static-analysis

I am trying to understand static analysis of Java bytecode/source-code. These terms frequently come up for which I am not able to find satisfactory definitions on the Internet: context (in)sensitive analysis calling context active call site points-to analysis Can anyone please elaborate in layman terms what the above terms mean in the context of Java. A search of "context" "programming" on Google brings up stuff about context sensitive grammar, language theory, etc., but not the definitions I need (unless they mean the same thing). calling context : when analyzing code at a certain location,

I would like to make compilation fail for some function call but not others. The function call that I want to fail are those that do not handle return values when the value is of a certain type. In the example below, not handling a function returning Error is a compilation error but not handling a function that returns anything else should succeed just fine. Note: our runtime environment (embedded) does not allow us to use the following constructs: RTTI, exceptions. This code only needs to compiler with Clang, I would prefer not having to annotate each function. We prefer a solution that fails

I am trying to use Fortify Source Code Analyzer for a research project at my school to test the security for open source Java web applications. I am currently working on Apache Lenya. I am working with the last stable release (Lenya v2.0.2). Inside the root directory there is a file named build.sh . This file is called to build Lenya using the version of Ant that ships with the release (in the tools/bin folder). I can build Lenya just fine when I run ./build.sh . So, it would be assumed that running the following command in Fortify would work : sourceanalyzer -b lenya -Xmx1200M touchless .

I ran into a method today that is .. not used anywhere .. but is tested. Since it is used by a test, IntelliJ did not flag the method as 'unused'. Does IntelliJ allow for the following search condition "Find methods that are unused with the exception of tests, where test is defined as anything with @Test annotation" There is a related feature request: IDEA-56519 Inspection for unused code needs options to take into account methods run by test harnesses While the first point is already covered by the Configure annotations... option in the inspection settings, the second point is still valid: An

What would be a proper way to extract function calls and their occuring line in one or more R scripts? Is there a parsing base function or package that allows me to do this or should I build a solution with regular expressions? For example: function_calls("project1/exploratory_analysis.R") should output a dataframe like: ## function line filename ## 1 tapply 35 exploratory_analysis.R ## 2 qplot 80 exploratory_analysis.R What I want to achieve finally is to build a reverse index of function calls and loaded packages as used in one or more R scripts, for educational and reference purposes. (e.g.