Stack Overflow
Stack Overflow

Questions tagged [static-code-analysis]

Static code analysis is the analysis of computer software that is performed without actually executing it.

According to Wikipedia, Static code analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as ). In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object (byte) code. The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding, program comprehension or .

510 questions
11
votes
3 answers

Is Code Contracts failing to spot obvious relationship between Nullable.HasValue and null?

I am experimenting with applying Code Contracts to my code and I've hit a perplexing problem. This code is failing to meet the contract but unless I'm being really thick I would expect it to be able to easily analyse that id must have a value at the…
Wheelie
  • 3,866
  • 2
  • 33
  • 39
11
votes
2 answers

I am looking for a recursion analysis tool

I ran into a problem this weekend where method 1 called method 2 which called method 3 which caught exception, and within the exception handling method 1 was called again... M1 -> M2 -> M3 -> M1 .... The problem became obvious and easy to fix, once…
Sam
  • 2,166
  • 2
  • 20
  • 28
11
votes
1 answer

How to generate a Program Dependence Graph (PDG) from Bytecode in Java

I want to generate a program dependence graph (PDG) from Java Bytecode for further programmatic analysis. Since this is old (the paper is from '87) and presumably well-known technology, I thought that appropriate tools would be readily…
roesslerj
  • 2,611
  • 5
  • 30
  • 44
11
votes
2 answers

How to treat warnings from clang static code analysis as errors in Xcode 3?

Question The RUN_CLANG_STATIC_ANALYZER ("Run Static Analyzer") project setting has found important issues in our project. We have addressed them and we want to prevent future issues from creeping in. We're trying to get clang analysis warnings to…
otto
  • 2,230
  • 2
  • 26
  • 26
11
votes
4 answers

Detect SQL injections in the source code

Consider the following code snippet: import MySQLdb def get_data(id): db = MySQLdb.connect(db='TEST') cursor = db.cursor() cursor.execute("SELECT * FROM TEST WHERE ID = '%s'" % id) return…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
11
votes
2 answers

Extending jshint with custom checks

In the Python world there are multiple static code analysis tools that can be easily extended with custom checks via writing plugins or extensions, for example: pylint flake8 In the JavaScript world, as far as I understand, jshint is the number…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
11
votes
5 answers

Static code analysis tools for VB6

Right now we are maintaining some old project written in VB6 we are planning to implement continuous integration server for it. We would like to implement some code analysis as well to track that maintanability at least not getting worse. Basically…
Max Markov
  • 924
  • 12
  • 23
11
votes
1 answer

Visual Studio Code Analysis Error CA 1006

Code analysis throws error CA1006: Do not nest generic types in member signatures whenever we define custom definitions in the interface contract. What is the best way of handling this so called design issue. Any deep thoughts on this. Thanks for…
Suresh Kumar
  • 333
  • 2
  • 10
10
votes
3 answers

RunCodeAnalysis=true not working in command prompt (MSBuild)

I'm trying to get msbuild to output code analysis info like it does in VS. I have a configuration for my project called "CodeAnalysis" in VS that is set up to run code analysis on build (with the minimum ruleset). Anyway this is working fine in VS,…
mike d
  • 869
  • 1
  • 8
  • 15
10
votes
1 answer

Why is flutter analyze different from dart analyze?

I am learning Flutter and I've created a simple Android app. I want to follow the best practices, so I've also created a analysis_options.yaml: include: package:pedantic/analysis_options.yaml linter: rules: public_member_api_docs:…
madhead
  • 31,729
  • 16
  • 153
  • 201
10
votes
1 answer

Did I find a bug in CppCheck? Why do I get the "Null pointer dereference" error here?

I'm using Cppcheck to manage my code. I have the following function: bool my_function(std::string my_string) const { return 0 == my_string.compare("Some text"); // line 3 } To my surprise, I get the Null pointer dereference in the line 3. I am…
user2738748
  • 1,106
  • 2
  • 19
  • 36
10
votes
1 answer

Checking code for deprecation warnings

Consider the following sample code: data = [] try: print data[0] except IndexError as error: print error.message There is nothing syntactically wrong (using Python2.7) with the code except that if you run python with warnings turned on,…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
10
votes
2 answers

How can I perform the searches Java IDEs do for method references programmatically?

You know the find all references feature of eclipse (Search > References > Workspace or Ctrl-Shift-G)? How can I run that programmatically? I have a large codebase that I need to audit for security violations and need to chain about a dozen…
Steven
  • 2,189
  • 3
  • 15
  • 12
9
votes
4 answers

How do I specify a custom code analysis ruleset for multiple projects in a solution using Visual Studio 2019?

I've got a custom code analysis ruleset that I want to apply to all configurations of multiple projects in my solution but can't see how I can do it. To be clear, I'm looking for a way (if any) of doing this in a single step rather then editing the…
Chris
  • 3,081
  • 3
  • 32
  • 37
9
votes
0 answers

Ktlint vs Detekt - List of differences

I searched many websites but I didn't find any compare Ktlint vs Detekt. I need to know the differences, not the common features. I want choose one but I won't test them myself. Someone can give me few differences?
BElluu
  • 381
  • 5
  • 14
1 2
3
33 34