The static-analysis tag has no wiki summary.
20
votes
8answers
701 views
Why is there such limited support for Design by Contract in most modern programming languages?
I recently discovered Design by Contract (DbC) and I find it an extremely interesting way to write code. Among other things, it would seem to offer:
Better documentation. Since the contract is the ...
17
votes
6answers
534 views
Any success stories continuously using commercial static analysis tools for C++?
I can't decide whether an offer of a commercial static analysis tool is worth spending the resources. We tried the tool on several million lines of our C++ code and it found something like 50 real ...
16
votes
8answers
811 views
Can the concept of Entropy be used to analyze source code in a useful way?
It seems logical to me that one could define a context for static source code analysis that included rules to produce a relative value of complexity. I know it is not like in the physical sense ...
11
votes
7answers
2k views
What are the real benefits of static code analysis?
Tools like pc-lint or QAC can be used to perform static code analysis on a code base.
In my experience the static analysis often yields a huge amount of noise, i.e. warnings on things that are not ...
10
votes
8answers
371 views
How can current IDEs improve the development experience? What secondary tools should be primary?
A modern IDE wouldn't be taken seriously if it didn't have a good editor with syntax highlighting, comprehensive warnings, and a source-level debugger. And there are many more tools/IDE features that ...
9
votes
4answers
286 views
Dependency analysis for tests
Google built a testing system that can infer which tests need to be run after a change. In their own words:
... we built a
continuous integration system that
uses dependency analysis to ...
8
votes
5answers
403 views
How to avoid the pitfalls of static analysis
I'm working at a company that would score 11 on Joel Test - at least on paper.
In practice, however, nothing works quite as well as expected, and the project has been on DEFCON 1 for half a year. ...
7
votes
1answer
281 views
Are there tools that do automated validation of database standards?
I'm looking for something akin to FxCop, but for databases. Basically, I want to have a tool where I configure my database standards (naming conventions, field types, or more complex custom rules). ...
6
votes
4answers
476 views
Semi-intelligent “diff” utility
Part of the QA steps required for a project I am tangentially involved with require the person who is responsible to integrate new version of source file to first calculate how many lines have been ...
5
votes
3answers
395 views
Handling false positives and legacy code warnings in static-analysis of C++ code? [closed]
We have a large "legacy" C++ code base on which no static analysis is run at the moment.
Every now and then, we are thinking about at least using cppcheck, maybe via Visual Lint. (I've also briefly ...
5
votes
3answers
408 views
Inspection, code review - is it really testing?
ISTQB, Wikipedia or other sources classify verification acitivities (reviews etc.) as a static testing, yet other do not. If we can say that peer reviews and inspections are actually a kind of a ...
5
votes
2answers
127 views
Why would a code analysis tool be priced based on lines of code count?
I heard some static analysis tools are priced depending on how much code they are licensed for.
I can think that it's usual segmentation - the more code the customer has the more care he needs and ...
5
votes
2answers
395 views
Static Analysis tools to detect architectural patterns
Currently for school we are working on a research project. The central question of this project is: Which architectural patterns can be detected using static code analysis? With architectural pattern ...
4
votes
4answers
704 views
Difference between static testing and code review [duplicate]
Possible Duplicate:
What is the difference between Static code analysis and code review?
What is the difference between static testing and code review?
I found some information on ...
3
votes
2answers
186 views
“continue” and “break” for static analysis
I know there have been a number of discussions of whether break and continue should be considered harmful generally (with the bottom line being - more or less - that it depends; in some cases they ...
2
votes
5answers
649 views
Is automatically checking code quality via metrics possible?
For several years now I am a big fan of using static code analysis tools for checking the source code quality. We are mostly doing C# development so NDepend was the best way to go for me. Most of the ...
2
votes
3answers
180 views
Is it worth evaluating compiler optimization on trivial cases?
I'm currently testing Visual C++ 10 on some trivial pieces of code. For example, like this one (taken from here):
int main()
{
int i;
clrscr();
...
2
votes
2answers
222 views
Why does the code auditing tools like FindBugs require a compile step to work properly?
Basically I ran Intellij Idea 's plug in called FindBugs-Idea to analyze my code . I corrected whatever errror was caught and then ran the tool again but it was still complaining about the same error ...
2
votes
1answer
231 views
Automatic static analysis vs White box testing
Many sources note that automatic static code analysis include data flow and control flow. But these two are included in white box testing as well. Is there a difference in the automation? That in ...
2
votes
2answers
94 views
Strategies for using a code metric evaluation tool
Should code quality metric evaluation tools like Sonar be integrated with IDE for running local analysis or should they be a part of the build process (like integrated with maven) for continuous ...
1
vote
3answers
230 views
Why some consider static analysis a testing and some do not?
Preparing myself also to ISTQB certification, I found they call static analysis actually as a static testing, while some engineering book distinct between static analysis and testing, which is the ...
0
votes
2answers
162 views
Static analysis, dynamic analysis and testing
Based on answers I have received here and then confirmed in some authoritative sources (not ISTQB which seems to be too vague), there are 3 activities:
Static analysis
Dynamic analysis
Testing
...
