Stack Overflow
Stack Overflow

Questions tagged [static-code-analysis]

Static code analysis is the analysis of computer software that is performed without actually executing it.

According to Wikipedia, Static code analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as ). In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object (byte) code. The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding, program comprehension or .

510 questions
15
votes
3 answers

Asynchronous code in custom ESLint rules

The Story and Motivation: We have a rather huge end-to-end Protractor test codebase. Sometimes it happens that a test waits for a specific fix to be implemented - usually as a part of a TDD approach and to demonstrate how a problem is reproduced and…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
15
votes
4 answers

Heap Inspection Security Vulnerability

I have run my java app against the checkmarx tool for security vulnerability and it is constantly giving an issue - Heap Inspection, for my password field for which I use a character array. It doesnt give any more explanation than just pointing out…
Gaurav Sachdeva
  • 652
  • 1
  • 10
  • 23
15
votes
4 answers

Flag "print" statements in Python code

I don't want "print" statements in our Python modules, because we will be using a logger. I'm trying to generate a script to check modules with pylint. However, pylint currently does not detect this as a warning or error. I want to detect "print"…
moylop260
  • 1,288
  • 2
  • 13
  • 20
15
votes
5 answers

Code Analysis Tools and Inter-Type-Declarations

I have a maven project generated by Spring Roo and use several tools (checkstyle, pmd etc.) to collect information about my project. (namely I am using codehaus' sonar for this) Roo makes heavy use of AspectJ Inter Type Declarations (ITD) to…
er4z0r
  • 4,711
  • 8
  • 42
  • 62
14
votes
4 answers

Code Metrics Analysis for Unmanaged C++ Code

Does anyone know of a free tool, similar to what is built into Visual Studio 2010 for managed code, that can do analysis of unmanaged, MFC C++ code and give metrics (lines of code, dependency or coupling, etc)? I've been searching on Google for…
JToland
  • 3,630
  • 12
  • 49
  • 70
14
votes
4 answers

What are the tradeoffs of performing static analysis on source code, byte code, machine code, etc?

What are the various tradeoffs for performing static analysis on various levels of code? For instance for Java, why would someone perform static analysis on Java source code vs. Jasmin code vs. Java bytecode? Does the choice restrict or expand the…
ChaimKut
  • 2,759
  • 3
  • 38
  • 64
14
votes
3 answers

Treat the use of @author as code style violation

Goal: Issue a warning in case an @author tag is used anywhere inside the .js files in the project. Question: Is it something that jshint or other static code check tools can help with? If not, what options do I have? Description: I completely agree…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
13
votes
4 answers

Static code analysis for detecting passing a wchar_t* to BSTR

Since a BSTR is only a typedef for wchar_t* our code base has several (many?) places where string literals are passed to a method expecting a BSTR this can mess up with marshallers or anyone who tries to use any BSTR specific method (e.g.…
Motti
  • 110,860
  • 49
  • 189
  • 262
13
votes
4 answers

Visual Studio 2015 Code Analysis C6386 warns of buffer overrun

I've read a lot about the Visual Studio Code Analysis warning C6386, but can't figure out this particular issue with my code. I've reduced it to the following small program: unsigned int nNumItems = 0; int main() { int *nWords=nullptr; …
Tom M
  • 131
  • 1
  • 1
  • 5
13
votes
1 answer

How to prevent returning a pointer to a temporary variable?

On a recent bug hunt, I found an issue with returning a pointer to a member of a temporary variable. The offending (simplified) code was: struct S { S(int i) : i(i) {} int i; int* ptr() { return &i; } }; int* fun(int i) { return…
Tomek Sowiński
  • 863
  • 5
  • 16
13
votes
13 answers

Should I declare these methods const?

I'm working on some C++ code where I have several manager objects with private methods such as void NotifyFooUpdated(); which call the OnFooUpdated() method on the listeners of this object. Note that they don't modify the state of this object, so…
starblue
  • 55,348
  • 14
  • 97
  • 151
12
votes
2 answers

Disable Code Analysis for Some Projects using MSBuild

I have inherited a solution file that uses a MSBuild script to compile multiple solutions. The majority of projects are configured with analysis and rulesets and I have a few unit-test projects that don't. Projects with analysis turned…
bryanbcook
  • 16,210
  • 2
  • 40
  • 69
12
votes
1 answer

Unintentional trailing comma that creates a tuple

In Python, leaving a trailing comma like this is, of course, not a SyntaxError: In [1]: x = 1 , In [2]: x Out[2]: (1,) In [3]: type(x) Out[3]: tuple But, at the same time, if the trailing comma was put accidentally, it may be difficult to catch…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
12
votes
1 answer

Using a custom argument validation helper breaks code analysis

I'd like to use a custom helper to simplify argument validation, something like this. public static void ThrowIfNull(this object value, string parameterName) { if (value == null) { throw new ArgumentNullException(parameterName); …
Zoltán Tamási
  • 12,249
  • 8
  • 65
  • 93
12
votes
1 answer

Automatically detect identical consecutive std::string::find() calls

During a code review, i found source code like this: void f_odd(std::string &className, std::string &testName) { if (className.find("::") != std::string::npos) { testName = className.substr(className.find("::") + 2); …
orbitcowboy
  • 1,438
  • 13
  • 25
1
2
3
33 34