THe process of examining source code for problems without executing it.
1
vote
1answer
88 views
Static code analysis application: Where to start?
I am trying to create a poc for a static code analysis tool supporting an Object Oriented and a procedural language (C and Java, for example). Even after quite a bit of internet search I am still not ...
6
votes
4answers
207 views
Is there a correlation between the scale of the project and the strictness of the language?
Explaining the difference between strictness of languages and paradigms to a colleague of mine, I ended up asserting that:
Tolerant languages, such as dynamic and interpreted languages, are used ...
4
votes
3answers
70 views
Codebase Analysis of Trends over Time
I've looked around for a solution (preferably not hosted, something I can run locally) to do static analysis of a codebase over time for things like SLOC, Complexity, authors, commits, etc. It has to ...
2
votes
1answer
125 views
Static code analysis for bash scripts
I program CLI utilities in bash to automate much of my work as a DBA.
I would like improve my code and make it more robus,t maybe with the help of some static code analysis tool like the one I used ...
3
votes
2answers
338 views
How is it possible to build the whole codebase from source at Google scale?
The first answer to an old, recently active question linked to a video which talks about how Google repository is done.
One interesting thing which was mentioned is the fact that everything is build ...
3
votes
2answers
120 views
Strategies for using a code metric evaluation tool
Should code quality metric evaluation tools like Sonar be integrated with IDE for running local analysis or should they be a part of the build process (like integrated with maven) for continuous ...
0
votes
2answers
200 views
Static analysis, dynamic analysis and testing
Based on answers I have received here and then confirmed in some authoritative sources (not ISTQB which seems to be too vague), there are 3 activities:
Static analysis
Dynamic analysis
Testing
...
5
votes
3answers
470 views
Inspection, code review - is it really testing?
ISTQB, Wikipedia or other sources classify verification acitivities (reviews etc.) as a static testing, yet other do not. If we can say that peer reviews and inspections are actually a kind of a ...
2
votes
1answer
297 views
Automatic static analysis vs White box testing
Many sources note that automatic static code analysis include data flow and control flow. But these two are included in white box testing as well. Is there a difference in the automation? That in ...
1
vote
3answers
303 views
Why some consider static analysis a testing and some do not?
Preparing myself also to ISTQB certification, I found they call static analysis actually as a static testing, while some engineering book distinct between static analysis and testing, which is the ...
7
votes
4answers
565 views
Semi-intelligent “diff” utility
Part of the QA steps required for a project I am tangentially involved with require the person who is responsible to integrate new version of source file to first calculate how many lines have been ...
8
votes
5answers
429 views
How to avoid the pitfalls of static analysis
I'm working at a company that would score 11 on Joel Test - at least on paper.
In practice, however, nothing works quite as well as expected, and the project has been on DEFCON 1 for half a year. ...
2
votes
2answers
268 views
Why does the code auditing tools like FindBugs require a compile step to work properly?
Basically I ran Intellij Idea 's plug in called FindBugs-Idea to analyze my code . I corrected whatever errror was caught and then ran the tool again but it was still complaining about the same error ...
7
votes
1answer
374 views
Are there tools that do automated validation of database standards?
I'm looking for something akin to FxCop, but for databases. Basically, I want to have a tool where I configure my database standards (naming conventions, field types, or more complex custom rules). ...
2
votes
5answers
755 views
Is automatically checking code quality via metrics possible?
For several years now I am a big fan of using static code analysis tools for checking the source code quality. We are mostly doing C# development so NDepend was the best way to go for me. Most of the ...
3
votes
2answers
193 views
“continue” and “break” for static analysis
I know there have been a number of discussions of whether break and continue should be considered harmful generally (with the bottom line being - more or less - that it depends; in some cases they ...
5
votes
2answers
436 views
Static Analysis tools to detect architectural patterns
Currently for school we are working on a research project. The central question of this project is: Which architectural patterns can be detected using static code analysis? With architectural pattern ...
4
votes
4answers
896 views
Difference between static testing and code review [duplicate]
Possible Duplicate:
What is the difference between Static code analysis and code review?
What is the difference between static testing and code review?
I found some information on ...
21
votes
8answers
773 views
Why is there such limited support for Design by Contract in most modern programming languages?
I recently discovered Design by Contract (DbC) and I find it an extremely interesting way to write code. Among other things, it would seem to offer:
Better documentation. Since the contract is the ...
5
votes
3answers
455 views
Handling false positives and legacy code warnings in static-analysis of C++ code? [closed]
We have a large "legacy" C++ code base on which no static analysis is run at the moment.
Every now and then, we are thinking about at least using cppcheck, maybe via Visual Lint. (I've also briefly ...
2
votes
3answers
188 views
Is it worth evaluating compiler optimization on trivial cases?
I'm currently testing Visual C++ 10 on some trivial pieces of code. For example, like this one (taken from here):
int main()
{
int i;
clrscr();
...
17
votes
6answers
620 views
Any success stories continuously using commercial static analysis tools for C++?
I can't decide whether an offer of a commercial static analysis tool is worth spending the resources. We tried the tool on several million lines of our C++ code and it found something like 50 real ...
16
votes
8answers
891 views
Can the concept of Entropy be used to analyze source code in a useful way?
It seems logical to me that one could define a context for static source code analysis that included rules to produce a relative value of complexity. I know it is not like in the physical sense ...
9
votes
4answers
301 views
Dependency analysis for tests
Google built a testing system that can infer which tests need to be run after a change. In their own words:
... we built a
continuous integration system that
uses dependency analysis to ...
5
votes
2answers
131 views
Why would a code analysis tool be priced based on lines of code count?
I heard some static analysis tools are priced depending on how much code they are licensed for.
I can think that it's usual segmentation - the more code the customer has the more care he needs and ...
13
votes
7answers
3k views
What are the real benefits of static code analysis?
Tools like pc-lint or QAC can be used to perform static code analysis on a code base.
In my experience the static analysis often yields a huge amount of noise, i.e. warnings on things that are not ...
10
votes
8answers
388 views
How can current IDEs improve the development experience? What secondary tools should be primary?
A modern IDE wouldn't be taken seriously if it didn't have a good editor with syntax highlighting, comprehensive warnings, and a source-level debugger. And there are many more tools/IDE features that ...
