static-analysis

问题 I have the following Java code: public class Something { static { new Something(); } public static final int[] EMPTY_INT_ARRAY = new int[0]; } I'm using FindBugs to look for code errors, but the following error is never raised: SI: Static initializer creates instance before all static final fields assigned (SI_INSTANCE_BEFORE_FINALS_ASSIGNED) The class's static initializer creates an instance of the class before all of the static final fields are assigned. Is this the correct case that should

问题 I am looking for some handy code analysis tools for iOS projects, esp. to do static analysis, dynamic analysis and generate call graphs. In my investigation so far, I found Dtrace as explained here and here Clang as explained here Doxygen as explained here Are there any other open source tools available for my case that I miss? Also has anyone tried any of the above ones successfully for objective-c iOS projects? Thanks 回答1: Are you not satisfied yet with the built-in XCode analyzer (Product

问题 I want to define a decorator within a class. I don't want to define it as a separated, independent function, for this decorator is specifically for this class and I want to keep the correlated methods together. The purpose of this decorator is to check some prerequisites, especially the database connection, SSH connection, etc., which are held by member variables, are still available. If not, the decorated function won't be called and some error reporting and clean-up works will be done. I

问题 I have been looking for tools to help detect errors that prevent a program from running properly as 64-bit code. Most recently, I've been toying with Klocwork and its custom checkers feature, which lets me navigate the source code as a tree using XPath. This is useful as a "smarter" alternative to regular expressions, but I have not been able to make it aware of types. For example, let's say I'd like to find every instance of a for loop that uses either an int or a long to count. The

问题 I compile this simple program: #include <cstdio> #include <iostream> using namespace std; struct Foo { int a; int b; }; struct Bar { //Bar() = default; int d; }; int main() { Foo foo; Bar bar; printf("%d %d\n", foo.a, foo.b); return 0; } and I get those warnings: $ g++ -std=c++11 -Wall -Wextra -Wpedantic foo.cpp -o foo foo.cpp: In function ‘int main()’: foo.cpp:21:9: warning: unused variable ‘bar’ [-Wunused-variable] Bar bar; ^ foo.cpp:23:11: warning: ‘foo.Foo::b’ is used uninitialized in

问题 As far as I know, the only way to exclude a directory is to mark it as excluded in project structure. However, this would make IntelliJ totally ignore the directory. Thus it will not appear in autocomplete options. I do not want this. I want exclusion from inspections but inclusion in everything else. Is this possible? I'm using Intellij 12.0.2. And, it's actually the bootstrap css and js failing the inspection. 回答1: As suggested by Peter Lawrey, the proper solution would be to use the custom

问题 Since version 1.80, Cppcheck tells me that Expression 'msg[ipos++]=checksum(&msg[1],ipos-1)' depends on order of evaluation of side effects in this code sequence (simplified, data is a variable) BYTE msg[MAX_MSG_SIZE]; // msg can be smaller, depending on data encoded int ipos = 0; msg[ipos++] = MSG_START; ipos += encode(&msg[ipos], data); msg[ipos++] = checksum(&msg[1], ipos-1); // <---- Undefined Behaviour? msg[ipos++] = MSG_END; // increment ipos to the actual size of msg and treats this as

问题 I have the following code: RegistryKey installKey = Registry.LocalMachine.OpenSubKey(installKey); I am running a static analysis tool on my code and it is giving me a defect saying that I am returning from the medthod without disposing installKey . I know you can call Dispose() on RegistryKey in .NET 4.0 or later but my code runs on .NET 3.5. Does anybody know the best way to Dispose this RegistryKey and keep my static analysis tool happy? 回答1: You should wrap your code within a using block,

问题 I am currently working on a codebase that is built on a foundation of sand. There are numerous classes in supposedly tested libraries that violate the "Rule of 3". Most declare a non-trivial destructor, but are missing either a copy constructor or assignment operator. Are there any compiler flags (gcc) or static analysis tools that warn when a class violates the rule of 3? Currently we are using Coverity with GCC version 4.4. 回答1: Coverity has. We use version 6.5. There is a checker MISSING

问题 I'm looking for an annotation something like -(SomeStruct *) structFromInternals __attribute__((returns_malloced_ptr)) { SomeStruct *ret = malloc(sizeof(SomeStruct)); //do stuff return ret; } to soothe the clang static analyzer beasts. The only viable attributes link I can find is for GCC, but it doesn't even include ns_returns_retained , which is in an extension, I assume. EDIT: as to why this is needed, I have a scenario that I can't repro in a simple case, so it may have to do with a c lib