Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [static-analysis]

The analysis of source code or object code without executing the program. This may be done by automated tools or by human analysis.

Static analysis is a process of examining source code for problems without executing it. At the simple end, we have syntax errors reported by compilers. Specialized tools can catch higher-level problems, such as defects in reliability and security. Typically automated and incorporated into daily build systems.

See Also

54 questions
79
votes
5 answers

Is there a correlation between the scale of the project and the strictness of the language?

Explaining the difference between strictness of languages and paradigms to a colleague of mine, I ended up asserting that: Tolerant languages, such as dynamic and interpreted languages, are used best for prototypes and small projects or medium-size…
Arseni Mourzenko
  • 134,780
  • 31
  • 343
  • 513
52
votes
4 answers

Why shouldn't a method throw multiple types of checked exceptions?

We use SonarQube to analyse our Java code and it has this rule (set to critical): Public methods should throw at most one checked exception Using checked exceptions forces method callers to deal with errors, either by propagating them or by…
sdoca
  • 649
  • 1
  • 5
  • 9
39
votes
4 answers

Why would anyone invest time in Microsoft "Roslyn"?

I have just been reading through some of the white papers & examples from Microsoft "Roslyn" and the concept seems very interesting. From what I can tell, it opens up the black box that is the compiler and provides an interface that we can use to…
Richard Hooper
  • 707
  • 2
  • 6
  • 10
28
votes
8 answers

How to argue against lowering quality standards for legacy codebase?

We have here a large legacy code base with bad code you can't imagine. We defined now some quality standards and want to get those fulfilled in either completely new codebase, but also if you touch the legacy code. And we enforce those with Sonar…
keiki
  • 481
  • 6
  • 10
26
votes
1 answer

What is the purpose of Code analysis and when do I need to use it?

I heard about Visual Studio's Code analysis but never used one. I've read MSDN, but still don't understand the real use of Code analysis. Isn't it the same as StyleCop? Somewhere, FxCop was also mentioned. What is the difference with Code…
Arseni Mourzenko
  • 134,780
  • 31
  • 343
  • 513
22
votes
10 answers

Can the concept of Entropy be used to analyze source code in a useful way?

It seems logical to me that one could define a context for static source code analysis that included rules to produce a relative value of complexity. I know it is not like in the physical sense because souce code doesn't have "Energy" but I'm…
Aaron Anodide
  • 5,463
  • 5
  • 28
  • 37
20
votes
7 answers

What are the real benefits of static code analysis?

Tools like pc-lint or QAC can be used to perform static code analysis on a code base. In my experience the static analysis often yields a huge amount of noise, i.e. warnings on things that are not real bugs but somehow violate one of the rules in a…
cschol
  • 440
  • 2
  • 5
  • 9
19
votes
3 answers

Are there alternatives to types for static analysis?

Static typing in a programming language can be helpful for enforcing certain guarantees at compile time- but are types the only tool for this job? Are there other ways of specifying invariants? For example, a language or environment could help…
Max Heiber
  • 393
  • 1
  • 11
17
votes
7 answers

How to avoid the pitfalls of static analysis

I'm working at a company that would score 11 on Joel Test - at least on paper. In practice, however, nothing works quite as well as expected, and the project has been on DEFCON 1 for half a year. Now, most of my peers are happy if they can go back…
user2582
17
votes
3 answers

Is there a correlation between complexity and reachability?

I've been studying cyclomatic complexity (McCabe) and reachability of software at uni recently. Today my lecturer said that there's no correlation between the two metrics, but is this really the case? I'd think there would definitely be some…
Saladin Akara
  • 341
  • 1
  • 4
11
votes
1 answer

Difference Between Linter, Sanitizer and Static Analysis Tools

I've recently been looking at C++ static analysis tools. One thing that confuses me is the terminology used with these tools: Some tools are simply called "static analysis tools" (e.g. CppCheck), others are called "sanitizers" (e.g. ASan, TSan,…
Terence D
  • 123
  • 1
  • 1
  • 5
11
votes
5 answers

Programmaticaly finding the Landau notation (Big O or Theta notation) of an algorithm?

I'm used to search for the Landau (Big O, Theta...) notation of my algorithms by hand to make sure they are as optimized as they can be, but when the functions are getting really big and complex, it's taking way too much time to do it by hand. it's…
Julien L
  • 219
  • 1
  • 3
9
votes
2 answers

How is it possible to build the whole codebase from source at Google scale?

The first answer to an old, recently active question linked to a video which talks about how Google repository is done. One interesting thing which was mentioned is the fact that everything is build from source, without relying on binaries. This…
Arseni Mourzenko
  • 134,780
  • 31
  • 343
  • 513
8
votes
2 answers

Is practice of using Annotations detrimental to code quality and longer term code maintenance?

With Doctrine annotation processing engine for PHP, and Annotatons being used for Doctrine Entities and for Zend Form, and possibly other things, and use in other languages as well, it looks like Annotations are here to stay. Example Annotations…
Dennis
  • 8,157
  • 5
  • 36
  • 68
8
votes
2 answers

Is it wise to use Clang for personal code analysis in a project that builds with gcc?

I started to work on several C projects that are building using gcc. I believe this choice was made for several reasons: Had to cross-compile for arm very early on (I think). Performance is the first and foremost spec. gcc was and is still the easy…
nathdwek
  • 271
  • 1
  • 4
1
2 3 4