Consider such code public void m1(String text) { if(text == null) text = "<empty>"; System.out.println(text.toLowerCase()); } And this is a buggy version: public void m1(String text) { System.out.println(text.toLowerCase()); } If null value passed, the NullPointerException may be thrown. I would like the static...
Here is a number of code snippets that can throw NullPointerException. 01: public void m1(@Nullable String text) { System.out.print(text.toLowerCase()); // <-- expect to be reported. } 02: private boolean _closed = false; public void m1(@Nullable String text) { if(_closed) return; System.out.print(text.toLowerCa...
It's common knowledge that you shouldn't use a StringBuilder in place of a small number of concatenations: string s = "Hello"; if (greetingWorld) { s += " World"; } s += "!"; However, in loops of a significant size, StringBuilder is the obvious choice: string s = ""; foreach (var i in Enumerable.Range(1,5000)) { s += i.ToStr...
The "Build and analyze" option doesn't seem to work for .cpp and .mm files. I tried "clang --analyze" on individual files without any standard #includes and it works well. However I'm not able to run it on my Xcode project. I couldn't figure out a way to make clang find the standard #includes like even UIKit.h. Any clues? ...
Hi, We are using a Tool in our project. This tool has its own language which is similar to Java. I am looking for a static analysis tool which can be applied to the new language. Are there any static analysis tools which can be customized to any languages? or Is there any document or any reference on how to develop the static analysis ...
I have experimented with several different static analyzers for Java, notably Findbugs and PMD. I am looking for examples of other static analyzers that may be worth running on Java code. ...
I have the following script that I run as a custom build step in Qt Creator: git ls-files . | egrep "\.cpp$|\.h$" | xargs vera++ Which then gives output: foo/bar.cpp:1: no copyright notice found Another script I also use is: cppcheck . --template gcc -q --enable=style,unusedFunctions With the output: apple.h:8: style: The class...
I've started to play with DGML, and I see in the schema that the Node element supports a Shape attribute. I've tried things like <Node Shape='square'... with no effect. Is Shape really supported in DGML? ...
I need to write a tool that lists the classes that call methods of specified interfaces. It will be used as part of the build process of a large java application consisting of many modules. The goal is to automatically document the dependencies between certain java modules. I found several tools for dependency analysis, but they don't w...
I just been given a new assignment which looks like its going to be an interesting challenge. The customer is wanting a code style checking tool to be developed for their internal (soon to be open sourced) programming language which runs on the JVM. The language syntax is very Java like. The customer basically wants me to produce some...
I do use static code analysis on a project with more than 100.000 lines of Java code for quite a while now. I started with Findbugs, which gave me around 1500 issues at the beginning. I fixed the most severe over time and started using additional tools like PMD, Lint4J, JNorm and now Enerjy. With the more severe issues being fixed, ther...
I have a scenario where I have code written against version 1 of a library but I want to ship version 2 of the library instead. The code has shipped and is therefore not changeable. I'm concerned that it might try to access classes or members of the library that existed in v1 but have been removed in v2. I figured it would be possible t...
I need to perform static source analysis on Java code. Ideally, I want the system to work out of the box without much modification from me. For example, I have used Antlr in the past, but I spent a lot of time building grammar files and still didn't get what I wanted. I want to be able to parse a java file and have return the charact...
Is there a way to search for multiple nested if statements in code using a regular expression? For example, an expression that would locate an instance of if statements three or more layers deep with different styles (if, if/else, if/elseif/else): if (...) { <code> if (...) { <code> if (...) <code> ...
I recently started using the findbugs static analysis tool in a java build I was doing. The first report came back with loads of High Priority warnings. Being the obsessive type of person, I was ready to go knock them all out. However, I must be missing something. I get most of the warnings when comparing things. Such as the followi...
I would like to use cppcheck for static code analysis of my C++ code. I learned that I can suppress some kind of warnings with --inline-suppr command. However, I can find what "suppressed_error_id" I should put in the comment: // cppcheck-suppress "suppressed_error_id" ...
I would like to switch my application to LARGEADDRESSAWARE. One of issues to watch for is pointer arithmetic, as pointer difference can no longer be represented as signed 32b. Is there some way how to find automatically all instances of pointer subtraction in a large C++ project? If not, is there some "least effort" manual or semi-auto...
I've been playing with Code Contracts and I really like what I've seen so far. They encourage me to evaluate and explicitly declare my assumptions, which has already helped me to identify a few corner cases I hadn't considered in the code to which I'm adding contracts. Right now I'm playing with trying to enforce more sophisticated inv...
I require a java code for converting a C program into a control flow graph. Can any one please help me out with it? ...
Hello all, I tried to search the site for this question but didn't find this exactly, although this subject is being discussed a lot... I have this declaration in a cpp file, not within any function: static const char* gText = "xxxxxxxxxxx"; Although it has a fixed size, I get a warning from a static analysis tool (Klocwork) when I'm...