static-analysis

When I give the Keil compiler the "--callgraph" option, it statically calculates the exact "Maximum Stack Usage" for me. Alas, today it is giving me a "Maximum Stack Usage = 284 bytes + Unknown(Functions without stacksize...)" message, along with a list of "Functions with no stack information". Nigel Jones says that recursion is a really bad idea in embedded systems ( "Computing your stack size" 2009), so I've been careful not to make any mutually recursive functions in this code. Also, I make sure that none of my interrupt handlers ever re-enable interrupts until their final return-from

I have a makefile project comprised of many source, header and other files, which I am trying to convert to an Eclipse "native" project. The problem that the Indexer reports errors and warning on files that exist in the directories but are excluded form the build. As a consequence, large parts of my directory tree are marked with the red x sign. How can I make the Indexer to ignore specific file and/or directories? Note: when defining a directory as "Derived" it is excluded form further searches, but unfortunately not from code analysis. Using project Resource Filters does not solve the

I want to use the Code Analysis in Visual Studio 2017 but I'm using Qt and it gives me a lot of warnings from the headers. I've tried turning off warnings: #pragma warning(push, 0) #include <QtGlobal> #pragma warning(pop) but it doesn't help. I also tried using this : #include <codeanalysis\warnings.h> #pragma warning(push, 0) #pragma warning(disable : ALL_CODE_ANALYSIS_WARNINGS) #include <QtGlobal> #pragma warning(pop) but no help. How can I disable the Code Analysis for the Qt external headers? If you open your .vcxproj file, down the bottom you should see: <Import Project="$(VCTargetsPath)

I've written a standard Analysis pass in LLVM, by extending the FunctionPass class. Everything seems to make sense. Now what I'd like to do is write a couple of intermodular passes, that is, passes that allows me to analyze more than one module at a time. The purpose of one such pass is to construct a call graph of the entire application. The purpose of the other such pass is that I have an idea for an optimization involving function calls and their parameters. I know about interprocedural passes in LLVM, via extending the ModulePass class, but that only allows analysis within a single module.

I would like to use Cppcheck for static code analysis of my C++ code. I learned that I can suppress some kind of warnings with --inline-suppr command. However, I can't find what "suppressed_error_id" I should put in the comment: // cppcheck-suppress "suppressed_error_id" According to the cppcheck help: The error id is the id that you want to suppress. The easiest way to get it is to use the --xml command line flag. Copy and paste the id string from the xml output. So run cppcheck against some code that contains the error with the --xml flag, and then look in the generated XML file to find its

I followed the steps in Finding memory leaks with the LLVM/Clang Static Analyzer but I was unable to run static analyzer on my project. When I try to run xcodebuild on my project (1. Open Terminal, 2. Go to Project Directly, 3. > xcodebuild), I get this error: === BUILDING NATIVE TARGET XProject OF PROJECT XProject WITH THE DEFAULT CONFIGURATION (Release) === Checking Dependencies... CodeSign error: no certificate found in keychain for code signing identity 'iPhone Developer' \** BUILD FAILED \** How can I run this tool on my code? - I'm testing with simulator. Thanks. Michael Fey I'm the

I know that it's legal to use dynamic_cast to do a "cross-cast" across a class hierarchy. For example, if I have classes that look like this: A B \ / C If I have an A* pointer that's pointing at an object of type C , then I can use A* aPtr = /* ... something that produces a C* ... */ B* bPtr = dynamic_cast<B*>(aPtr); to get a pointer to the B base object of the C I'm pointing at. The reason I mention this is that at the time that I write the above code, it's possible that the compiler has not yet seen the definition of C even though it's seen A and B . This means that it's possible that the

I'm trying to write exception safe code. I find that using C++11's noexcept specifier makes this goal a whole lot more achievable. The general idea, of course, is that a function should be marked as 'noexcept' if, and only if all the functions that it calls are also marked as 'noexcept'. The problem is that in a large code base, where patches from different people are often merged together, it is hard to ensure that this consistency is maintained. So I would like to be able to run a static analysis that could list all places where a function that is marked 'nothrow' calls a function that is