Questions tagged [code-analysis]

Code Analysis is the process of analyzing the code of the application to discover, review, validate or verify certain properties of the application. This is useful during the process of development and for testing the application before it is put in production mode, especially for checking the security related aspects.

Code Analysis is the process of analyzing the code of the application to discover, review, validate or verify certain properties of the application. This is useful during the process of development and for testing the application before it is put in production mode, especially for checking the security related aspects. Code analysis can be classified from several perspectives, including:

1. What can be analyzed: source code or binary code (byte code) of the application can be analyzed. Both of these categories have their pros and cons.

2. How or When should code be analyzed: Code can be analyzed statically (without executing it) or dynamically (while the application is executed). Static analysis, being conservative, is prone to false positive, but it is exhaustive. On the other hand, dynamic analysis, being very accurate, may miss certain behaviors which are not manifested in any of the execution monitored (because dynamic analysis only analyzes code that is executed - i.e. when certain conditions are met)

3. Purpose of the analysis: Flaws can be found, like NULL pointer dereferencing or passing an ASCII string instead of a Unicode string. Furthermore, aspects of the code can be found, like building various graphs of dependencies or deducing the conditions under which recursion will occur.

1882 questions
19
votes
5 answers

How to fix the following PMD violations

I am using PMD to analyze code and it produces a few high priority warnings which I do not know how to fix. 1) Avoid if(x!=y)..; else...; But what should I do if I need this logic? That is, I do need to check if x!=y? How can I refactor it? 2) Use…
sarahTheButterFly
  • 1,894
  • 3
  • 22
  • 36
19
votes
1 answer

CA2213 warning when using ?. (null-conditional Operator) to call Dispose

I'm implementing IDisposable, and in my Dispose() method when calling Dispose() on other managed resources I'm using the ?. operator like so: public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } …
StuartMorgan
  • 658
  • 5
  • 28
19
votes
3 answers

Excluding Code Analysis rule in source

In a project I'm working on FxCop shows me lots of (and I mean more than 400) errors on the InitializeComponent() methods generated by the Windows Forms designer. Most of those errors are just the assignment of the Text property of labels. I'd like…
19
votes
3 answers

CA1026 (all parameters should have default values) and extension methods

Premise When using code analysis (or fxCop) with C# optional parameters you can get a warning of CA1026. The short reason1 for this is not suppling all parameters with a default value. The declaration below rightly generates this warning public…
Robert MacLean
  • 38,975
  • 25
  • 98
  • 152
18
votes
5 answers

How can I find all static variables in my c# project?

I want to run some part of my command line programm in parallel with multiple threads and I am afraid that there might be some static variable left that I must fix (e.g. by making it [ThreadStatic]). Is there any tool or easy way to find these in my…
Christian
  • 2,903
  • 4
  • 31
  • 34
18
votes
3 answers

Why doesn't the "Namespace Provider" property get saved within a project file for a given subdirectory?

Sub directories within VS2008 projects are mainly used to physically represent on disk the namespace structure for the project. Each folder has a Boolean property called “Namespace Provider”, which when set to True causes ReSharper to validate that…
18
votes
7 answers

Is there a tool for finding unreferenced functions (dead, obsolete code) in a C# app?

I want to delete foo() if foo() isn't called from anywhere.
Corey Trager
  • 22,649
  • 18
  • 83
  • 121
18
votes
3 answers

Does a C shift expression have unsigned type? Why would Splint warn about a right-shift?

For the following program: int main(void) { int value = 2; int result = value >> 1U; return result; } ...Splint 3.1.2 gives the warning: splint_test.c: (in function main) splint_test.c:4:18: Variable result initialized to type unsigned…
detly
  • 29,332
  • 18
  • 93
  • 152
18
votes
1 answer

Automatically generating a diagram of function calls in MATLAB

Anybody knows of a tool that can be used to automatically build diagrams of function calls in MATLAB? E.g. For a given function, the tool would recursively go through function calls and build a 2D graph where nodes would represent functions and…
Amelio Vazquez-Reina
  • 91,494
  • 132
  • 359
  • 564
18
votes
3 answers

Exception analysis tool for C++

I've been looking for a tool to extract exception information from a C++ program. The most wanted feature I'm looking for: I want to know all the exceptions that can be thrown from a function (which would include all the function that is called from…
Magnus Westin
  • 861
  • 7
  • 12
18
votes
4 answers

CA2000 when Returning Disposable Object from Method

I have a factory method that builds objects that implement IDisposable. Ultimately it is the callers that manage the lifetime of the created objects. This design is triggering a bunch of CA2000 errors. Is there something fundamentally incorrect…
Brian Triplett
  • 3,462
  • 6
  • 35
  • 61
17
votes
3 answers

Why can't Microsoft analyzers find Microsoft.CodeAnalysis?

I'm trying to add Microsoft.CodeAnalysis.FXCopAnalyzers (latest stable version) to my ASP.NET project. When I install it via NuGet, I get a ton of errors like: An instance of analyzer…
Brian Gradin
  • 2,165
  • 1
  • 21
  • 42
17
votes
3 answers

How to disable specific Code Analysis Warning for entire class

I'm trying to disable a code analysis rule across an entire class, but NOT for the entire project, just a single class. In the example below, the build generates a CA1822 warning because it thinks that the unit test methods should be static. The…
Suraj
  • 35,905
  • 47
  • 139
  • 250
17
votes
3 answers

How to suppress code analysis messages for all type members?

Let's say I have an enumeration of all currencies: public enum CurrencyType { /// /// United Arab Emirates dirham /// [EnumMember] AED = 784, /// /// Afghan afghani ///
penartur
  • 9,792
  • 5
  • 39
  • 50
17
votes
7 answers

Ruby source code analyzer (something like pylint)

Does Ruby have any tools along the lines of pylint for analyzing source code for errors and simple coding standards? It would be nice if it could be integrated with cruisecontrolrb for continuous integration. Or does everyone write such good tests…
Dan Powley
  • 743
  • 4
  • 11