static-analysis

Empty method in an abstract class

I have just installed PMD to analyze my Java project. Really nice tool, highly recommended. Anyways, I got a few errors saying: "An empty method in an abstract class should be abstract instead" I checked out PMD documentation and the explanation says: as developer may rely on this empty implementation rather than code the app...

Java Code Use Checker

I am working on a library where we want to determine how much of our library is being used. I.E. we want to know how many methods in our library are public, but never being called. Goal: Static Analysis Determine how many lines of code call each public method in package A in the current project. If the number of calls is zero, the metho...

What are the good static code analysis plugins?

Are there any automated code review tools for Java? Especially plugins for Eclipse? The tool I expect is an automated code review plugin or tool that can automatically detect the problems in Code. ( Microsoft does this using OACR ).Plugins like Jupiter won't help because they are just peer review tools for eclipse. ...

Existing library to calculate code complexity of a block of code.

Hi all. I'm given a string which contains an arbitrary amount of code. I want to calculate a number which represents the code complexity of that string. Something like: int complexity = Lib.FindComplexity(someString); I realize there are a lot of tools out there that will do this for you. These tools will not work for me, because...

Any ideas on how to write a static analysis rule (FXCop) to ensure that event delegates are removed

We have been going through a big memory leak analysis and have found one of the contributing factors has been the non removal of delegates on events causing objects to not be GCed quickly enough (or sometimes forever). Would anyone have any ideas as to how to write a rule in FXCop to ensure that we have delegates are removed from handl...

Oracle deadlock detection tool

I am looking for a static analyser of Oracle queries and PL/SQL procedures (triggers, constrains, ...) - a tool that will pass on our DB scheme and point to potential deadlocks. Just like FindBugs for Java. If such a tool does not exist, would you like to have it ? ...

statically analysing Lua code for potential errors

I'm using a closed-source application that loads Lua scripts and allows some customization through modifying these scripts. Unfortunately that application is not very good at generating useful log output (all I get is 'script failed') if something goes wrong in one of the Lua scripts. I realize that dynamic languages are pretty much res...

Open Source alternative to Mathworks Polyspace?

Anyone knows about an open source project (or maybe just free to use in commercial projects) that is an alternative to Mathworks Polyspace? I'm searching for tools for code checking and found some good alternatives for static checks, but PolySpace seems to offer so much more power. I think there's no real alternative out there, but may...

how to change a stylecop rule

Does anyone know how to change the stylecop rule (sa1600 if it helps) that says that elements must be documented so that it only applies to properties and not to private members? Our ORM (DevExpress XPO) requires that you have private members for all public properties (because you have to call a function in the setter to persist it as w...

Good introductory text on static analysis for bug finding?

I'm looking for a good introductory text on the theory of static analysis for bug finding. Any recommendations? ...

How can I provide feedback to my team about changes included in a build and their impact on risk?

Is this something you do already or do you know of a good tool? GOAL: Help team understand how recent source changes impact risk so they know where to focus testing efforts. Provide data over time and feed it back into planning and scoping phases of the dev cycle. PLAN: Combine svn change data with clover complexity data in a report s...

Is there a static analysis tool for Python, Ruby, Sql, Cobol, Perl, and PL/SQL?

I am looking for a static analysis tool for Python, Ruby, Sql, Cobol, Perl, PL/SQL, SQL similar to find bugs and check style. I am looking for calculating the line count, identify bugs during the development, and enforcing coding standard. ...

Tools for static analysis for C# code

I'm looking for a tool that can collect quality metrics for C#/.NET code. I'm aware of NDepend - are there any other tools that I should look into? Ideally, I'd like to find something that could be integrated with an automated build process - something that could export a text-based report (I'd like to be able to easily email and archive...

Coding constraints checker?

Hi, Please help me to get a coding constraints for action script and flex 3. Regards, Lalji ...

How to detect array size in Java bytecode (FindBugs)

I'd like to find out about the size of an array being allocated by looking at the bytecode, if that information is known at compile time, of course. Background: I want to write a FindBugs detector (which looks at the compiled bytecode) and report certain occurences of array allocations. In order to filter out false positives I am not in...

Which static analysis tool for Java is easiest to extend?

Which static analysis tools for Java has easiest extension mechanism. I checked PMD But the process of writing custom rules appears to be very involved. Specifically, I want to know whether there is any tools that offers AspectJ like syntax for picking out interesting areas of code? I am aware of AspectJ's declare warning but it appear...

What's wrong with using System.err in Java?

I'm using the Enerjy (http://www.enerjy.com/) static code analyzer tool on my Java code. It tells me that the following line: System.err.println("Ignored that database"); is bad because it uses System.err. The exact error is: "JAVA0267 Use of System.err" What is wrong with using System.err? ...

JML Evaluation of \old(Expression[Id])

I would like to know how a JML expression of the form \old(Expression[Id]) is evaluated, i.e. if I have the \old(vector[value-1]) expression, does the \old also refer to "value" or just the to the value of the vector[value-1]. Thanks in advance! ...

tool to detect C# code smells

I'm working with C# and I was hoping to find some tools akin to those I'm used to in Ruby and Ruby on Rails for detecting code smells. I'm referring to things like Roodi, Flay, Flog, Reek, Rcov, and Saikuro. It would be nice if the tool(s) integrated with Visual Studio 2008. I have ReSharper and it's nice for alerting me when I'm not ...

What's wrong with using super() in a constructor in Java?

When I run static analysis on the following code: public ExtractDBScripts(String resBundleName) { super(); m_mainBundle = ResourceBundle.getBundle(resBundleName); } I get the following error: "JAVA 0058 Constructor 'ExtractDBScripts' calls super()". What is wrong with calling super() from a constructor?...