Running the static analyzer on this piece of code: - (id) readForeignPref { CFPropertyListRef matchStyle = CFPreferencesCopyAppValue(CFSTR("PBXFindMatchStyle"), CFSTR("com.apple.Xcode")); return [(id)matchStyle autorelease]; } yields the following warning: Call to function 'CFPreferencesCopyAppValue' returns a Core Foundation ob...
I have a situation where there is a small piece of Java code that has a large number of jars that it depends on. However, the dependencies inside these jars are very shallow. In most cases it only depends on a jar for a single interface. Instead of distributing all of the jars with the application, I would like to just distribute the sp...
Findbugs provides a way to do data mining of bugs. That looks interesting as it helps in trending of bugs over various revisions. What I want to do is: On each commit to version control, findbugs will be run and a report will be generated. Is it possible to generate a report that takes data from all these reports and shows the trend? Ha...
hello gurus, background: - there are formal languages for expressing programming language valid lexicon and syntax - such representations (e.g. regular expression and context-free grammars) can be automatically compiled into lexicon/syntax analyzers for some programming language using some tools (e.g. LEX and YACC) questions: - are the...
I've searched the Internet for a while now and I have not been able to find any free (or cheap) tools/utilities/modules that can analyze a set of Perl files (modules or scripts) and flag duplicate or cloned or copy/pasted code. I'm better now, but I used to copy and paste sections of code all over the place. I'd like to clean it up and...
This is a dumb mistake: List<Foo> fooList = new List<Foo>(); Foo f = new Foo(); while (something.Read()) { f.Fill(something.GetRecord()); fooList.Add(f); } Of course, I should instantiate a new Foo inside the loop. Can a compiler detect this kind of mistake at compile time? To naïve eyes it looks like it should be able to ...
Consider the C program composed of two files, f1.c: int x; f2.c: int x=2; My reading of paragraph 6.9.2 of the C99 standard is that this program should be rejected. In my interpretation of 6.9.2, variable x is tentatively defined in f1.c, but this tentative definition becomes an actual definition at the end of the translation unit...
Hello! Note: those annotations, I'm talking about, are specified by JSR305. I have the latest Findbugs (1.3.9) and it finds errors correctly when some field, annotated with @Nonnull, is assigned to null. But, in my project, the "non-null logic" is the default case. I would say that null is explicitely allowed only in 5% of cases. So,...
Specifically, is there a library that, when given 2 (or more) regular expressions, can tell if exists an input that both would match? Bonus points if it's easily accessible via Java or .NET, but command-line would be fine as well. Asker's log, supplemental: The regular expressions that would be fed to this algorithm are fairly simple....
Hi, Are there any good code analysis tools available for Groovy? I'm looking for something similar to FindBugs, PMD, CheckStyle, etc. I may even be able to use some of these tools directly if they work on Java byte code rather than source code. A feature that would be particularly useful is the ability to identify obsolete code, though ...
Hello, A lot of what I have learned about VB I learned from using Static Code Analysis (Particularly Aivosto's Project Analyzer). And one one of things it checks for is whether or not you cleared all objects and arrays. I used to just do this blindly because PA said so. But now that I know a little bit more about the way VB releases res...
Is there a tool for examining the configuration and schema of a database for dubious fields, relationships and configuration, similar to how static analysis tools like lint will flag dubious lines of code? I'm not necessarily asking for normalization, but surely there's stupid stuff that can be detected without solving Hard AI or the Ha...
Our static analysis tool complains about a "useless type qualifier on return type" when we have prototypes in header files such as: const int foo(); We defined it this way because the function is returning a constant that will never change, thinking that the API seemed clearer with const in place. I feel like this is similar to expli...
Are there any tools for performing static analysis of Scala code, similar to FindBugs and PMD for Java or Splint for C/C++? I know that FindBugs works on the bytecode produced by compiling Java, so I'm curious as to how it would work on Scala. Google searches (as of 27 October 2009) reveal very little. Google searches (as of 01 Februar...
Is thre any program which uses static analysis to look for bugs in actionscript code? ...
Hi, my project includes a simple C file with a header. Like this: #ifndef __IMAGE_ARRAY_3D #define __IMAGE_ARRAY_3D typedef struct ImageArray3D { double *data; // The image data LargeElement *largestElements; // c * nLargestElements int c, w, h, nLargestElements; } tImageArray3D; // Error points to here ... #en...
I was at the StackOverflow Dev Days convention yesterday, and one of the speakers was talking about Python. He showed a Memoize function, and I asked if there was any way to keep it from being used on a non-pure function. He said no, that's basically impossible, and if someone could figure out a way to do it it would make a great PhD t...
I want to be able to specify the Code AnalysisRules in commandline MSBuild (for Code Analysis / FXCOP). The project file would have something like this in it: <CodeAnalysisRules>-Microsoft.Globalization#CA1301;-Microsoft.Globalization#CA1302</CodeAnalysisRules> So I would assume that I use something like this: MSBuild.exe /property:Ru...
Hi, We're using VS2008 with the built in static code analysis rule set. We've got a relatively large C# solution (150+ projects) and while some of the projects (< 20) are using static code analysis religiously, most are not. We want to start enforcing static code analysis on all projects, but enabling all rules would create a massive di...
The title says it all. I know blindly following any "best practice" can still lead to a stinking pile of crap that strictly adheres to the best practice. The SOLID principles are just that, principles. They don't apply to every situation but they are still very good heuristics for finding possible improvements in your code. The downsid...