Java has some very good open source static analysis tools such as FindBugs, Checkstyle and PMD. Those tools are easy to use, very helpful, runs on multiple operating systems and free. Commercial C++ static analysis products are available from vendors Klocwork, Gimpel and Coverity. Although having such products are great, the cost is ju...
Is there a way to identify unused attributes/methods in Visual C++ 2008 Professional? If it's not possible by default, recommendations of 3rd-party tools are also much appreciated. Thanks, Florian Edit: nDepend only works for .NET assemblies. I'm looking for something that can be used with native C++ applications. ...
Normally I program in C# but have been forced to do some work in C++. It seems that the integration with Visual Studio (2008) is really poor compared to C# but I was wondering if there are any good tools, plugins or configurations that can improve the situation. Another post pointed out the program Visual Assist X, which at least helps ...
I'd like to get comments from people who have used or evaluated Coverity for statically analysing Java-code. I know it's popular in C/C++ world, but is it worth spending the money for Java analysis or am I better off with PMD, Findbugs and other Open Source tools? ...
We are introducing static analysis tools into the build system for our Java product. We are using Maven2 so Checkstyle and PMD integration come for free. However it looks like there is a large overlap in functionality between these two tools, in terms of enforcing basic style rules. Is there a benefit from utilizing both of these? I don...
I have a large legacy system to maintain. The codebase uses threads all over the place and those threads share a lot of mutable data. I know, sounds bad. Anyway, don't answer "rewrite the whole application from scratch" or I'll vote you down :-) I have tried to run some static analysis tools on the codebase, but none of those seem to cat...
I have a checkstyle suppression filter setup (e.g. ignore magic numbers in unit test code). The suppression xml file resides in the same folder as the checkstyle xml file. However, where this file actually is varies: on my windows dev box it is in d:\dev\shared\checkstyle\config on the Linux CI server it will be in /root/repo/shared/che...
I'm familiar with a handful of the free static analysis tools available for Java, such as FindBugs and PMD. What I'd like to know is how the commercial products such as Klocwork and Coverity stack up against these. What are their strengths and weaknesses? ...
How would you go about dead code detection in C/C++ code? I have a pretty large code base to work with and at least 10-15% is dead code. Is there any Unix based tool to identify this areas? Some pieces of code still use a lot of preprocessor, can automated process handle that? ...
My company is looking at using VeraCode for some independent static analysis of our binaries. Anyone out there using them? I would also be interested to hear from anyone using their dynamic analysis services as well. ...
I'm trying to write rules for detecting some errors in annotated multi-threaded java programs. As a toy example, I'd like to detect if any method annotated with @ThreadSafe calls a method without such an annotation, without synchronization. I'm looking for a tool that would allow me to write such a test. I've looked at source analyze...
How do I setup an Ant task to generate a Findbugs report when the source folder has many jars in it? I'm looking for a worked example of the ant task required to output the fancy HTML from a folder containing multiple jars ...
I have a large legacy C++ project compiled under Visual Studio 2008. I know there is a reasonably amount of 'dead' code that is not accessed anywhere -- methods that are not called, whole classes that are not used. I'm looking for a tool that will identify this by static analysis. This question: Dead code detection in legacy C/C++ pro...
Does anyone know of a good code static code analyser for vb.net? I've seen plenty for c#, and I think VS 2008 some one built in. But we're currently only using vs 2005... ...
I have a client that thought a highly dynamic ASP.NET application was a very simple sytem, yet to implement it in the manner in which they needed for future grown it has grown to well over 100 different code files. I am looking for a way, most likely with some sort of static code analysis tool to put some numbers that might "make sense"...
I want to create extra rules in FXCop. Custom Rules to help ensure specific best practices like checking against inline sql. I'm really looking for good resources and examples. Thanks! ...
What methods are available for determining the optimum stack size for embedded/memory constrained system? If it's too big then memory is wasted that could be used elsewhere. However, if it is too small then we get this website's namesake... To try to jump start things: Jack Ganssle states in The Art of Designing Embedded Systems that, "...
In Java is this nice tool called FindBugs. Is there something similar in .Net? ...
I'm a self taught programmer with almost non CS background. I'm currently learning about parsing techniques/algorithms/tools, and have a desire to build programs to analyze Java code. What kind of mathematical/theoretical CS do you have to know or take into account to build the most basic static analysis tools? A very simple thing that ...
I find that when I'm reviewing VBA code most of the bugs are dumb ones, typos, Not setting things to Nothing, not closing DB connections, etc. I know that using Option Explicit can solve some of these, but I'd rather something more powerful. So... Are there any static analysis tools for VBA? ...