static-analysis

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . I'm looking for Static Analysis Tools for Database Tier. I got some answers for reviewing PLSQL, TSQL code, i'm wondering what are the options available for reviewing database design for naming conventions of tables and their columns, foreign key constraints and triggers etc. There is MSDN article which talks

问题 i am trying explore static code analysis option in VS 2013. I have written very simple code below int main() { int a, b; //found unused variable std::cout << "Hello world!"; std::cin >> a; int* i = new int; // analysis didn't find this memory leak //delete i; //i = NULL; } when I run code analysis on the above block, I expect it finds int* i = new int; and warns about memory leak, but it didn't find but find unused variable b. So now I am in bit confusion, memory leak is a most common mistake

问题 I need to identify integer variables which behave like boolean variables , that is, they can only have the values 0 or 1 . For that purpose, I modified the llvm bitcode to add an equivalent instruction to: int tmp = someVar*(someVar-1); Hoping that agressive O3 optimizations will identify tmp as being the constant value 0 . Here is a C version of the code I used: int should_expand(char *s) { int tmp = 0; int ret = 0; char *p = s; if (p && *p == '&') { ret = 1; } tmp = ret * (ret - 1); return

问题 I have a multi-module sbt project with the following structure: parent/ child1/ src/ group/ child1/ src/ child2/ src/ I need to configure SonarQube to scan all of the modules in (possibly) nested folders. Note: I have child1 and group/child1 modules, which makes "flattening" all modules not possible. In build.sbt I use names like: val `group-child1` = (project in (file("group/child1"))) val `child1` = (project in (file("child1"))) With a flat multi-module structure it would be easy to

问题 I am using enumerator values for flags: typedef enum { a = 0x00, b = 0x01u, // the u has no influence, as expected c = 0x02u, // the u has no influence, as expected ... } enum_name; volatile unsigned char* reg = SomeAddress; *reg |= b; According to MISRA-C:2004 bitwise operations shall not be done with a signed type. Unfortunately, My compiler IAR use signed int (or short or char) as underlying type of enums, and the only option I can find relates to the size, not the signedness ("--enum-is

问题 I wrote a C function that checks if two given strings (C-style) are anagrams or not. I try to verify it with Frama-C but it cannot validate the final behaviors of the function (other specifications are valid). The first one goes to timeout (even with very high timeout values in WP) and the second is unknown. Here is the code: #include <string.h> //@ ghost char alphabet[26] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x'

问题 I am given this C code (the details of the code, including possible bugs, are not very relevant): int read_leb128(char **ptr, char *end) { int r = 0; int s = 0; char b; do { if ((intptr_t)*ptr >= (intptr_t)end) (exit(1)); b = *(*ptr)++; r += (b & (char)0x7f) << s; s += 7; } while (b & (char)0x80); return r; } and I want to throw some formal methods at it to rule out dangerous bugs. In particular, I would like a assurance that this function does not modify any value besides *ptr and only reads

问题 I have a Java project which consists of a couple of modules. I am using Sonar to statically analyse my code. Currently I am using sonar-runner to analyse each of the modules, and they appear as different Projects in the main page of Sonar. I would like to see the main project name on the main page, and, once I will click on it, and than on "Components" - to see all of it's modules as sub-projects - just like it appears here: http://nemo.sonarsource.org/components/index/308832 回答1: No it's not

问题 Suppose I have the original method below. public String someMethod(String str) { String returnStr; if("BLAH".equals(str)) { returnStr="ok"; } else if ("BLING".equals(str)) { returnStr="not ok"; } else if ("BONG".equals(str)) { returnStr="ok"; } return returnStr; } Does converting to below truly reduce CC? Map<String, String> validator = new HashMap<String,String>(); validator.put("BLAH","ok"); validator.put("BLING","not ok"); validator.put("BONG","ok"); public String someMethod(String str) {

问题 GOAL: I'm interested in generating a DOT Format description of the class dependencies in a PHP program. IDEA: It shouldn't be hard to write a CodeSniffer "sniff" that can detect (and emit DOT records for) the following patterns in PHP source: class SomeClassName extends BasicClassName { // SomeClassName refers to BasicClassName ... new OtherClassName(); // SomeClassName refers to OtherClassName ThisClassName::some_method(); // SomeClassName refers to ThisClassName ThatClassName::$some_member;