how to determine the type of a given ast.Ident object. For instance if parse something like this: textToContain := bytes.NewBuffer([]byte{}) // lots of other code text := textToContain.String() // <- I care about this function call (this is parsed from here: file) EDIT: It took a lot of code to parse this so I didn't post it here, but you can

Failing compilation if return value is unused for a certain type

阅读更多关于 Failing compilation if return value is unused for a certain type

问题 I would like to make compilation fail for some function call but not others. The function call that I want to fail are those that do not handle return values when the value is of a certain type. In the example below, not handling a function returning Error is a compilation error but not handling a function that returns anything else should succeed just fine. Note: our runtime environment (embedded) does not allow us to use the following constructs: RTTI, exceptions. This code only needs to

Finding unused methods in IntelliJ (excluding tests)

阅读更多关于 Finding unused methods in IntelliJ (excluding tests)

问题 I ran into a method today that is .. not used anywhere .. but is tested. Since it is used by a test, IntelliJ did not flag the method as 'unused'. Does IntelliJ allow for the following search condition "Find methods that are unused with the exception of tests, where test is defined as anything with @Test annotation" 回答1: There is a related feature request: IDEA-56519 Inspection for unused code needs options to take into account methods run by test harnesses While the first point is already

Static-code analyzer: unmanaged C++ Visual Studio 2008

阅读更多关于 Static-code analyzer: unmanaged C++ Visual Studio 2008

问题 I develop commercial unmanaged C++ app on Visual Studio 2008, and I want to add a static-code analysis tool. Any recommendations? I think it would be real nice if the tool can be integrated into MSVC. I'm thinking about PC-Lint + Visual Lint However, I have been taking a hard look at Coverity, Understand, and Klockwork as well. Price isnt really the issue. I want opinions from people who actually used the tool for unmanaged C++ on MSVC, and they just absolutely loved it. Lastly, VSTS and

clang-tidy cmake exclude file from check

阅读更多关于 clang-tidy cmake exclude file from check

I have a dependency as source in my project that I have no control over. I'm using cmake's clang-tidy integration to analyze my code, and this dependency is firing A LOT of warnings. Is there a way to tell cmake not to run clang-tidy on specific files ? I tried to add the files to the -line-filter option of clang-tidy, but this doesn't work: set_target_properties(target PROPERTIES CXX_CLANG_TIDY "${clang_tidy_loc};\ ${TIDY_CONFIG} \ -line-filter=\"[\ {\"name\":\"path/to/file.cpp\"},\ {\"name\":\"path/to/file.h\"}\ ]\"") If the solution could work with other static analyzers like cppcheck it

Is there a way to make eclipse report a general “catch (Exception e)” as an error/warning (in java)?

阅读更多关于 Is there a way to make eclipse report a general “catch (Exception e)” as an error/warning (in java)?

I'm trying to encourage a best practice of not catching general exceptions in Java code. eg: try { ... } catch (Exception e) { // bad! ... } Is there a way to flag this as an error/warning in Eclipse? I know PMD picks this up, but I'd rather avoid integrating it into everyone's build environment at the moment. You can use Checkstyle eclipse plugin to do the same. Check 'IllegalCatch' section at documentation FindBugs can report this: REC : Exception is caught when Exception is not thrown ( REC_CATCH_EXCEPTION ) This method uses a try-catch block that catches Exception objects, but Exception is

Are there any static analysis tools that check for Rule of 3 (or Rule of 5 C++11)

阅读更多关于 Are there any static analysis tools that check for Rule of 3 (or Rule of 5 C++11)

I am currently working on a codebase that is built on a foundation of sand. There are numerous classes in supposedly tested libraries that violate the "Rule of 3". Most declare a non-trivial destructor, but are missing either a copy constructor or assignment operator. Are there any compiler flags (gcc) or static analysis tools that warn when a class violates the rule of 3? Currently we are using Coverity with GCC version 4.4. Coverity has. We use version 6.5. There is a checker MISSING_COPY_OR_ASSIGN. C++test from Parasoft (commercial tool) has a rule (MRM-40) that covers "copy and destroy

Should annotations in jar305.jar be preferred over similar annotations in annotation.jar for FindBugs?

阅读更多关于 Should annotations in jar305.jar be preferred over similar annotations in annotation.jar for FindBugs?

问题 In the FindBugs distribution, annotations.jar is not a subset of jsr305.jar . However, several annotations seem to be duplicated (either exactly, or very closely). Should I prefer an annotation in jsr305.jar if I have a choice? Note that I'm not just interested in knowing that it would be "better" to use annotations from jsr305.jar simply because they represent a standard. Rather, I want to know whether the FindBugs tool will perform the same (or better) analysis if I prefer the jsr305.jar

Is there a good Eclipse plugin for checking @Nonnull and @Nullable annotations?

阅读更多关于 Is there a good Eclipse plugin for checking @Nonnull and @Nullable annotations?

The checking of the @Nonnull and @Nullable annotations in Eclipse is an early beta . The largest problem is that there it no knowing over the null behavior of the Java API. Are there any other plugins that are better currently? It's now integrated in Eclipse Kepler. I have found that FindBugs works well and is easy to use. FindBugs Plugin Get Eclipse SDK 3.7(or Indigo) Enter this update URL: http://download.eclipse.org/objectteams/updates/contrib Select and install : JDT Null Annotation Checker (Early Access) Object Teams Equinox Integration The largest problem is that there it no knowing over