Open-source static code analysis tools for C++
Possible Duplicate: What open source C++ static analysis tools are available? Which open-source static C++ (not just C) code analysis tools are most suitable for porting code to 64-bit platforms? ...
static-analysis
C++ dynamic review tools
What's the best tool (commercial/open source) you've used for dynamic review/memory analysis of a C++ application? EDIT: removed 'static' as there is already a great question on this topic (thanks Iulian!) ...
Why won't this Code Contracts relationship prove?
I have a method that starts like this: public static UnboundTag ResolveTag(Type bindingType, string name, string address) { Contract.Requires(bindingType != null); var tags = GetUnboundTagsRecursively(bindingType).ToArray(); The contract for the implementation of GetUnboundTagsRecursively (implemented in the s...
Using Contract.ForAll in Code Contracts
Okay, I have yet another Code Contracts question. I have a contract on an interface method that looks like this (other methods omitted for clarity): [ContractClassFor(typeof(IUnboundTagGroup))] public abstract class ContractForIUnboundTagGroup : IUnboundTagGroup { public IUnboundTagGroup[] GetAllGroups() { Contract.Ensu...
Side-effect free methods in the Java Standard Library
I'm working on an analysis for Java programs that requires side-effect information about method calls. For standard library classes, I would like to compile a list of methods with read-only parameters. That is, methods that don't modify their arguments, or anything reachable from their arguments. I can infer a lot from the javadocs, b...
Static Thread Analysis: Good idea?
I help maintain and build on a fairly large Swing GUI, with a lot of complex interaction. Often I find myself fixing bugs that are the result of things getting into odd states due to some race condition somewhere else in the code. As the code base gets large, I've found it's gotten less consistent about specifying via documentation whi...
splint failing on code that includes complex.h
I'm trying to run splint on a C source that includes complex.h from the standard C library to support complex arithmetic. Unfortunately, splint fails with the following error. Splint 3.1.2 --- 03 May 2009 /usr/include/bits/cmathcalls.h:54:31: Parse Error: Non-function declaration: _Complex : extern double. (For help on...
Static analyzer says I have the potential leak of an object...
This is an object I made to do some flash cards. The first method (I left out the main part) generates a NSMutabaleArray of Card objects with the passed in operator and works fine. The second method, "drawFromDeck" gets called on a Deck object from my view controller and also works fine, but the Static Analyzer says I may be leaking an...
Languages specifically designed to make static verification easier
A lot of languages (perhaps all of them) are designed to make writing programs easier. They all have different domains, and aim to simplify developing programs in these domains (C makes developing low-level programs easier, Java makes developing complex business logic easier, et al.). Perhaps other purposes are sacrificed in sake of writ...
How to identify if an object returned was created during the execution of a method - Java
Original Question: Given a method I would like to determine if an object returned is created within the execution of that method. What sort of static analysis can or should I use? Reworked Questions: Given a method I would like to determine if an object created in that method may be returned by that method. So, if I go through and add a...
Build and Analyze using xcodebuild
Is there a way to do a Build and Analyze like in Xcode using xcodebuild? I'm using Xcode 3.2.2 ...
Does prepared statement prevent SQL-Injection here
Hi all, The code below is from SAMATE Reference Dataset. I used it to test a static analysis tool. As you can see the code should prevent SQL-Injection both by using a sanitization method as well as using a prepared statement. Since SCA tools cannot know custom santitzation methods, the will not detect that the allowed method is used t...
ASP.Net MVC Keeping parameter names and action argument names in sync.
I've noticed a pattern that can make refactoring MVC2 apps difficult. When you change the name of an argument for an action you must update the values everywhere that action is used. For example, public ActionResult List(string p) in the view <%= Html.ActionLink("List", "Directory", new { p = "somePath" }, null) %> What if I want t...
How does ReSharper know this return type is never null?
I'm using ReSharper 5.0, and am wondering how its code analysis function knows to higlight the following assemblies == null with the comment "Expression is always false". var directory = new DirectoryInfo("somedir"); FileInfo[] assemblies = directory.GetFiles("*.dll"); if (assemblies == null <<--- this is highlighted with "Expression i...
Static code analysis tools for finding defects in unit tests?
I'm looking for .NET static code analysis tools that can detect things like unit tests without an assert, too many asserts in one test, and other anomalies. ...
Whatever happened to nStatic?
Wesner Moise used to write about a static analysis tool called nStatic for .NET which looked really exciting. This was a few years and nothing has been published since. Does anyone know what's happened to the tool, or in fact, Wesner himself?! I hope he's OK, his last post about nStatic development explained that he'd had some health ...
Binary Analysis Research Tools
Hi, Can some one provide me with a list of leading binary research tools for Windows OS and windows applications? I found BinScope from microsoft itself but was wondering if there are any other better tools around? Thanks, Omer ...
Where is the extension/extensibility point for vs2010 code metrics?
I'd like to extend the 2010 static code analysis metrics (mostly fix it so the rollup is max instead of sum). Where is the extensibility point? Is it an MEF component somewhere? ...
Objective c memory leak.
Here are two methods that return a dictionary of my custom four-propery objects. They make arrays of strings, floats and BOOLs to put in the Chemical objects, then build a dictionary from the arrays. I'm new enough to the whole memory management game that I'm not always sure when I own something and when to release it. I'm making all ...
A warning with cppcheck, "hides typedef with same name"
This is a cppcheck warning message. Variable 'BUFFER_INFO' hides typedef with same name The BUFFER_INFO is defined as following. typedef struct tagBufferInfo { CRITICAL_SECTION cs; Buffer* pBuffer1; Buffer* pBuffer2; Buffer* pLoggingBuffer; Buffer* pSendingBuffer; }BUFFER_INFO, *PBUFFER_INFO; And I wrote, PBUFF...