Skip to main content
Software Engineering

Questions tagged [static-analysis]

Ask Question

The analysis of source code or object code without executing the program. This may be done by automated tools or by human analysis.

55 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
2 votes
1 answer
264 views

I've began studying how the .NET Code Analysis works. It seems that it can be either enabled via a NuGet package or a property in the SDK-style *.csproj files. Also, starting in .NET 5, it is enabled ...
Gua-naiko-che's user avatar
  • 750
2 votes
7 answers
2k views

There are many posts about the benefits of static code analysis tools. However, in which scenarios would you recommend NOT using (or significantly limit) them? For example, do you also run them on ...
gebbissimo's user avatar
  • 269
5 votes
1 answer
213 views

I work for an engineering firm which builds most of our physics models in Excel with VBA. For myself and many other younger mechanical engineers in the company, this is not a good solution - we grew ...
Emily Conn's user avatar
  • 213
-1 votes
1 answer
416 views

Edit #1 I believe that I misrepresented my intent when writing this question by focusing too much on the issues that have arisen from our misuse/misunderstanding of locks. I am making this edit to try ...
notphilphil's user avatar
  • 107
2 votes
3 answers
279 views

I am brain storming on how to create a type system for a programming language, and what the compiler will do with the typing information. Here is what I have found, followed by the main question, ...
Lance Pollard's user avatar
  • 2,787
1 vote
3 answers
1k views

I'm in a situation where there is a code base that has TypeScript and ESlint but: There are a lot of type errors (code compiles despite errors using Babel) There are a lot of lint warnings. We may ...
dwjohnston's user avatar
  • 2,769
2 votes
1 answer
198 views

My team is currently developing an application using a microservice architecture with publish/subscribe interservice communication over a message bus. Certain types of HTTP requests and messages ...
Ashok Bhaskar's user avatar
  • 131
2 votes
4 answers
594 views

In our Ruby on Rails projects we use a linter for our slim templates: slim-lint. It doesn't support any automatic fixes, not even the easiest ones. So I'd like to abandon it because I don't like to go ...
schmijos's user avatar
  • 189
1 vote
3 answers
488 views

Let's say in an effort to improve quality, your team agrees on the following policy: all commits to the master branch (direct or via pull request) have to be categorized as either bugfixes or feature ...
Max's user avatar
  • 157
0 votes
1 answer
93 views

I don't normally use reflection directly while programming in Java. But I do use APIs and frameworks that internally rely on reflection or annotations to provide customization points. A lot of ...
Tim Seguine's user avatar
  • 129
0 votes
0 answers
75 views

I've noticed that data-flow analysis uses approximations of a programs steps by simulating the value flow in some way (which I don't fully understand yet). They describe it well here. On page 4 they ...
Lance Pollard's user avatar
  • 2,787
12 votes
1 answer
17k views

I've recently been looking at C++ static analysis tools. One thing that confuses me is the terminology used with these tools: Some tools are simply called "static analysis tools" (e.g. CppCheck), ...
Terence D's user avatar
  • 133
0 votes
5 answers
3k views

I was coding some functions in C++ and wondered how different versions of those functions would affect generated assembly code. I put different versions into the Godbolt Compiler Explorer Tool and ...
TorbenJ's user avatar
  • 183
6 votes
3 answers
4k views

If an enum type is dedicate only to a specific class, does it make sense to declare it inside the class itself? I mean, would it help to understand that this enum type was designed to be used only ...
abenci's user avatar
  • 217
7 votes
8 answers
2k views

SonarQube is a software product which runs various coding style rules and other metrics similar to FxCop or Re-sharper. It defines breaking the style rules as: "MAINTAINABILITY ISSUE This is ...
Ewan's user avatar
  • 84.6k
8 votes
2 answers
385 views

With Doctrine annotation processing engine for PHP, and Annotatons being used for Doctrine Entities and for Zend Form, and possibly other things, and use in other languages as well, it looks like ...
Dennis's user avatar
  • 8,267
28 votes
8 answers
5k views

We have here a large legacy code base with bad code you can't imagine. We defined now some quality standards and want to get those fulfilled in either completely new codebase, but also if you touch ...
keiki's user avatar
  • 481
8 votes
2 answers
885 views

I started to work on several C projects that are building using gcc. I believe this choice was made for several reasons: Had to cross-compile for arm very early on (I think). Performance is the first ...
nathdwek's user avatar
  • 271
0 votes
1 answer
70 views

We have quite a large project where and tend to apply risk based approach to stringency of unit tests and code reviews. E.g. components classified as A need to have higher coverage than components ...
Melioer's user avatar
  • 153
2 votes
3 answers
374 views

I need to know whether Static code analysis and code Quality are same or not because, I need to find out the tools for code quality and each time I google for it, I'm getting response for the tools ...
Alla Sasikanth's user avatar
  • 137
19 votes
3 answers
1k views

Static typing in a programming language can be helpful for enforcing certain guarantees at compile time- but are types the only tool for this job? Are there other ways of specifying invariants? For ...
Max Heiber's user avatar
  • 393
5 votes
2 answers
465 views

Supposing you work in a very large global company with lot of code at all levels (e.g. from embedded to mobile platform application code), and projects can last anything between 6 months to 5 years... ...
dukeofgaming's user avatar
  • 14k
3 votes
2 answers
186 views

I've started in a company that has been developing an app for 4 years. They haven't used any static analysis tool until now so if we include them we will have tons of warnings. Do you know how can we ...
Ignacio Soler Garcia's user avatar
  • 1,574
5 votes
2 answers
404 views

I want to integrate various static analysis tools, and then add the results as comments on a file within code review tools, such as Stash or Review board. I am exploring the feasibility of writing ...
Jase Rieger's user avatar
  • 151
1 vote
2 answers
11k views

Some static analysis tools flag non-private fields with Variable '[nameHere]' must be private and have accessor methods. Sonar consistently presents such warnings and wants to change all protected ...
Reginald's user avatar
  • 113
26 votes
1 answer
17k views

I heard about Visual Studio's Code analysis but never used one. I've read MSDN, but still don't understand the real use of Code analysis. Isn't it the same as StyleCop? Somewhere, FxCop was also ...
Arseni Mourzenko's user avatar
  • 139k
0 votes
1 answer
79 views

TLDR; I'm looking for ideas on how to flag code containing file names/paths that have inconsistent capitalisation with the actual file/directory. Situation I am migrating a significant code base ...
thexacre's user avatar
  • 1,175
0 votes
1 answer
845 views

I'm not sure how possible it even is but as a programmer I have a sense of risk involved when I'm making changes to a code base. I've never seen a tool which basically tells me, as I'm coding, how ...
Aaron Anodide's user avatar
  • 5,753
55 votes
4 answers
54k views

We use SonarQube to analyse our Java code and it has this rule (set to critical): Public methods should throw at most one checked exception Using checked exceptions forces method callers to ...
sdoca's user avatar
  • 679
8 votes
3 answers
1k views

I've inherited some Java code which I suspect harbours some concurrency bugs when synchronizing between a thread that queries data and an IO event that updates the same data. I'm trialling a static ...
doughgle's user avatar
  • 191
2 votes
2 answers
500 views

(Building on this question) If you have a static code analyser such as Checkstyle, is it possible to to relate any of the stuff that it checks for to actual robustness? Some of the things that ...
Force444's user avatar
  • 643
2 votes
2 answers
680 views

Even if I don't like enforcing people to do things (and I believe that it may decline the productivity and cause anger), I really want to enforce good coding style. Is there a way to set up ...
Cemre's user avatar
  • 189
3 votes
3 answers
1k views

I want to write a refactoring tool for the Java programming language. For this reason I need to do structural queries against the abstract syntax tree. Given this AST how do I get answers to the ...
matcauthon's user avatar
  • 1,261
79 votes
5 answers
11k views

Explaining the difference between strictness of languages and paradigms to a colleague of mine, I ended up asserting that: Tolerant languages, such as dynamic and interpreted languages, are used best ...
Arseni Mourzenko's user avatar
  • 139k
40 votes
4 answers
26k views

I have just been reading through some of the white papers & examples from Microsoft "Roslyn" and the concept seems very interesting. From what I can tell, it opens up the black box that is the ...
Richard Hooper's user avatar
  • 717
9 votes
2 answers
2k views

The first answer to an old, recently active question linked to a video which talks about how Google repository is done. One interesting thing which was mentioned is the fact that everything is build ...
Arseni Mourzenko's user avatar
  • 139k
4 votes
2 answers
277 views

Should code quality metric evaluation tools like Sonar be integrated with IDE for running local analysis or should they be a part of the build process (like integrated with maven) for continuous ...
Geek's user avatar
  • 5,217
0 votes
2 answers
685 views

Based on answers I have received here and then confirmed in some authoritative sources (not ISTQB which seems to be too vague), there are 3 activities: Static analysis Dynamic analysis Testing ...
John V's user avatar
  • 4,946
5 votes
3 answers
3k views

ISTQB, Wikipedia or other sources classify verification acitivities (reviews etc.) as a static testing, yet other do not. If we can say that peer reviews and inspections are actually a kind of a ...
John V's user avatar
  • 4,946
2 votes
1 answer
3k views

Many sources note that automatic static code analysis include data flow and control flow. But these two are included in white box testing as well. Is there a difference in the automation? That in ...
John V's user avatar
  • 4,946
2 votes
3 answers
2k views

Preparing myself also to ISTQB certification, I found they call static analysis actually as a static testing, while some engineering book distinct between static analysis and testing, which is the ...
John V's user avatar
  • 4,946
11 votes
5 answers
956 views

I'm used to search for the Landau (Big O, Theta...) notation of my algorithms by hand to make sure they are as optimized as they can be, but when the functions are getting really big and complex, it's ...
Julien L's user avatar
  • 219
17 votes
7 answers
2k views

I'm working at a company that would score 11 on Joel Test - at least on paper. In practice, however, nothing works quite as well as expected, and the project has been on DEFCON 1 for half a year. Now,...
user avatar
4 votes
2 answers
1k views

Basically I ran Intellij Idea 's plug in called FindBugs-Idea to analyze my code . I corrected whatever errror was caught and then ran the tool again but it was still complaining about the same error ...
Geek's user avatar
  • 5,217
2 votes
5 answers
2k views

For several years now I am a big fan of using static code analysis tools for checking the source code quality. We are mostly doing C# development so NDepend was the best way to go for me. Most of the ...
ollifant's user avatar
  • 241
3 votes
2 answers
364 views

I know there have been a number of discussions of whether break and continue should be considered harmful generally (with the bottom line being - more or less - that it depends; in some cases they ...
Bill's user avatar
  • 609
2 votes
1 answer
463 views

Is there a formal/academic connection between an imperative program and algebra, and if so where would I learn about it? The example I'm thinking of is: if(C1) { A1(); A2(); } if(C2) { A1(); A2(); } ...
Aaron Anodide's user avatar
  • 5,753
5 votes
2 answers
3k views

Currently for school we are working on a research project. The central question of this project is: Which architectural patterns can be detected using static code analysis? With architectural pattern ...
mrtentje's user avatar
  • 151
4 votes
4 answers
4k views

Possible Duplicate: What is the difference between Static code analysis and code review? What is the difference between static testing and code review? I found some information on wikipedia that ...
dbow's user avatar
  • 141
4 votes
1 answer
259 views

I have recently moved to a new company where I am tasked (in part) with evaluating the existing code base and coming up with patterns and best practices. Our development team consists of around 20 ...
André Haupt's user avatar
  • 227

1
2