Stack Overflow
Stack Overflow

Questions tagged [code-analysis]

Code Analysis is the process of analyzing the code of the application to discover, review, validate or verify certain properties of the application. This is useful during the process of development and for testing the application before it is put in production mode, especially for checking the security related aspects.

Code Analysis is the process of analyzing the code of the application to discover, review, validate or verify certain properties of the application. This is useful during the process of development and for testing the application before it is put in production mode, especially for checking the security related aspects. Code analysis can be classified from several perspectives, including:

1. What can be analyzed: source code or binary code (byte code) of the application can be analyzed. Both of these categories have their pros and cons.

2. How or When should code be analyzed: Code can be analyzed statically (without executing it) or dynamically (while the application is executed). Static analysis, being conservative, is prone to false positive, but it is exhaustive. On the other hand, dynamic analysis, being very accurate, may miss certain behaviors which are not manifested in any of the execution monitored (because dynamic analysis only analyzes code that is executed - i.e. when certain conditions are met)

3. Purpose of the analysis: Flaws can be found, like NULL pointer dereferencing or passing an ASCII string instead of a Unicode string. Furthermore, aspects of the code can be found, like building various graphs of dependencies or deducing the conditions under which recursion will occur.

1882 questions
485
votes
12 answers

How can I perform static code analysis in PHP?

Is there a static analysis tool for PHP source files? The binary itself can check for syntax errors, but I'm looking for something that does more, like: unused variable assignments arrays that are assigned into without being initialized first and…
eswald
  • 8,368
  • 4
  • 28
  • 28
380
votes
4 answers

What does '# noqa' mean in Python comments?

While searching through a Python project, I found a few lines commented with # noqa. import sys sys.path.append(r'C:\dev') import some_module # noqa What does noqa mean in Python? Is it specific to Python only?
Ishpreet
  • 5,230
  • 2
  • 19
  • 35
184
votes
8 answers

Collection versus List what should you use on your interfaces?

The code looks like below: namespace Test { public interface IMyClass { List GetList(); } public class MyClass : IMyClass { public List GetList() { return new…
bovium
  • 2,869
  • 6
  • 25
  • 35
174
votes
9 answers

What static analysis tools are available for C#?

What tools are there available for static analysis against C# code? I know about FxCop and StyleCop. Are there others? I've run across NStatic before but it's been in development for what seems like forever - it's looking pretty slick from what…
Paul Mrozowski
  • 6,604
  • 9
  • 34
  • 47
140
votes
13 answers

How do I fix PyDev "Undefined variable from import" errors?

I've got a Python project using PyDev in Eclipse, and PyDev keeps generating false errors for my code. I have a module settings that defines a settings object. I import that in module b and assign an attribute with: from settings import…
Chris B.
  • 85,731
  • 25
  • 98
  • 139
113
votes
1 answer

What's with the integer cache maintained by the interpreter?

After dive into Python's source code, I find out that it maintains an array of PyInt_Objects ranging from int(-5) to int(256) (@src/Objects/intobject.c) A little experiment proves it: >>> a = 1 >>> b = 1 >>> a is b True >>> a = 257 >>> b = 257 >>> a…
felix021
  • 1,936
  • 3
  • 16
  • 20
101
votes
12 answers

CA2202, how to solve this case

Can anybody tell me how to remove all CA2202 warnings from the following code? public static byte[] Encrypt(string data, byte[] key, byte[] iv) { using(MemoryStream memoryStream = new MemoryStream()) { using…
testalino
  • 5,474
  • 6
  • 36
  • 48
87
votes
6 answers

'SuppressMessage' for a whole namespace

I use underscores for my test methods for a better readability and I want to suppress FxCop errors/warnings for the whole test namespace. How can I achieve this? I played with GlobalSuppressions.cs but nothing worked: [module:…
timmkrause
  • 3,367
  • 4
  • 32
  • 59
85
votes
16 answers

Tool to visualise code flow (C/C++)

Do you have any sugestions of tools to ease the task of understanding C/C++ code? We just inherited a large piece of software written by others and we need to quickly get up to speed on it. Any advice on tools that might simplify this task?
Dprado
  • 1,610
  • 1
  • 13
  • 13
82
votes
9 answers

VS2015: warning MSB3884: Could not find rule set file

After upgrading my WinForms VS2013 project to VS2015, I started seeing the MSB3884 "Could not find rule set file" warning. A Google search turned up one MSDN article, which a Stack Overflow article points to as well as numerous other sites. Similar…
Sarah Weinberger
  • 15,041
  • 25
  • 83
  • 130
74
votes
1 answer

Where has the Code Analysis window gone?

In Visual Studio 2013, I used the Code Analysis window to provide reports to both the Development and Management teams. In Visual Studio 2015 Enterprise RTM, these errors have returned to the error window and I can no longer just see CA issues for…
NikolaiDante
  • 18,469
  • 14
  • 77
  • 117
74
votes
6 answers

How to disable pre-commit code analysis for Git-backed projects using IntelliJ IDEA

I have a project in IntelliJ IDEA, and I'm using Git/GitHub as source control. Each time I try to commit changes, IntelliJ IDEA runs a lengthy code analysis and searches for TODOs. When it finds "problems," it prompts me whether or not I want to…
Hawkeye Parker
  • 7,817
  • 7
  • 44
  • 47
73
votes
3 answers

Visual Studio Code Analysis vs StyleCop + FxCop

I used previously StyleCop + FxCop on my Visual Studio's projects. But now I am testing Visual Studio Code Analysis tool, which is easier to integrate into MSBuild, and I have found that this tools analyses some of the rules of both FxCop and…
Jader Dias
  • 88,211
  • 155
  • 421
  • 625
60
votes
6 answers

What linters are there for C#?

Is there a lint-like tool for C#? I've got the compiler to flag warnings-as-errors, and I've got Stylecop, but these only catch the most egregious errors. Are there any other must-have tools that point out probably-dumb things I'm doing?
Ken
  • 2,651
  • 3
  • 19
  • 17
60
votes
9 answers

C# compiler error: "not all code paths return a value"

I'm trying to write code that returns whether or not a given integer is divisible evenly by 1 to 20, but I keep receiving the following error: error CS0161: 'ProblemFive.isTwenty(int)': not all code paths return a value Here is my code: public…
user115185
  • 735
  • 1
  • 6
  • 7
1
2 3
99 100