static-analysis

Java static analyzer custom templating/specification

We have a Java project that uses TeamCity to do static analysis of our Java classes each night to find low hanging bugs in our code. We would like to tell TeamCity to look for a new type of bug that developers might introduce that has to do with the usage of == vs .equals For a particular type within the system we were using == to do c...

Static analysis tool to detect ABI breaks in C++

It's not very hard to break binary backwards-compatibility of a DSO with a C++ interface. That said, is there a static analysis tool, which can help detecting such ABI breaks, if it's given two different sets of header files: those of an earlier state of the DSO and those of the current state (and maybe DSOs as well)? Both free and comme...

How to identify a missing method (Binary Compatibility) in a JAR without running it?

I want to verify binary compatibility between 2 JARs. Following the suggestions in this answer I used jboss tattletale but it can find only missing classes. How can I find if there are missing methods? Is it possible at all? E.g. "Depends - on" class Foo depends on Bar (like many other middle class workers) import org.overlyusedcla...

how to raise warning if return value is disregarded - gcc or static code check?

I'd like to see all the places in my code (C++) which disregard return value of a function. How can I do it - with gcc or static code analysis tool? Bad code example: int f(int z) { return z + (z*2) + z/3 + z*z + 23; } int main() { int i = 7; f(i); ///// <<----- here I disregard the return value return 1; } Update: it ...

I don’t see the Buid and Analyze option in my Build Option in Xcode

Hey All, I am trying to use the Clang static analyzer in my code. I installed it and can run it succesfully from the terminal. But I wanted see it locally on the code not on Safari. The resort [sic] is to activate Build And Analyze in Build Options, which I dont see at all. Help me with this. Any clear step by step procedure for Clang's...

how to deal with a static analyzer output

We have started using a static analyzer (Coverity) on our code base. We were promptly stupefied by the sheer amount of warnings we received (its in the hundreds of thousands) , it will take the entire team a few months to clear them all (obliviously impossible). the options we discussed so far are 1) hire a contractor to sort out th...

What StyleCop like tools are there for VB.NET

see also VB.NET Static Code Anaylsis For better or for worst we now have a VB.NET coding standards document that is based on a C# coding standard as enforced by StyleCop. For example the number of spaces you should put in each side of a “+” sign etc all instance Members (fields and methods!) must be access as “me.fieldName” all sha...

What is the difference between the various xsl files included with CheckStyle?

The CheckStyle distribution contains several example XSL files for formatting reports. With CheckStyle 5.0, they are: checkstyle-author.xsl checkstyle-csv.xsl checkstyle-frames-errors.xsl checkstyle-frames.xsl checkstyle-noframes-sorted.xsl checkstyle-noframes.xsl checkstyle-simple.xsl checkstyle-text.xsl Some of the names are more ...

Free static checker for HiTech/Microchip C?

I'm writing a lot of code for the HiTech C compiler. I'm sure that my code would benefit from a static checker like splint, but splint itself trips up on some of HiTech's extensions, like cp0 and sfr declarations. I can't just tell splint to skip the HiTech headers, though, because then it has no idea where most of my identifiers are fro...

Custom PMD Rule - Check Package Comment In Place

I'm trying to write a rule to enforce that a package contains a Javadoc comment with a particular expression, e.g: /** * Example Expression */ Does anybody know how I would write such a rule using the AbstractJavaRule class. I've looked at ASTPackageDeclaration, but this doesn't appear to have what I want. Many thanks in advance.....

Is there any tool that can analyze the dependencies between variables in c# programs?

There are many tools that we can use to show the dependencies between modules, source code files, classes, or functions etc. But there seems no tool for analyzing the dependencies between variables. Given a dependency graph of variables would be helpful for understanding and refactoring the code. For example, if variable b is only used ...

Are there any tools that can "find references" to built in ops?

I was reading the explanation under this item in the Google C++ style guide and it got me thinking; are there any tools that work like VS's "Find all references" tool but for built in ops and the like? For example say I want to find all places where the native "+" operator is used on a pointer (or maybe just a pointer to an object) and a...

Any tools to check for duplicate VB.NET code?

I wish to get a quick feeling for how much “copy and paste” coding we have, there are many tools for C# / Java to check for this type of thing. Are there any such tools that work well with VB.NET? (I have seen what looks like lots of repeated code, but wish to get some number to help me make a case for sorting it out) Update on prog...

Findbugs Annotations - Do I need annotation.jar and jsr305.jar in my deployed code?

So, I would like to use the findbugs annotations to suppress warnings we deem ok code. Do we need to deploy the annotation.jar and jsr305.jar into our production runtime, or do we only need these jars in the classpath for our Eclipse project and our unix build environment? ...

Analysis Tools to help you in C development

I've just started learning C and I have a hard time finding bugs, memory leaks and the like. Which are good tools to assist you in finding such things? I heard of Valgrind but are there others? ...

Groovy/Grails plugin for Sonar

Sonar is an application for integrating output from several static and test analysis tools into a comprehensive overview of the software's quality. Unfortunately, most of those analysis tools (PDM, FindBugs, etc.) do not support Groovy and, by extension, Grails. We've found tools called CodeNarc and GMetrics which perform some of the a...

How do I enforce null checking?

I'm working on a large project where, even with 10s of 1000s of automated tests and 100% code coverage, we're getting a ridiculous number of errors. About 95% of errors we get are NullReferenceExceptions. Is there any way to enforce null-checking at compile time? Barring that, is there any way to automagically enforce null-checking in ...

Static source code analysis with LLVM

I recently discover the LLVM (low level virtual machine) project, and from what I have heard It can be used to performed static analysis on a source code. I would like to know if it is possible to extract the different function call through function pointer (find the caller function and the callee function) in a program. I could find th...

C#/.NET analysis tool to find race conditions/deadlocks

Is there a tool that analyses .NET code and finds race conditions? I have a bit of code that has a public static property that gets or creates a private static field. It also has a public static method that sets this field to null (...yes, I know!..) As there are no locks around either of these methods, it's a safe bet that things'll ...

What's your worst bug that Findbugs found?

What's the trickiest bug that Findbugs (or similar static analysis tool) has found in your code that you wouldn't have caught without using such tools? Code snippets of offending code would be much appreciated. Has the effort from running such tools and dealing with the false positives been worth it or would alternative methods (code r...