static-code-analysis

Consider the following sample code: # -*- coding: utf-8 -*- """Test module.""" def test(): """Tets function""" return 10 pylint gives it 10 of 10, flake8 doesn't find any warnings: $ pylint test.py ... Global evaluation ----------------- Your code has been rated at 10.00/10 ... $ flake8 test.py $ But, as you may see, there is a typo in the test function's docstring. And, your editor would probably highlight it automagically, for example, here's how Pycharm does it: Thanks to the https://stackoverflow.com/questions/2151300/whats-the-best-way-to-spell-check-python-source-code topic, now I know

Cppcheck allows you to create your own rules files, but I don't know how much of cppcheck's functionality is exposed. Is anyone working on a set that would enforce JSF or MISRA rules? johnwait You won't be able to implement all MISRA/JSF rules and directives as cppcheck rules, mostly only the straightforward ones restricting certain C language features and constructions or that are style-related (some that come to mind: spaces before/after ./->, # of arguments on a single line, use of unions to provide different methods of accessing memory, presence of unsigned/signed before char, etc). User

Does anyone know of a free tool, similar to what is built into Visual Studio 2010 for managed code, that can do analysis of unmanaged, MFC C++ code and give metrics (lines of code, dependency or coupling, etc)? I've been searching on Google for awhile, but really haven't been able to find anything that works. Thanks a ton! Source Monitor is a good free tool tool for code metrics such as LoC and complexity and also produces kiviat graphs. But it does not have any depedency or coupling metrics. Our SourceMeter tool can analyze your Visual C++ project and provide you all the information you asked

What I am trying to achieve is integrate SonarQube analysis into the build process, so that whenever mvn clean install is run, the code is analyzed with SonarQube. We want to use it for local analysis and also for build on Jenkins. If new issues are found, than the build should fail (we want to use build breaker plugin for that). This way the developer would know that by his code his is going to introduce new issues, and will have to fix them for the build to work. When I run mvn sonar:sonar , the analysis takes 30 seconds, which is OK. However, the problem occurs when I am trying to bind

In Python, leaving a trailing comma like this is, of course, not a SyntaxError : In [1]: x = 1 , In [2]: x Out[2]: (1,) In [3]: type(x) Out[3]: tuple But, at the same time, if the trailing comma was put accidentally , it may be difficult to catch this kind of a "problem", especially for Python newcomers. I am thinking if we can catch this kind of a "problem" early , statically, with the help of PyCharm smart code quality control features; mypy , pylint or flake8 static code analysis tools. Or, another idea would be to restrict/highlight creating one item tuples implicitly without parenthesis .