static-analysis

问题 We are introducing static analysis tools into the build system for our Java product. We are using Maven2 so Checkstyle and PMD integration come for free. However it looks like there is a large overlap in functionality between these two tools, in terms of enforcing basic style rules. Is there a benefit from utilizing both of these? I don't want to maintain 2 tools if one will work. If we choose one, which one should we use and why? We are also planning on using FindBugs. Are there other static

问题 I want to create extra rules in FXCop. Custom Rules to help ensure specific best practices like checking against inline sql. I'm really looking for good resources and examples. Thanks! 回答1: This tutorial seems really comprehensive. 回答2: The tutorial above is pretty good. I knocked together a sample VS project that also might be useful, since I couldn't find any example projects http://www.doogal.co.uk/files/FxCopRules.zip 回答3: You can also use the commercial tool NDepend to write your custom

问题 Our static analysis tool complains about a "useless type qualifier on return type" when we have prototypes in header files such as: const int foo(); We defined it this way because the function is returning a constant that will never change, thinking that the API seemed clearer with const in place. I feel like this is similar to explicitly initializing global variables to zero for clarity, even though the C standard already states that all globals will be initialized to zero if not explicitly

问题 I'd like to see all the places in my code (C++) which disregard return value of a function. How can I do it - with gcc or static code analysis tool? Bad code example: int f(int z) { return z + (z*2) + z/3 + z*z + 23; } int main() { int i = 7; f(i); ///// <<----- here I disregard the return value return 1; } Please note that: it should work even if the function and its use are in different files free static check tool 回答1: You want GCC's warn_unused_result attribute: #define WARN_UNUSED _

问题 I'd like to see all the places in my code (C++) which disregard return value of a function. How can I do it - with gcc or static code analysis tool? Bad code example: int f(int z) { return z + (z*2) + z/3 + z*z + 23; } int main() { int i = 7; f(i); ///// <<----- here I disregard the return value return 1; } Please note that: it should work even if the function and its use are in different files free static check tool 回答1: You want GCC's warn_unused_result attribute: #define WARN_UNUSED _

问题 While iterating over the tokens using a Listener, I would like to know how to use the ParserRuleContext to peek at the next token or the next few tokens in the token stream? In the code below I am trying to peek at all the tokens after the current token till the EOF: @Override public void enterSemicolon(JavaParser.SemicolonContext ctx) { Token tok, semiColon = ctx.getStart(); int currentIndex = semiColon.getStartIndex(); int reqInd = currentIndex+1; TokenSource tokSrc= semiColon

问题 How could i extract API calls/System calls sequence from APK? I have decompiled source code from APK now i want to know if there is a tool that can extract all system calls made by that app from source code. 回答1: You should use CuckooDroid for analyze APK files. I installed it and I use. So I can get all services, activities etc. You can look there enter link description here or enter link description here They provide to get all functions about APK. 来源： https://stackoverflow.com/questions

问题 Why doesn't clang/clang-analyzer catch that I forgot to free a and have a memory leak? It's obvious. I looked at the man pages and i'm not sure what flags are required. $ scan-build clang++ -std=c++11 a.cpp scan-build: Using '/usr/bin/clang' for static analysis scan-build: Removing directory '/tmp/scan-build-2013-10-02-2' because it contains no reports. $ cat ./a.cpp #include <iostream> int main() { int *a = new int; *a = 8; std::cout<< a << std::endl; } 来源： https://stackoverflow.com

问题 I'm currently dealing with a class that's using a DelayQueue . I've noticed that since the objects in the DelayQueue implement the Delayed interface, the said objects need to implement a compareTo() method as well, which has already been done. Does this implicitly mean that I also should consider implementing an equals() method and a hashCode() method as well? The reason why I'm asking is because I stumbled upon this advice when searching through the project via FindBugs, and I'm trying to

问题 I have a very big EF edmx model with over 450 classes/entities. This has grown organically over the last 5 years. With Visual Studio 2013 and the CodeLens feature I have noticed that some classes have 0 references listed. When I do some research I have found that this is true and I can remove that entity from the model. The problem is that I would have to look at all 450 classes in the edmx to see if CodeLens says there are 0 references. Is there any report, export that I can get with