4

Some very interesting tools providing static source code analysis of your project exist out there. However, I did not find any tool for Java Card. Java Card has some very specific issues, especially:

  • Memory usage issues (RAM vs EEPROM)
  • Dangerous comparisons of signed bytes (if (p1 > 0) { ... })
  • Wrong usage of new
  • ...

Do you know any tool which might solve these issues?

vojta
  • 5,591
  • 2
  • 24
  • 64
  • 2
    I see no reason for downvoting! This question: http://stackoverflow.com/questions/141498/what-open-source-c-static-analysis-tools-are-available?rq=1 has more than 200 upvotes... Moreover, any answer would be really useful for all Java Card developers! – vojta Jul 30 '15 at 12:25
  • 5
    You will note that question is closed. SO seems to hate questions about existence tools. I think that is seriously broken, because programming is about using tools. Why it makes sense to answer questions about how to use a tool, vs a tools existence, is beyond me. So your question is likely to get closed. I suggest you re-submit your question at "Software Recommendations", which exists so you can ask questions about the existence of tools. (SO+SR == SO + tools questions, so I really don't see the point of the SO policy). – Ira Baxter Jul 30 '15 at 13:13
  • @IraBaxter I somewhat agree, especially if it is just about the existence of tools. The answer however is very much linked with the time of asking, and it is very questionable if an answer would be better than for instance a Google search. That said, the fact that the answering format of SO is very flexible does make this site a great candidate to answer just this kind of thing. All in all, you can question the SO policy on meta. Using the *current rules* this question however *is* off topic. – Maarten Bodewes Jul 31 '15 at 13:58
  • @MaartenBodewes As a Java Card expert, you must know how difficult it is to find anything useful in our area. There are a few strong companies that protect their know-how and the limited community of independent developers. However, some very interesting projects come from universities - as a semestral project or a master thesis. Unfortunately, these projects do not need to make any money, that is why they often have no web pages and the Google search fails finding them. If there were a question at SO with links to some of these free useful tools, it could help the community a lot. – vojta Jul 31 '15 at 14:27
  • Yes, I agree that such a list would be helpful. But I'm not sure that such a list could or should be created on SO as an answer to a question - I don't think that anybody has an answer in place so it would come down to doing research. Besides that, I could post an empty list - would you accept that as an answer? What if somebody comes along with one or two (new) alternatives? Edit my accepted answer? Post a new answer, rinse & repeat? So although I agree that such a list would be useful, I'm not sure if asking for one here is all that practical. – Maarten Bodewes Jul 31 '15 at 14:46
  • @vojta: Maarten is pushing the standard SO policy line. Really, take your question to Software Recommendations, which has policies and approaches to help collect the answers you seek. – Ira Baxter Jul 31 '15 at 16:30
  • Seems there'll be no answer to this question. My current practice is to use Java static analysis tool (such as FindBugs) and perform code review based on Java Card best practice. Some of the practices are described by Gemalto in "Java Card™ & STK Applet Development Guidelines". You can google to get the document. – David Aug 07 '15 at 03:00
  • There won't be any further answer here at SO with the question closed. @Vojta didn't seem to get the hint about Software Recommendations. – Ira Baxter Aug 10 '15 at 08:28

0 Answers0