static-code-analysis

问题 I'm in need for some guidance regarding a question from a programming languages course I'm taking. We need to come up with a way to implement an array class in C++, so that accessing it's element is statically checked for overflow. We are not to use C++11 (static assertion) nor any other black-box solution - this is a theoretical question, not something I need for coding purposes. we did get a strong hint in the lecture slides : " it is impossible to detect overflow of array indices when

问题 Often you join two tables following their foreign key, so that the row in the RHS table will always be found. Adding the join does not affect the number of rows affected by the query. For example create table a (x int not null primary key) create table b (x int not null primary key, y int not null) alter table a add foreign key (x) references b (x) Now, assuming you set up some data in these two tables, you can get a certain number of rows from a: select x from a Adding a join to b following

问题 In eslint.json configuration, ESLint allows to configure rule strictness using the following logic: 0 - "off" 1 - "warning" 2 - "error" Example: { "rules": { "jasmine/valid-expect": 2, "eqeqeq": [2, "smart"] } } Question: Is it possible to make all plugin-specific rules strict (code 2)? In this case, we want all rules coming from jasmine (eslint-plugin-jasmine plugin) produce an error if there is a violation. I've tried to specify "jasmine/*": 2 and "jasmine": 2 , but both failed with a

问题 In Python world, one of the most widely-used static code analysis tools, pylint has a special check, that detects typos in comments and docstrings. Is there a way to detect typos in JavaScript code using static code analysis? To make the question more specific, here is an example code I want to cause a warning: // enter credntials and log in scope.loginPage.logIn(browser.params.regularUser.login, browser.params.regularUser.password); Here credntials is misspelled. 回答1: There is a eslint

问题 I have a fluent, extensible validation helper like: Assert.That(aParameter).IsNotNull(); It is extensible because the That method is actually generic (That<T>) and uses implicit typing to return a generic IAssertCondition<T> object. IsNotNull is actually an extension method. Anyway, the problem using this approach to validate the parameters passed into a method is that I get CA1062 warnings instructing me to validate the arguments before using them which, of course, I am already doing. I read

问题 We use Resharper with the StyleCop plugin. It works great inside Visual Studio without any problems. Now I'd like to get statistics about our projects. I am building all our solutions from the command line and so far managed to get the output from the compiler (warnings) static code analysis (ex FxCop) and unit testing (results and coverage). JetBrains offers a commandline tool that does code analysis for free (Link). I'm using it and it works as expected. The command line version does not

问题 I need to be able to identify calls to methods with specific annotations in Intellij Idea 13, during compile time or by using static code analysis, like calls to @Deprecated methods are identified. I have looked into doing a structural search in idea, these are supported in static code analysis, and am able to identify method calls from there, but I can't find a way to limit these to calls to method with annotations. For example public class A { @Foo public void foo(){ // do something... }

问题 In the Python world there are multiple static code analysis tools that can be easily extended with custom checks via writing plugins or extensions , for example: pylint flake8 In the JavaScript world, as far as I understand, jshint is the number one tool for static code analysis. I've been using it for a while and it definitely helps to find lots of code style violations, but, recently, I've encountered the need to extend jshint with a custom check. How can I do that? Is it extendable? I've

问题 I'm working on some C++ code where I have several manager objects with private methods such as void NotifyFooUpdated(); which call the OnFooUpdated() method on the listeners of this object. Note that they don't modify the state of this object, so they could technically be made const methods, even though they typically modify the state of the system as a whole. In particular, the listener objects might call back into this object and modify it. Personally I'd like to leave them as they are and

问题 Recently I figure out one tool [SonarQube] who helps me to find out the potential threats into code, I have addressed all issues reported by the tool. But it also gives me a potential threats issue for "protected void finalize()" method which is been override by me, tool displaying me a message "Do not override the Object.finalize() method". Can anybody please help me how to address this issue, the overrided method also include some business logic. 回答1: Never. Never! Never put any business