static-analysis

Problem Its quite a common problem I would like to think. Adding new code translates into regression - existing test cases become obsolete. Dependencies within the code mean even if you know how to fix this particular regression, there could be indirect regression at n more places in both directions - Afferent and Efferent. Requirement I have a shop running SVN, Maven+Nexus,Sonar,Jenkins and JIRA,QC,QTP. All in all a good CI environment. With every new build I'll have new cases of regression. I want to find Java package dependencies in both directions and to update the test cases properly so

I want to generate a Program Dependence Graph (PDG) from C source code. I found papers that explain how do it, but all used the commercial CodeSurfer tool. Are there any free tools or open source projects that can do this job? Pascal Cuoq Frama-C is an Open Source static analysis platform with a slicer for C programs based on the computation of a Program Dependence Graph. Note that slicing actual programs written in a real programming language such as C involves many special cases and concepts that are skimmed over in scientific publications. Still, I am confident that you won't find anything

What is the difference between the two? Both seem to mean that the value may be null and should be dealt with accordingly i.e. checked for null. Update: The two annotations above are part of JSR-305/FindBugs: http://findbugs.sourceforge.net/manual/annotations.html lbalazscs I think it is pretty clear from the link you added: if you use @CheckForNull and the code that uses the value does not check for null , FindBugs will show it as an error. FindBugs will ignore @Nullable . In practice this annotation is useful only for overriding an overarching NonNull annotation. Use @CheckForNull in the

Are there any tools for performing static analysis of Scala code, similar to FindBugs and PMD for Java or Splint for C/C++? I know that FindBugs works on the bytecode produced by compiling Java, so I'm curious as to how it would work on Scala. Google searches (as of 27 October 2009) reveal very little. Google searches (as of 01 February 2010) reveal this question. FindBugs analyzes JVM byte codes, regardless of the tool that generated them. I've tried using FindBugs to check .class files generated by Scala. Unfortunately, FindBugs produced many warnings, even for trivial Scala programs. There

The complexity of methods in most programming languages can be measured in cyclomatic complexity with static source code analyzers. Is there a similar metric for measuring the complexity of a SQL query? It is simple enough to measure the time it takes a query to return, but what if I just want to be able to quantify how complicated a query is? [Edit/Note] While getting the execution plan is useful, that is not necessarily what I am trying to identify in this case. I am not looking for how difficult it is for the server to execute the query, I am looking for a metric that identifies how

PEP8 suggests that: Imports should be grouped in the following order: standard library imports related third party imports local application/library specific imports You should put a blank line between each group of imports. Is there a way to check if the standard is violated anywhere in the package using static code analysis tools, like pylint , pyflakes , pychecker , pep8 ? Example of violation: from my_package import my_module from django.db import models import os Correct way to import: import os from django.db import models from my_package import my_module The current version of pylint

I just read about the LLVM project and that it could be used to do static analysis on C/C++ codes using the analyzer Clang which the front end of LLVM. I wanted to know if it is possible to extract all the accesses to memory(variables, local as well as global) in the source code using LLVM. Is there any inbuilt library present in LLVM which I could use to extract this information. If not please suggest me how to write functions to do the same.(existing source code, reference, tutorial, example...) Of what i have thought, is I would first convert the source code into LLVM bc and then instrument