Stack Overflow
Stack Overflow

Questions tagged [static-code-analysis]

Static code analysis is the analysis of computer software that is performed without actually executing it.

According to Wikipedia, Static code analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as ). In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object (byte) code. The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding, program comprehension or .

510 questions
0
votes
1 answer

Klocwork 9.6 ignore specific checkers only in specified files

We are using Klocwork 9.6 for static code analysis. To perform an analysis we are using command line tools "kwcheck" command There are some errors which we just want to filter out. e.g (Local) *.cpp:134 UNINIT.STACK.ARRAY.MIGHT (1:Critical)…
Aleksander Fular
  • 803
  • 9
  • 18
0
votes
1 answer

Code Analysis (FXCop) Command line differences

We are currently running code analysis in release mode, when we run the code analysis in our dev environments, through the Visual Studio IDE we get 2 errors : 1) CA1506 Avoid excessive class coupling 2) CA1823 Avoid unused private fields When…
MicroMan
  • 1,988
  • 4
  • 32
  • 58
0
votes
1 answer

SONAR undocumented public API skewed by unit tests

The SONAR metrics include a section for evaluating the documentation quality, having an item Public undocumented API. This is very high in our project because it reports each and every unit test. However, unit test methods have to be public for…
Bananeweizen
  • 21,797
  • 8
  • 68
  • 88
0
votes
0 answers

What classes and methods are not in a python test suite, statically?

Say that file.py has class C with methods M1 M2 ..., but test/*.py never calls C at all, or never calls M2. Is there a static program analysis tool that detects this, and writes a list of apparently unused classes / unused methods ? (Sure, dynamic…
denis
  • 21,378
  • 10
  • 65
  • 88
0
votes
1 answer

Sonar Security in a Multiple Project Analysis

I have a single Sonar instance analyzing codebases of different projects owned by different customers. I need to ensure non of the project teams can manipulate the sonar/machine security to access codebases of other projects (For example through a…
Hasith
  • 1,749
  • 20
  • 26
0
votes
1 answer

CodeNarc's static code analysis is not able to find proper class dependencies

When using CodeNarc for static code analysis on Groovy & Grails code, it is not able to figure out class hierarchies. There is a private method in one service class say BaseService. Another service class say ChildService extends the BaseService…
user235273
0
votes
1 answer

Run JSlint from console with custom options?

In a previous question Run JSLint on a .js file from debugging console in chrome or firefox I learned how to run JSLint from console or from node. Is there a way to run JSLint (from the JavaScript code like in the answer given to the above mentioned…
Eduard Florinescu
  • 16,747
  • 28
  • 113
  • 179
0
votes
2 answers

Any popular c++ code static check tools recommended?

There're several new c++ guys working in our team, so too much ugly code everyday! I hate those functions using readonly string, STL containers as parameters in, but without const reference!!! I'm crazy!!! Is there any static code checker that can…
Acewind
  • 133
  • 9
0
votes
1 answer

Initializing Hibernate takes lot of time in Sonar analysis

I am using Sonar for static code analysis in my project. The issue is Sonar is taking lot of time at the point Initializing Hibernate. Does anyone has any idea about how to speed up sonar analysis?
Priyank Doshi
  • 12,895
  • 18
  • 59
  • 82
0
votes
1 answer

Sonar, Sonar-runner, Gallio and NCover ... Gallio doesn't run :(

is there anyone out there who actually managed to get sonar-runner working with Gallio and Ncover? I've tried every combination in the book and during the run it keeps telling me "INFO s.p.c.g.GallioSensor - Gallio won't execute as there are no…
Mike
  • 11
  • 1
  • 3
0
votes
1 answer

How should sonar be configured to work with StyleCop 4.7

I am attempting to get sonar to work with StyleCop 4.7 and am having a few issues. 1) When I set the location of StyleCop in the Sonar settings, Sonar fails to run and therefor fails my CI builds. It seems that Sonar is unable to find the…
TheDevOpsGuru
  • 1,570
  • 5
  • 21
  • 36
0
votes
1 answer

PMD xpath tutorials

I'm about to write custom rules for my Java EE codebase, Can anyone help where to begin for writing xpath rules? Is there any complete tutorial available for this?
Anandhakrishnan
  • 548
  • 2
  • 7
  • 21
-1
votes
1 answer

You attempt to analyze the project using a static code analysis tool: how do you think the missing header file would affect the results?

What is the role of header files in C program while using static code analysis tool. If we forget to add header file how static code analysis tool will respond?
Ganesh Kadam
  • 84
  • 7
-1
votes
1 answer

cppcheck: No C or C++ source files found even though file is present in directory?

I receive the cppcheck: No C or C++ source files found. error even though the file in question is present in the directory I am searching in. This is the command I am running: subprocess.call('cppcheck --dump --max-ctu-depth=0' + cpp_file_path,…
greendaysbomb
  • 364
  • 2
  • 6
  • 23
-1
votes
1 answer

how to create a custom task using spotbugs to run static code analysis in gradle?

Im trying to create custom spotbugs task to do static code analysis. since its big project. while in execution, gradle throws out some errors and ultimately leading to build failure. My custom task : apply plugin: "com.github.spotbugs-base" task…
Vishal VR
  • 19
  • 6
1 2 3
33
34