static-analysis

问题 I want to write a LLVM pass to instrument every memory access. Here is what I am trying to do. Given any C/C++ program (like the one given below), I am trying to insert calls to some function, before and after every instruction that reads/writes to/from memory. For example consider the below C++ program (Account.cpp) #include <stdio.h> class Account { int balance; public: Account(int b) { balance = b; } ~Account(){ } int read() { int r; r = balance; return r; } void deposit(int n) { balance =

问题 I would like to confirm if this is a bug on PMD? How do I file a ticket if it is. public static void main(final String[] args) { for (final String string : args) { string.getBytes(); //UR Anomaly } for (int i = 0; i < args.length; i++) { args[i].getBytes(); } } Lines 1-3 are being flagged as UR anomaly, while rewriting it to iterate with a local variable is fine. Would like to eliminate as much PMD violations, but it is inconvenient to have to resort to old loop construct as a workaround.

问题 I would like to confirm if this is a bug on PMD? How do I file a ticket if it is. public static void main(final String[] args) { for (final String string : args) { string.getBytes(); //UR Anomaly } for (int i = 0; i < args.length; i++) { args[i].getBytes(); } } Lines 1-3 are being flagged as UR anomaly, while rewriting it to iterate with a local variable is fine. Would like to eliminate as much PMD violations, but it is inconvenient to have to resort to old loop construct as a workaround.

问题 I would like to switch my application to LARGEADDRESSAWARE. One of issues to watch for is pointer arithmetic, as pointer difference can no longer be represented as signed 32b. Is there some way how to find automatically all instances of pointer subtraction in a large C++ project? If not, is there some "least effort" manual or semi-automatic method how to achieve this? 回答1: PC-Lint can find this kind of problem. Look at http://gimpel-online.com/MsgRef.html, error code 947: Subtract operator

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 2 years ago . In Java is this nice tool called FindBugs. Is there something similar in .Net? 回答1: FxCop and StyleCop will advise on usage. For actual bugs, perhaps PEX? There was a PDC video, too. 回答2: Here is Wikipedia List and CodeRush is a nice tool to use for .NET. 回答3: Try PVS-Studio is really great, can find a lot of

问题 I followed the steps in Finding memory leaks with the LLVM/Clang Static Analyzer but I was unable to run static analyzer on my project. When I try to run xcodebuild on my project (1. Open Terminal, 2. Go to Project Directly, 3. > xcodebuild), I get this error: === BUILDING NATIVE TARGET XProject OF PROJECT XProject WITH THE DEFAULT CONFIGURATION (Release) === Checking Dependencies... CodeSign error: no certificate found in keychain for code signing identity 'iPhone Developer' \** BUILD FAILED

问题 I would very much like to integrate pylint into the build process for my python projects, but I have run into one show-stopper: One of the error types that I find extremely useful--: E1101: *%s %r has no %r member* --constantly reports errors when using common django fields, for example: E1101:125:get_user_tags: Class 'Tag' has no 'objects' member which is caused by this code: def get_user_tags(username): """ Gets all the tags that username has used. Returns a query set. """ return Tag

问题 For a while I have been struggling with creating a control-flow graph with Soot and I kinda got lost in its tutorials. Rather than using Soot as an Eclipse plugin, I have been trying to use Soot as a library or API. What I want to do is, I have a bunch of Java projects and I want to create/generate a control-flow graph of these projects. I also saw that there is a feature in Soot that I can generate control-flow graphs in "DOT" format, which is quite acceptable for me as well. Any guide or

问题 For a while I have been struggling with creating a control-flow graph with Soot and I kinda got lost in its tutorials. Rather than using Soot as an Eclipse plugin, I have been trying to use Soot as a library or API. What I want to do is, I have a bunch of Java projects and I want to create/generate a control-flow graph of these projects. I also saw that there is a feature in Soot that I can generate control-flow graphs in "DOT" format, which is quite acceptable for me as well. Any guide or

问题 I m trying to understand how to build a AST for a proprietary language. I need to build a AST so I can feed in my rules and guidelines to check for the possible errors in the source code. How does one go about building a AST? Are there any books, articles that may help me get started. Will the dragon book on compilers help?. Please note i'm from a non-CS background. Thanks 回答1: This is a pretty large question. I do feel your pain, as I also tackled this problem from a non-CS background. It