static-analysis

问题 After doing CDF I received following values of P (Sample of them) [0.43 0.12 0.0021 0.05 0.017 0.001 0.025 0.038 0.35 0.29] I want to combine my P values with the help of Fisher method and get the output in the following way: Select first 3 P values and combines them and get result from this (using fisher method). For example, my first combine P value would be : 0.43 ,0.12 0.0021 and my next P combine value would be 0.12, 0.0021 ,0.05 and so on. Can anyone tell me how we can apply Fisher

问题 Consider the following code: #include <stdio.h> void badidea(int**); int main(void) { int* p; badidea(&p); printf("%d\n", *p); /* undefined behavior happens here: p points to x from badidea, which is now out of scope */ return 0; } void badidea(int** p) { int x = 5; *p = &x; } The intent seems to be that it will print 5 , but it actually invokes undefined behavior, due to dereferencing a pointer to an out-of-scope local variable in main . How can I find instances of this problem in a codebase

问题 The reference states: setState() does not always immediately update the component. It may batch or defer the update until later. This makes reading this.state right after calling setState() a potential pitfall. Instead, use componentDidUpdate or a setState callback (setState(updater, callback)), either of which are guaranteed to fire after the update has been applied. If you need to set the state based on the previous state, read about the updater argument below. So it is considered a mistake

问题 I use frama-c tool to analyse the code below. int main (int argc, char *argv[]) { int i,a; for (i = 0; i < 100; i += 1) { a=0; if (a==0) { continue; } else { break; } } return 0; } the cmd is frama-c -pdg -dot-pdg graph main.c My question is about the control dependence. what's the circle node means? I try to explain the "while" node, maybe it stand for one time loop , because a loop start from "i<100",so there a control dependence ("i<100" ------o "while" ). Is what I guess right ? but what

问题 Is there a static analysis tool for identifying sql injection for php/mysql. A tool which run on a php script would analyze the sql statements and find if there are any possible sql injection possibilities for the sql statements. 回答1: Not sure if a tool like that exists for PHP Script, but the security compass tools are great for a first analysis : http://labs.securitycompass.com/index.php/exploit-me/ 回答2: What I found is rather disappointing. RATS (branded as Fortify) has some PHP suport,

问题 I see lots of php libraries that can parse html. A nice example is QueryPath which mimics the Jquery Api. However, I am looking to analyse phtml . So, not only would the library be good at analysing the DOM, but also be good at analysing the php processing instructions. e.g The Php Document Object Model or PDOM . A document like this: <?php require 'NameFinder.php'; $title = 'Wave Hello'; $name = getName(); ?><html> <head> <title><?php echo $title ?></title> </head> <body> <h1>Hello <?php

问题 When configuring Eclipse 4.2.0 to perform a null analysis (configured to use @javax.annotation.Nonnull etc.), the following code will generate the warning Null type safety: The expression of type int needs unchecked conversion to conform to '@Nonnull Integer' class C { static void foo(int i) { bar(i); // Warning } static void bar(@javax.annotation.Nonnull Integer i) { } } How am I supposed to fix this (without using @SuppressWarnings("null") )? It seems that the analyzer does not know that

问题 Is there a tool similar to emma, that reports which test covers a specific implementation ? 回答1: In case you want to see, which tests cover which line of code, you may use Clover that shows you: how many times one line got covered which tests covered line in question To see what one can expect from Clover, here is a screenshot: 回答2: If you don't want to bother paying / setting up Cover, a much simpler way is: remove / disable all breakpoints put a breakpoint on the line that you which to know

问题 I have setup buildbot to compile my Qt/C++ application with the /analyze flag. However the analysis is also delving into the qt headers which I don't care about: c:\qt\qt-everywhere-opensource-src-4.8.1\src\corelib\tools\qvector.h(547) : warning C6011: Dereferencing NULL pointer 'x.p': Lines: 474, 475, 476, 477, 478, 480, 491, 493, 497, 498, 499, 500, 503, 504, 518, 519, 520, 521, 522, 525, 545, 547 Whats the best way to exclude these files en mass? (Please note I am not using the IDE, I am

问题 I have some C++11 code using the auto inferred type that I have to convert to C++98. How would I go about converting the code, substituting in the actual type for all instances of auto ? 回答1: It is going to be a PITA, but you can declare an incomplete struct template accepting a single type parameter. Given the variable x you want to know the type of, you can use the struct with decltype(x) and that will lead to a compiler error that will show you the inferred type. For example: template