static-analysis

There are many times when as I am debugging, or reusing some code, the file starts to acquire lines that don't do anything, though they may have done something at one point. Things like vectors and getting filled, and then go unused, classes/structs that are defined but never used, and functions that are declared, but never used. I understand that in many cases, some of these things are not superfluous, as they might be visible from other files, but in my case, there are no other files, just extraneous code in my file. While I understand that technically speaking, invoking push_back does

Eclipse (Juno) gives the following warning: Potential resource leak: 'os' may not be closed at the first line of the try body in this code: static void saveDetails(byte[] detailsData) { OutputStream os = null; try { os = sContext.openFileOutput(DETAILS_FILE_NAME, Context.MODE_PRIVATE); os.write(detailsData); } catch (IOException e) { Log.w(LOG_TAG, "Unable to save details", e); } finally { if (os != null) { try { os.close(); } catch (IOException ignored) { } } } } The method openFileOutput is declared to throw a FileNotFoundException . Is this a false positive? It seems like a fairly vanilla

I develop commercial unmanaged C++ app on Visual Studio 2008, and I want to add a static-code analysis tool. Any recommendations? I think it would be real nice if the tool can be integrated into MSVC. I'm thinking about PC-Lint + Visual Lint However, I have been taking a hard look at Coverity , Understand , and Klockwork as well. Price isnt really the issue. I want opinions from people who actually used the tool for unmanaged C++ on MSVC, and they just absolutely loved it. Lastly, VSTS and Intel Parallel Studio now also offer static code analysis. Nice~ Note: related post suggest Coverity is

A lot of what I have learned about VB I learned from using Static Code Analysis (Particularly Aivosto's Project Analyzer). And one one of things it checks for is whether or not you cleared all objects and arrays. I used to just do this blindly because PA said so. But now that I know a little bit more about the way VB releases resources, it seems to me that these things should be happening automatically. Is this a legacy feature from pre VB6, or is there a reason why you should explicitly set objects back to nothing and use Erase on arrays? The problem, as I understand it, has to do with the

I was at the StackOverflow Dev Days convention yesterday, and one of the speakers was talking about Python. He showed a Memoize function, and I asked if there was any way to keep it from being used on a non-pure function. He said no, that's basically impossible, and if someone could figure out a way to do it it would make a great PhD thesis. That sort of confused me, because it doesn't seem all that difficult for a compiler/interpreter to solve recursively. In pseudocode: function isPure(functionMetadata): boolean; begin result = true; for each variable in functionMetadata.variablesModified

I usually like to have a lot of warnings enabled when programming. However, some libraries contains code that easily causes warnings (.., python, Qt, ..). When compiling with gcc I can just use -isystem instead of -I to silence that. How can I do the same with the MS compiler? I know of the warning #pragma, but I would like a solution that does not involve compiler specific code all over the place. I also know that I can turn off specific warnings, but that is not what I want either. BTW: isystem should be a tag of this question, but I was not allowed to do that.. SUMMARY: I want to see all

In the FindBugs distribution, annotations.jar is not a subset of jsr305.jar . However, several annotations seem to be duplicated (either exactly, or very closely). Should I prefer an annotation in jsr305.jar if I have a choice? Note that I'm not just interested in knowing that it would be "better" to use annotations from jsr305.jar simply because they represent a standard. Rather, I want to know whether the FindBugs tool will perform the same (or better) analysis if I prefer the jsr305.jar version of a particular annotation. It could be the case that some jsr305.jar annotations should be

Source code analysis and exploration tools for C and C++ seem to be sorely lacking. Are there any tools which I can use to gather information about C and/or C++ source files? cscope does part of what I would need, Doxygen looks closer. At a minimum list of all function, callers, callees, variable references etc. Perhaps Doxygen's xml output would work. Ideally gcc or llvm could be hooked for this purpose but I have yet to find a convenient way to do so. Any suggestions? There is the clang static analyzer which is part of the clang front end for llvm, but I don't know how well it works for C/C+

I'm thinking about doing some static analysis project over C++ code samples , as opposed to entire programs. In general static analysis requires some simpler intermediate representation, but such a representation cannot be accurately created without the entire program code. Still, I know there is such a tool for Java - it basically "guesses" missing information and thus allows static analysis to take place even though it's no longer sound or complete. Is there anything similar that can be used to convert partial C++ code into some intermediate form (e.g. LLVM bytecode)? Ira Baxter As a general