Questions tagged [code-analysis]

Code Analysis is the process of analyzing the code of the application to discover, review, validate or verify certain properties of the application. This is useful during the process of development and for testing the application before it is put in production mode, especially for checking the security related aspects.

1. What can be analyzed: source code or binary code (byte code) of the application can be analyzed. Both of these categories have their pros and cons.

2. How or When should code be analyzed: Code can be analyzed statically (without executing it) or dynamically (while the application is executed). Static analysis, being conservative, is prone to false positive, but it is exhaustive. On the other hand, dynamic analysis, being very accurate, may miss certain behaviors which are not manifested in any of the execution monitored (because dynamic analysis only analyzes code that is executed - i.e. when certain conditions are met)

3. Purpose of the analysis: Flaws can be found, like NULL pointer dereferencing or passing an ASCII string instead of a Unicode string. Furthermore, aspects of the code can be found, like building various graphs of dependencies or deducing the conditions under which recursion will occur.

1882 questions

votes

0 answers

Microsoft.CodeAnalysis build failing despite project locally running correctly

I am getting an error upon build in Azure DevOps when trying to merge to develop: ##[error]CSC(0,0): Error CS0006: Metadata file '..\packages\Microsoft.CodeAnalysis.Analyzers.1.0.0\analyzers\dotnet\cs\Microsoft.CodeAnalysis.Analyzers.dll' could not…

asked May 13 '21 at 12:58

nickornotto

1,946
4
36
68

votes

1 answer

How to identify all possible code blocks which can cause the NullReferenceException in c#

One of my projects in .NET 4.7.2 with C# and Entity Framework causes NullReferenceException in multiple scenarios. The codebase is huge so it's quite difficult to analyze the code and handle the nullable objects before use. Most of the exception…

c# entity-framework nullreferenceexception code-analysis

asked Apr 08 '21 at 15:25

Nilesh Wagh

votes

1 answer

Roslyn code-fix test calls `VerifyDiagnostics` also for fixed-code-sample, which makes test could never be successfull

#UPD: It was totally my mistake. Some details I've posted in my answer Why does Roslyn code-fix test calls VerifyDiagnostics not only for test-source-code-sample, but then also for fixed-code-sample? Unit tests of the Visual Studio template…

c# unit-testing roslyn code-analysis

asked Mar 17 '21 at 20:19

user1234567

3,991
3
19
25

votes

0 answers

Show all possible NullReferenceExceptions for property

I have decorated a public property with a [CanBeNull] attribute. public class MyClass { [CanBeNull] public static string MyProp { get; set; } } Now I would like to see all possible NullReferenceExceptions regarding this property (e.g.…

c# visual-studio resharper code-analysis

asked Mar 10 '21 at 13:49

user764754

3,865
2
39
55

votes

2 answers

Determining method dependency in an Object Oriented class

Is anyone aware of any methodology to try and determine the method and instance variable dependencies that exact for a single method in an object oriented class? For example, if I have the following code: public class Foo { private int x; …

java oop code-analysis static-analysis

asked Jul 10 '11 at 11:21

Joeblackdev

7,217
24
69
106

votes

1 answer

Code Analysis in SQL Server

Do you know of any good (and if possible free) tool for SQL Server 2005/2008 development like there is Code Analysis and ReSharper for .NET development? I know these are completely different programming styles (unfortunately, since I wish today's…

sql-server-2005 code-analysis

asked Jul 02 '11 at 18:34

User

3,244
8
27
48

votes

1 answer

code analysis to identify all changes between two commits which inflence a particular line of code or variable

I have two versions of source code which contain a long list (500 or so) of code changes (unfortunately no code history available). I'd like to segment out any changes which have or may have an impact on a particular variable XYZ. The end goal would…

c git analysis code-analysis

asked Dec 17 '20 at 22:20

Jesse RJ

votes

1 answer

SonarCloud and specific rules for NodeJS project within repository code

I have standard company Quality Profile for NodeJS TypeScript projects in SonarCloud. Now to create specific ruleset overwriting some or adding/removing we can use inheritance, create other profile with parent to the other one. Question is if we can…

node.js typescript sonarqube code-analysis sonarcloud

asked Dec 14 '20 at 16:04

Nickname0222022022

votes

1 answer

Is there any way to extract variables that are being passed to a particular function as parameters in a given c code?

Is there any way to extract variables that are being passed to a particular function as parameters in a given c code? For an example, main() { int a = 10; float b = 2.0f; funcA(a,b); } Need is to extract the information that variable a & variable…

c variables gdb code-analysis information-retrieval

asked Dec 12 '20 at 13:52

Macow tdy

votes

0 answers

What accounts for most of the integer multiply instructions?

The majority of integer multiplications don't actually need multiply: Floating-point is, and has been since the 486, normally handled by dedicated hardware. Multiplication by a constant, such as for scaling an array index by the size of the…

cpu-architecture multiplication code-analysis instructions integer-arithmetic

asked Nov 23 '20 at 13:42

rwallace

31,405
40
123
242

votes

1 answer

I am having trouble encapsulating the code while using Parser gem to create a static code analyzer in Ruby

I am writing a very basic static code analyzer in Ruby. I am using the Parser gem to generate AST and then traversing to ananlyze code. Following is the snippet. class Processor < AST::Processor def on_def(node) puts node.type …

ruby parsing code-analysis

asked Nov 16 '20 at 13:43

kernalPanic

votes

1 answer

Azure Devops cannot locate file in nuget package when building using Linux Build

Our company uses a nuget package to distribute the Stylecop ruleset. This nuget package has a props file which I have modified to look like this: …

azure-devops nuget code-analysis

asked Sep 10 '20 at 10:00

Dorothy Hawley

votes

1 answer

CA1707 warning on constants names

why microsoft keeps documenting code with constant like WM_SOMECONSTANT but the code analysis in Visual Studio reports the CA1707 warning? Should we suppress all these warning for the solution? should we rename all the constants?

visual-studio code-analysis fxcop roslyn-code-analysis

asked Sep 03 '20 at 08:05

Federico Bianchi

votes

1 answer

Sonar-scanner all files

I am using sonarqube to analyze the code of my project in PHP, everything is set up and partially working, the problem is as follows, I do a check with the Sonar scanner on my pull-requests and merge with the branch master, the analysis it is being…

php sonarqube code-analysis sonarscanner

asked Sep 01 '20 at 11:38

Fernando Piovezan

votes

2 answers

Is there a way to check the maximum method length in C++?

I'm searching a tool that can check if there is a method in my C++ code thats line length is larger than a maximum I can define. I would like to define a threshold of e.g. 50 lines and if there is a function with e.g. 60 lines, the tool should warn…

c++ clang code-analysis

asked Aug 28 '20 at 10:55

konzohila

Prev 1 2 3

…

100