static-analysis

问题 What are some of the strategies that are used when implementing FxCop / static analysis on existing code bases with existing violations? How can one most effectively reduce the static analysis violations? 回答1: Make liberal use of [SuppressMessage] attribute to begin with. At least at the beginning. Once you get the count to 0 via the attribute, you then put in a rule that new checkins may not introduce FxCop violations. Visual Studio 2008 has a nice code analysis feature that allows you to

问题 I want to use the Code Analysis in Visual Studio 2017 but I'm using Qt and it gives me a lot of warnings from the headers. I've tried turning off warnings: #pragma warning(push, 0) #include <QtGlobal> #pragma warning(pop) but it doesn't help. I also tried using this: #include <codeanalysis\warnings.h> #pragma warning(push, 0) #pragma warning(disable : ALL_CODE_ANALYSIS_WARNINGS) #include <QtGlobal> #pragma warning(pop) but no help. How can I disable the Code Analysis for the Qt external

问题 I want to use the Code Analysis in Visual Studio 2017 but I'm using Qt and it gives me a lot of warnings from the headers. I've tried turning off warnings: #pragma warning(push, 0) #include <QtGlobal> #pragma warning(pop) but it doesn't help. I also tried using this: #include <codeanalysis\warnings.h> #pragma warning(push, 0) #pragma warning(disable : ALL_CODE_ANALYSIS_WARNINGS) #include <QtGlobal> #pragma warning(pop) but no help. How can I disable the Code Analysis for the Qt external

问题 I've written a standard Analysis pass in LLVM, by extending the FunctionPass class. Everything seems to make sense. Now what I'd like to do is write a couple of intermodular passes, that is, passes that allows me to analyze more than one module at a time. The purpose of one such pass is to construct a call graph of the entire application. The purpose of the other such pass is that I have an idea for an optimization involving function calls and their parameters. I know about interprocedural

问题 I've written a standard Analysis pass in LLVM, by extending the FunctionPass class. Everything seems to make sense. Now what I'd like to do is write a couple of intermodular passes, that is, passes that allows me to analyze more than one module at a time. The purpose of one such pass is to construct a call graph of the entire application. The purpose of the other such pass is that I have an idea for an optimization involving function calls and their parameters. I know about interprocedural

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed last year . Is there some tool that is able to analyze Java source files , construct a graph from it and provide the graph's data in some standard / understandable format ? It definitively does not need to have GUI, I'd prefer a command line thing so I can process the output by various tools (for segmentation, visualization,.

问题 Are there any code linting tools for ObjectiveC? 回答1: Have a look at the LLVM/Clang Static Analyzer The LLVM/Clang static analyzer is a standalone tool that find bugs in C and Objective-C programs and it is very early in development. A static analyzer based on clang . The goal of the Clang project is to create a new C, C++, Objective C and Objective C++ front-end for the LLVM compiler. Edit Clang has now been integrated into Xcode and can easily be run as a menu option "Build & Analyse" 回答2:

问题 Javascript code can be tough to maintain. I am looking for tools that will help me ensure a reasonable quality level. So far I have found JsUNit, a very nice unit test framework for javascript. Tests can be run automatically from ant on any browser available. I have not found yet some javascript equivalent of PMD, checkstyle, Findbug... Do you know any static code analysis tool for javascript ? 回答1: This is an old thread, but if you're interested in running Jasmine for BDD testing in your

问题 There was a question comparing PMD and CheckStyle. However, I can't find a nice breakdown on the differences/similarities between PMD and FindBugs. I believe a key difference is that PMD works on source code, while FindBugs works on compiled bytecode files. But in terms of capabilities, should it be an either/or choice or do they complement each other? 回答1: I'm using both. I think they complement each other. As you said, PMD works on source code and therefore finds problems like: violation of

问题 Is there a way to programmatically check if a single C source file is potentially harmful? I know that no check will yield 100% accuracy -- but am interested at least to do some basic checks that will raise a red flag if some expressions / keywords are found. Any ideas of what to look for? Note: the files I will be inspecting are relatively small in size (few 100s of lines at most), implementing numerical analysis functions that all operate in memory . No external libraries (except math.h)