static-analysis

I want to generate a class dependency graph for a large project in C++. I'm trying to do it with doxygen . Here is the sample code: class Used { public: void bar(); }; class Base { }; class Derived : public Base { public: void foo(Used*); // Dependency on class Used }; Here is the collaboration diagram generated by doxygen: Nice, but Derived depends on Used through the method foo , and I want to see this on the diagram, like this: Unfortunately, doxygen generates such dependency only if Used is aggregated with Derived (used as a class member). Is there a way to show other kinds of dependencies

I want to be able to specify the Code AnalysisRules in commandline MSBuild (for Code Analysis / FXCOP). The project file would have something like this in it: <CodeAnalysisRules>-Microsoft.Globalization#CA1301;-Microsoft.Globalization#CA1302</CodeAnalysisRules> So I would assume that I use something like this: MSBuild.exe /property:RunCodeAnalysis=true /property:CodeAnalysisRules=-Microsoft.Globalization#CA1301 Which works fine, but when I want to add another rule, it does not like the semi colon: MSBuild.exe /property:RunCodeAnalysis=true /property:CodeAnalysisRules=-Microsoft.Globalization

I'm looking for an annotation something like -(SomeStruct *) structFromInternals __attribute__((returns_malloced_ptr)) { SomeStruct *ret = malloc(sizeof(SomeStruct)); //do stuff return ret; } to soothe the clang static analyzer beasts. The only viable attributes link I can find is for GCC , but it doesn't even include ns_returns_retained , which is in an extension, I assume. EDIT: as to why this is needed, I have a scenario that I can't repro in a simple case, so it may have to do with a c lib in an Objective-C project... The gist is, I get a static analyzer warning that the malloc in

When configuring Eclipse 4.2.0 to perform a null analysis (configured to use @javax.annotation.Nonnull etc.), the following code will generate the warning Null type safety: The expression of type int needs unchecked conversion to conform to '@Nonnull Integer' class C { static void foo(int i) { bar(i); // Warning } static void bar(@javax.annotation.Nonnull Integer i) { } } How am I supposed to fix this (without using @SuppressWarnings("null") )? It seems that the analyzer does not know that boxed primitives cannot be null . I think it's a bug in Eclipse. I tried the same with IntelliJ, and it

Here is a number of code snippets that can throw NullPointerException. 01: public void m1(@Nullable String text) { System.out.print(text.toLowerCase()); // <-- expect to be reported. } 02: private boolean _closed = false; public void m1(@Nullable String text) { if(_closed) return; System.out.print(text.toLowerCase()); // <-- expect to be reported. } 03: public void m1(@NotNull String text) { System.out.print(text.toLowerCase()); } public @Nullable String getText() { return "Some text"; } public void m2() { m1(getText()); // <-- expect to be reported. } Different people have access to different

I know there is list of bugs, but I would like to have a list with additional information about rank (1 to 20 in version 2.0) or at least about ranking groups (Of concern, Troubling, Scary, Scariest). Maybe I'm missing something, but FindBugs forum does not seem to be active?! Perhaps http://code.google.com/p/findbugs/source/browse/trunk/findbugs/etc/bugrank.txt but I don't know if it is exhaustive ( FindBugs Bug Descriptions has more entries). 来源： https://stackoverflow.com/questions/9583953/list-of-findbugs-2-0-bugs-by-rank

I have setup buildbot to compile my Qt/C++ application with the /analyze flag. However the analysis is also delving into the qt headers which I don't care about: c:\qt\qt-everywhere-opensource-src-4.8.1\src\corelib\tools\qvector.h(547) : warning C6011: Dereferencing NULL pointer 'x.p': Lines: 474, 475, 476, 477, 478, 480, 491, 493, 497, 498, 499, 500, 503, 504, 518, 519, 520, 521, 522, 525, 545, 547 Whats the best way to exclude these files en mass? (Please note I am not using the IDE, I am looking for a command line, switch or code change) James McNellis You can disable all code analysis

(I found this question which is similar but not a duplicate: How to check validity of header file in C programming language ) I have a function implementation, and a non-matching prototype (same name, different types) which is in a header file. The header file is included by a C file that uses the function, but is not included in the file that defines the function. Here is a minimal test case : header.h: void foo(int bar); File1.c: #include "header.h" int main (int argc, char * argv[]) { int x = 1; foo(x); return 0; } File 2.c: #include <stdio.h> typedef struct { int x; int y; } t_struct; void