static-analysis

问题 I was at the StackOverflow Dev Days convention yesterday, and one of the speakers was talking about Python. He showed a Memoize function, and I asked if there was any way to keep it from being used on a non-pure function. He said no, that's basically impossible, and if someone could figure out a way to do it it would make a great PhD thesis. That sort of confused me, because it doesn't seem all that difficult for a compiler/interpreter to solve recursively. In pseudocode: function isPure

问题 Believe it or not, I want to use static_assert in a macro that expands to a designated initializer: #define INIT(N) \ /* static_assert((N) < 42, "too large"), */ \ [(N)] = (N) int array[99] = { INIT(1), INIT(2), INIT(42) }; I want an error from INIT(42) , but uncommenting the static_assert is a syntax error. AFAIK static_assert is syntactically a declaration. How can I use it in this example? 回答1: #define INIT(N) \ [(N)] = (sizeof((struct {_Static_assert((N) < 42, "too large");char c[N];}){{0

问题 Generally speaking, when writing a llvm frontend, one will take an AST and first check that its semantics is well-defined. After this, one will take the AST and perform the IR build phase. I was wondering, how realistic is to perform directly the IR build phase onto the AST, and if errors are found during the build process, revert any partial changes to the module object? I assume something like this would be required: remove defined Types remove defined Globals anything else i'm missing? Any

问题 Here is my LLVM Pass: #include <llvm/IR/Function.h> #include <llvm/Pass.h> #include <llvm/Support/raw_ostream.h> #include <llvm/Analysis/MemoryDependenceAnalysis.h> using namespace llvm; namespace { struct MemDepend : public FunctionPass { static char ID; MemDepend() : FunctionPass(ID){} virtual bool runOnFunction(Function &F) { MemoryDependenceAnalysis *MDA = &getAnalysis<MemoryDependenceAnalysis>(); return false; } virtual void getAnalysisUsage(AnalysisUsage &AU) const { AU.setPreservesAll(

问题 I'm asking a question similar to this post about an LLVM alias analysis that seems to give incorrect results. Since it contains considerable re-writing, I have decided to post it as a separate question. I'm running this very simple code: char *foo() { int i; int size; char *s=malloc(5); char *p=malloc(8); while ((i < size) && (s < p)) { i--; } return NULL; } Every time my code runs into an icmp instruction, I ask whether its operands can be aliases of one another. For the first comparison it

问题 Very common mistake in our code is to write @Mock Object object; @InjectMocks Subject subject; instead of @Mock private Object object; @InjectMocks private Subject subject; This prevents PMD/FindBugs/IntelliJ from issuing warning when the field becomes unused and also our code reviews are bloated with "make this field private" comments. Is there any static-analysis rule in any tool to warn when fields with specific annotations do not have expected visibility? I found Checkstyle's

问题 It is a very common and, sometimes, difficult to spot problem when "action chains" are defined but not being actually applied. Example: # incorrect ActionChains(driver).move_to_element(some_element).click(some_element) as opposed to: # correct ActionChains(driver).move_to_element(some_element).click(some_element).perform() ^^^^^^^^^ ActionChains would essentially do nothing and perform no action without perform() . Is there a way to catch this type of a problem early with static code analysis

问题 I am wondering if it's possible to detect this kind of buffer overflow somehow in Windows. Buffer is global ( not on stack ) so /RTC in Visual Studio 2008, VS2012 is not checking it. MinGW gcc also failed. #include <stdio.h> char buffer[2]; void main() { sprintf(buffer,"12345"); } My first thought was static analysis. VS2012 Code Analysis : nothing CppCheck: nothing PCLint Online: nothing ( http://www.gimpel-online.com/OnlineTesting.html ) PVS-Studio: nothing another solution is to use _s

问题 I have this retained property declared like this: @property (nonatomic, retain) NSMutableDictionary *codes; then I synthesize this: @synthesize codes; I use the property like this: self.codes = [NSMutableDictionary dictionary]; Then, I forget to say [codes release]; in my dealloc . When I run Analyzer in XCode 4.3.2, this is not shown as an issue. My base SDK is iOS 5.1 and my compiler is Apple LLVM compiler 3.1 Why doesn't analyzer pick this up? 回答1: I imagine it's because the analyzer can't

问题 In https://stackoverflow.com/a/57116260/946226 I learned how to verify that a function foo that operates on a buffer (given by a begin and end pointer) really only reads form it, but creating a representative main function that calls it: #include <stddef.h> #define N 100 char test[N]; extern char *foo(char *, char *); int main() { char* beg, *end; beg = &test[0]; end = &test[0] + N; foo(beg, end); } but this does not catch bugs that only appear when the buffer is very short. I tried the