Our team is investigating various options for static analysis in our project, and have mixed opinions about whether we want our Continuous Integration build to fail because of warnings from static analysis. The argument against failing the build is that there are often exceptions to the rules, and attempting to work around them just to ...
Hello! Are there tools out there which could automatically find copy-and-paste code among a set of files? I was thinking of writing a script for this, which would just search for equal strings, but such script would find mostly irrelevant equalities. (Such as private final static ...). ...
The answers to the following question describe the recommended usage of static_cast, dynamic_cast, and reinterpret_cast in C++: http://stackoverflow.com/questions/332030/when-should-static-cast-dynamic-cast-and-reinterpret-cast-be-used Do you know of any tools that can be used to detect misuse of these kinds of cast? Would a static ana...
I'm trying to make a PHP regex to extract functions from php source code. Until now i used a recursive regex to extract everything between {} but then it also matches stuff like if statements. When i use something like: preg_match_all("/(function .(.))({([^{}]+|(?R))*})/",$this->data,$matches2); It doesn't work when there is more than 1...
I'm looking for a nice stackoverflow-style answer to the first question in this old blog post, which I'll repeat below: "I’d really like some tool (ideally, g++ based) that shows me what parts of compiled/linked code are generated from what parts of C++ source code. For instance, to see whether a particular template is being instantiate...
I'm looking for a static code analysis tool that will determine if I have orphaned functions in my VB6 code. The problem I'm running into is we make calls to the VB6 code from classic asp. Is there a tool that will look at both the classic asp and VB6 and determine if there are any orphaned functions? ...
I work on a project known as the Security Development Lifecycle (SDL) project at Microsoft (http://microsoft.com/sdl) - in short it's a set of practices that must be used by product groups before they ship products to help improve security. Over the last couple of years, we have published a great deal of SDL documentation, as customers ...
What are some best practices for using pc-lint - how to wade thru the zillion options? I'm particularly interested in better ways to read/parse the output files. ...
I create class libraries, some which are used by others around the world, and now that I'm starting to use Visual Studio 2010 I'm wondering how good idea it is for me to switch to using code contracts, instead of regular old-style if-statements. ie. instead of this: if (fileName == null) throw new ArgumentNullException("fileName");...
So, you are using a bunch of javascript libraries in a website. Your javascript code calls the several APIs, but every once in a while after an upgrade, one of the API changes, and your code breaks, without you knowing it. How do you prevent this from happening? I'm mostly interested in javascript, but any answer regarding dynamically ...
I'm trying to encourage a best practice of not catching general exceptions in Java code. eg: try { ... } catch (Exception e) { // bad! ... } Is there a way to flag this as an error/warning in Eclipse? I know PMD picks this up, but I'd rather avoid integrating it into everyone's build environment at the moment. ...
Hi everybody, Currently I am making a survey about source code analysis and the thing that puzzles me greatly is what is it that project managers and developers would like to filter when analyzing source code (especially when applying OOP metrics - e.g. skpping insignificant methods and classes during analysis or filtering context-bas...
Current static source analysis tools for C# (or other .NET languages) usually operate on the assembly-level. They use reflection to analyse the code. Are there tools available that operate on a source code level only (like lint for C)? ...
I have code similar to: if conditionA(x, y, z) then doA() else if conditionB(x, y, z) then doB() ... else if conditionZ(x, y, z) then doZ() else throw ShouldNeverHappenException I would like to validate two things (using static analysis): If all conditions conditionA, conditionB, ..., conditionZ are mutually exclusive (i.e. it ...
I'm looking for such a tool to be able to check fast if I catch all the exceptions I generate myself. Thanks! ...
I was going through an article today when it mentioned the following: "We've found many errors over the years. One of the absolute best was the following in the X Window System: if(getuid() != 0 && geteuid == 0) { ErrorF("Only root"); exit(1); } It allowed any local user to get root access. (The ...
I am looking for a free static checker for C99 code (including GCC extensions) with the ability to explicitly say "these preprocessor macros are always defined." I need that last part because I am compiling embedded code for a single target processor. The compiler (Microchip's C32, GCC based) sets a macro based on the selected processo...
How do you keep yourself coding to standards? There is stylecop and resharper for C#. Are there any tools/eclipse plugins for code analisys in Java? Which of them do you use? ...
hi i have installed "phpmyvisitors" cms to get statistics of my sites visits. it is written in php and is open source. i gets many useful information like: -total visits -viewed pages -visitor browser informations -visitor distribution over the world -how visitors access to site -how much time they spend on sites and .... it is...
When I run FindBug on this code, it reports NO issues. boolean _closed = false; public void m1(@Nullable String text) { if(_closed) return; System.out.println(text.toLowerCase()); } While here it finds issue as expected: public void m1(@Nullable String text) { System.out.println(text.toLowerCase()); // FindBugs...