Questions tagged [static-analysis]
The analysis of source code or object code without executing the program. This may be done by automated tools or by human analysis.
55
questions
2
votes
1
answer
195
views
Why are most of the .NET code analysis rules disabled?
I've began studying how the .NET Code Analysis works. It seems that it can be either enabled via a NuGet package or a property in the SDK-style *.csproj files. Also, starting in .NET 5, it is enabled ...
2
votes
6
answers
1k
views
When to NOT use static code analysis tools?
There are many posts about the benefits of static code analysis tools. However, in which scenarios would you recommend NOT using (or significantly limit) them? For example, do you also run them on ...
5
votes
1
answer
186
views
How can I create a workflow for physical unit safety in Python?
I work for an engineering firm which builds most of our physics models in Excel with VBA. For myself and many other younger mechanical engineers in the company, this is not a good solution - we grew ...
-1
votes
1
answer
315
views
Building a function call tree at runtime
Edit #1
I believe that I misrepresented my intent when writing this question by focusing too much on the issues that have arisen from our misuse/misunderstanding of locks. I am making this edit to try ...
2
votes
3
answers
251
views
Where is the boundary between things which can be statically typechecked, and those which must be typechecked dynamically?
I am brain storming on how to create a type system for a programming language, and what the compiler will do with the typing information. Here is what I have found, followed by the main question, ...
1
vote
3
answers
827
views
Strategies for introducing or enforcing new linting or other code quality tooling rules
I'm in a situation where there is a code base that has TypeScript and ESlint but:
There are a lot of type errors (code compiles despite errors using Babel)
There are a lot of lint warnings.
We may ...
2
votes
1
answer
158
views
How could I programmatically generate a chart of interservice messaging flows before runtime?
My team is currently developing an application using a microservice architecture with publish/subscribe interservice communication over a message bus. Certain types of HTTP requests and messages ...
2
votes
4
answers
519
views
Does linting without auto-correction make sense?
In our Ruby on Rails projects we use a linter for our slim templates: slim-lint. It doesn't support any automatic fixes, not even the easiest ones. So I'd like to abandon it because I don't like to go ...
1
vote
3
answers
403
views
Automated test "all changes are feature-flagged", possible?
Let's say in an effort to improve quality, your team agrees on the following policy:
all commits to the master branch (direct or via pull request) have to be categorized as either bugfixes or ...
0
votes
1
answer
83
views
Effective ways of dealing with static analyser warnings caused by incidental use of reflection
I don't normally use reflection directly while programming in Java. But I do use APIs and frameworks that internally rely on reflection or annotations to provide customization points.
A lot of ...
0
votes
0
answers
61
views
Program Simulation Techniques
I've noticed that data-flow analysis uses approximations of a programs steps by simulating the value flow in some way (which I don't fully understand yet). They describe it well here. On page 4 they ...
12
votes
1
answer
14k
views
Difference Between Linter, Sanitizer and Static Analysis Tools
I've recently been looking at C++ static analysis tools. One thing that confuses me is the terminology used with these tools:
Some tools are simply called "static analysis tools" (e.g. CppCheck), ...
0
votes
5
answers
2k
views
How to evaluate efficiency of assembler code?
I was coding some functions in C++ and wondered how different versions of those functions would affect generated assembly code. I put different versions into the Godbolt Compiler Explorer Tool and ...
6
votes
3
answers
3k
views
Nesting class and enums types
If an enum type is dedicate only to a specific class, does it make sense to declare it inside the class itself? I mean, would it help to understand that this enum type was designed to be used only ...
6
votes
8
answers
2k
views
Can technical debt be detected by code analysis?
SonarQube is a software product which runs various coding style rules and other metrics similar to FxCop or Re-sharper. It defines breaking the style rules as:
"MAINTAINABILITY ISSUE
This is ...