static-code-analysis | 易学教程

static and dynamic code analysis

阅读更多关于 static and dynamic code analysis

I found several questions about this topic, and all of them with lot of references, but still I don't have a clear idea about that, because most of the references speak about concrete tools and not about the concept in general of the analysis. Thus I have some questions: About Static analysis: 1. I would like to have a reference, or a summary of which techniques are successful and have more relevance nowadays. 2. What really can they do about discovering bugs, can we make a summary or it is depending of the tool? About symbolic execution: 1. Where could be enclose symbolic execution? I guess

SQL join following foreign key: statically check that LHS is key-preserved

阅读更多关于 SQL join following foreign key: statically check that LHS is key-preserved

Often you join two tables following their foreign key, so that the row in the RHS table will always be found. Adding the join does not affect the number of rows affected by the query. For example create table a (x int not null primary key) create table b (x int not null primary key, y int not null) alter table a add foreign key (x) references b (x) Now, assuming you set up some data in these two tables, you can get a certain number of rows from a: select x from a Adding a join to b following the foreign key does not change this: select a.x from a join b on a.x = b.x However, that is not true

PHP static code analysis tool, which detects uncaught exceptions?

阅读更多关于 PHP static code analysis tool, which detects uncaught exceptions?

问题 There seems to be quite a lot of static code analysis tools for PHP, could you please suggest the one, which can detect exceptions, which are thrown in the PHP code, but are never caught? (the ones, which can theoretically stop the execution on the PHP script). I would be happy enough to see only stuff like throw new SomeException() , where SomeException extends Exception . I am not looking for something too sophisticated - just to warn me that if I run someFunctionThatCanThrow ('cause there

How to make SonarQube module analyze the project only once when sonar analysis is bound to maven lifecycle in a multi-module project?

阅读更多关于 How to make SonarQube module analyze the project only once when sonar analysis is bound to maven lifecycle in a multi-module project?

问题 What I am trying to achieve is integrate SonarQube analysis into the build process, so that whenever mvn clean install is run, the code is analyzed with SonarQube. We want to use it for local analysis and also for build on Jenkins. If new issues are found, than the build should fail (we want to use build breaker plugin for that). This way the developer would know that by his code his is going to introduce new issues, and will have to fix them for the build to work. When I run mvn sonar:sonar

Unintentional trailing comma that creates a tuple

阅读更多关于 Unintentional trailing comma that creates a tuple

问题 In Python, leaving a trailing comma like this is, of course, not a SyntaxError : In [1]: x = 1 , In [2]: x Out[2]: (1,) In [3]: type(x) Out[3]: tuple But, at the same time, if the trailing comma was put accidentally , it may be difficult to catch this kind of a "problem", especially for Python newcomers. I am thinking if we can catch this kind of a "problem" early , statically, with the help of PyCharm smart code quality control features; mypy , pylint or flake8 static code analysis tools. Or

static and dynamic code analysis

阅读更多关于 static and dynamic code analysis

问题 I found several questions about this topic, and all of them with lot of references, but still I don't have a clear idea about that, because most of the references speak about concrete tools and not about the concept in general of the analysis. Thus I have some questions: About Static analysis: 1. I would like to have a reference, or a summary of which techniques are successful and have more relevance nowadays. 2. What really can they do about discovering bugs, can we make a summary or it is