5
голосов
6ответов
258 просмотров

Are there useful static analysis tools for databases?

Is there a tool for examining the configuration and schema of a database for dubious fields, relationships and configuration, similar to how static analysis tools like lint will flag dubious lines of code? I'm not necessarily asking for normalization, but surely there's stupid stuff that can be ...

9
голосов
5ответов
6397 просмотров

Is object clearing/array deallocation really necessary in VB6/VBA (Pros/Cons?)

A lot of what I have learned about VB I learned from using Static Code Analysis (Particularly Aivosto's Project Analyzer). And one one of things it checks for is whether or not you cleared all objects and arrays. I used to just do this blindly because PA said so. But now that I know a little bit ...

2
голосов
4ответов
327 просмотров

Is there a library that provides static analysis of regular expressions?

Specifically, is there a library that, when given 2 (or more) regular expressions, can tell if exists an input that both would match? Bonus points if it's easily accessible via Java or .NET, but command-line would be fine as well. Asker's log, supplemental: The regular expressions that would b...

6
голосов
2ответов
812 просмотров

Findbugs + JSR305: Possibility to specify default behavior?

Note: those annotations, I'm talking about, are specified by JSR305. I have the latest Findbugs (1.3.9) and it finds errors correctly when some field, annotated with @Nonnull, is assigned to null. But, in my project, the "non-null logic" is the default case. I would say that null is explicitely...

34
голосов
3ответов
5506 просмотров

Tentative definitions in C and linking

Consider the C program composed of two files, f1.c: int x; f2.c: int x=2; My reading of paragraph 6.9.2 of the C99 standard is that this program should be rejected. In my interpretation of 6.9.2, variable x is tentatively defined in f1.c, but this tentative definition becomes an actual def...

0
голосов
2ответов
136 просмотров

Automatic compiler detection of the addition of the same object instance to a container in a loop

This is a dumb mistake: List<Foo> fooList = new List<Foo>(); Foo f = new Foo(); while (something.Read()) { f.Fill(something.GetRecord()); fooList.Add(f); } Of course, I should instantiate a new Foo inside the loop. Can a compiler detect this kind of mistake at compile tim...

14
голосов
6ответов
2325 просмотров

How can I find copy/paste (duplicate, clone) code in Perl?

I've searched the Internet for a while now and I have not been able to find any free (or cheap) tools/utilities/modules that can analyze a set of Perl files (modules or scripts) and flag duplicate or cloned or copy/pasted code. I'm better now, but I used to copy and paste sections of code all ov...

3
голосов
4ответов
1347 просмотров

a language for semantic analysis?

background: - there are formal languages for expressing programming language valid lexicon and syntax - such representations (e.g. regular expression and context-free grammars) can be automatically compiled into lexicon/syntax analyzers for some programming language using some tools (e.g. LEX and...

0
голосов
1ответов
266 просмотров

Maintaining FindBugs bug history

FindBugs provides a way to do data mining of bugs. That looks interesting as it helps in trending of bugs over various revisions. What I want to do is: On each commit to version control, FindBugs will be run and a report will be generated. Is it possible to generate a report that takes data from...

5
голосов
3ответов
1089 просмотров

Java Minimize Dependencies

I have a situation where there is a small piece of Java code that has a large number of jars that it depends on. However, the dependencies inside these jars are very shallow. In most cases it only depends on a jar for a single interface. Instead of distributing all of the jars with the applicati...

4
голосов
1ответов
744 просмотров

Garbage collection of Core Foundation objects

Running the static analyzer on this piece of code: - (id) readForeignPref { CFPropertyListRef matchStyle = CFPreferencesCopyAppValue(CFSTR("PBXFindMatchStyle"), CFSTR("com.apple.Xcode")); return [(id)matchStyle autorelease]; } yields the following warning: Call to function 'CFPreferences...

8
голосов
1ответов
756 просмотров

What form of alias analysis does Visual C++ use?

I'm trying to figure out what form of alias analysis is used in Visual C++. It's also known as pointer analysis, mod-ref analysis, points-to analysis or side-effect analysis, and is pretty close to escape analysis or shape analysis (should you have seen those terms bandied about). If anyone know...

6
голосов
6ответов
753 просмотров

Is there a tool for extracting all variable, module, and function names from a Perl module file?

My apologies if this is a duplicate; I may not know the proper terms to search for. I am tasked with analyzing a Perl module file (.pm) that is a fragment of a larger application. Is there a tool, app, or script that will simply go through the code and pull out all the variable names, module nam...

1
голосов
2ответов
111 просмотров

High-level/semantic optimization

I'm writing a compiler, and I'm looking for resources on optimization. I'm compiling to machine code, so anything at runtime is out of the question. What I've been looking for lately is less code optimization and more semantic/high-level optimization. For example: free(malloc(400)); // should b...

12
голосов
4ответов
3990 просмотров

How can I make a static analysis call graph for Perl?

I am working on a moderately complex Perl program. As a part of its development, it has to go through modifications and testing. Due to certain environment constraints, running this program frequently is not an option that is easy to exercise. What I want is a static call-graph generator for Pe...

34
голосов
2ответов
21427 просмотров

How to turn off JSLint indentation warnings?

I find that JSLint produces lots of warnings of the form: Expected 'foo' to have an indentation at X instead at Y. The JSLint options documentation describes an indent option that recognizes a numerical value representing the amount of space for each level of indentation. This option allows me...

4
голосов
2ответов
875 просмотров

How can I supress static code analysis during build?

We have a solution with 15 projects, which all has code analysis enabled. The solution easily takes 60+ seconds to build, which is a very long time when sitting waiting. If I disable code analysis it builds in 10 sesonds. I would love to be able to disable code analysis on an ad-hoc basis. But...

34
голосов
2ответов
1338 просмотров

Should the Code Contracts static checker be able to check arithmetic bound?

(Also posted on the MSDN forum - but that doesn't get much traffic, as far as I can see.) I've been trying to provide an example of Assert and Assume. Here's the code I've got: public static int RollDice(Random rng) { Contract.Ensures(Contract.Result<int>() >= 2 && ...

4
голосов
2ответов
1959 просмотров

ASP.NET / C# Equivalent of Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP)?

Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP) is a static code analyzer for classic ASP VBScript code that can help identify pages that might have a sql injection vulnerability. That tool seems to only support vbscript ("The tool understands only ASP code that is written in VBSc...

1
голосов
2ответов
1025 просмотров

FindBugs and Maven

I would like Maven to generate a FindBugs report where the bugs are grouped by severity, not by file. Then I would be able to focus on the most serious bugs immediately. I have seen similar functionality with the FindBugs plugin for Eclipse. Is this possible with Maven?

5
голосов
1ответов
2631 просмотров

How do I enforce assigning to arguments of methods using FindBugs?

As an alternative to littering my code with thousands of final keywords in front of my parameters, I'm trying to enforce it using FindBugs. It doesn't seem possible to do this, but there should be a way, shouldn't there? Thanks

3
голосов
4ответов
793 просмотров

Developing a static source code analysis tool for proprietary API?

There is a proprietary API that is built on top of C++. So it uses all the features of C++ and then has its own APIs. There are some APIs that function exactly the same as C++ API (like for malloc there is Stralloc), these APIs are provided for performance reasons. Though there are many static c...

0
голосов
2ответов
1119 просмотров

Static Analysis Tools for Database Design

I'm looking for Static Analysis Tools for Database Tier. I got some answers for reviewing PLSQL, TSQL code, i'm wondering what are the options available for reviewing database design for naming conventions of tables and their columns, foreign key constraints and triggers etc. There is MSDN artic...

4
голосов
3ответов
1823 просмотров

Syntax checker for C#

We're looking for a syntax checker for C#, something like Checkstyle for Java. Does anyone have any recommendations for any tools that we can use? Ideally it would have a plugin to Visual Studio 2008.

4
голосов
5ответов
4732 просмотров

FxCop - CA1034 error - WHY?

I am running static code analysis with FxCop 1.36 and I keep getting warning CA1034: NestedTypesShouldNotBeVisible. I would understand if the parent class were declared as internal or private, but it is public. Why would it be bad for TimerReset to be declared public? Am I missing something,...

4
голосов
3ответов
9447 просмотров

Fortify Source Analyzer and Apache Lenya

I am trying to use Fortify Source Code Analyzer for a research project at my school to test the security for open source Java web applications. I am currently working on Apache Lenya. I am working with the last stable release (Lenya v2.0.2). Inside the root directory there is a file named build....

3
голосов
1ответов
1008 просмотров

Catching overflow of left shift of constant 1 using compiler warning?

We're writing code inside the Linux kernel so, try as I might, I wasn't able to get PC-Lint/Flexelint working on Linux kernel code. Just too many built-in symbols etc. But that's a side issue. We have any number of compilers, starting with gcc, but others also. Their warnings options have been ...

5
голосов
5ответов
365 просмотров

What is wrong with an inner class not using an outer class in Java?

I'm using a static analyzer in Eclipse to examine my code. One class, foo, has an inner class, bar. I am getting the following error: JAVA0043 Inner class 'bar' does not use outer class 'foo' Why is this an error? As long as the outer class uses the inner class isn't that sufficient to make...

2
голосов
5ответов
859 просмотров

Что плохого в использовании super () в конструкторе в Java?

Когда я запускаю статический анализ следующего кода: public ExtractDBScripts(String resBundleName) { super(); m_mainBundle = ResourceBundle.getBundle(resBundleName); } Я получаю следующую ошибку: «Конструктор JAVA 0058 'ExtractDBScripts' вызывает super ()»....

47
голосов
34ответов
6909 просмотров

Почему дискуссии о качестве кода вызывают бурную реакцию?

Мне нравится, что мой код находится в порядке, т.е. правильно отформатирован, читается, спроектирован, протестирован, проверен на наличие ошибок и т. д. На самом деле я фанатично отношусь к этому. ( Может быть, даже больше, чем фанатик ... ) Но по моему опыту действия, улучшающие качество кода п...