Understanding code metrics

I recently installed the Eclipse Metrics Plugin and have exported the data for one of our projects.It's all very good having these nice graphs but I'd really like to understand more in depth what they all mean. The definitions of the metrics only go so far to telling you what it really means.Does anyone know of any good resources, books, websites, etc, that can help me better understand what all the data means and give an understanding of how to improve the code where necessary?I'm interested in things like Efferent Coupling, and Cyclomatic Com...Read more

code analysis - What duplication detection threshold do you use?

We all agree that duplication is evil and should be avoid (Don't Repeat Yourself principle). To ensure that, static analysis code should be used like Simian (Multi Language) or Clone Detective (Visual Studio add-in)I just read Ayende's post about Kobe where he is saying that : 8.5% of Kobe is copy & pasted code. And that is with the sensitivity dialed high, if we set the threshold to 3, which is what I commonly do, is goes up to 12.5%.I think that 3 as threshold is very low.In my company we offer quality code analysis as a service, our ...Read more

code analysis - Calculate cyclomatic complexity at run time for generated program tree

I am running an evolutionary algorithm that automatically generates S-expressions that represent an abstract syntax tree. From there I generate C code to create a compilable program.For each generated expression I need to calculate the cyclomatic complexity to be used in the fitness calculation. I have noticed that there are tools available to do so (such as the metrics Eclipse plugin), but I was hoping for something that could analyze a more generic program representation.I could see calling an external tool, however I think that would signi...Read more

code analysis - PMD Apex Can't find resource for rule on Windows

I'm trying to configure PMD for code analysis.I'm using VS Code, already installed Java 10, downloaded several versions of PMD I've installed the Apex PMD extension for VS Code and configured it as per it's instructions.But keep getting the can't find resource error no matter which version I choose.This is part of the output from VS Code PMD Command: java -cp "C:\Code\pmd-bin-5.7.0\lib*" net.sourceforge.pmd.PMD -d "c:\Code\Lightning\src\classes\AccountController.cls" -f csv -R "C:\Code\ruleset\apex_default.xml" error:Error: Command failed: ja...Read more

findbugs - Code Analysis: check if a String parameter of a given function is available in a *.properties file

Consider the Java code:ReadProperty.get("info")And a my_stettings.properties file:info=Lorem ipsumserver=computer01I was wondering if it is possible to use a code analysis tool (Checkstyle, FindBugs, PMD...) to check if the String parameter of my get() method is available in the my_stettings.properties file.ReadProperty.get("servers") //should produce a warningReadProperty.get("server") //is OKHave you some inputs on how I can achieve this?...Read more

static and dynamic code analysis

I found several questions about this topic, and all of them with lot of references, but still I don't have a clear idea about that, because most of the references speak about concrete tools and not about the concept in general of the analysis. Thus I have some questions:About Static analysis:1. I would like to have a reference, or a summary of which techniques are successful and have more relevance nowadays. 2. What really can they do about discovering bugs, can we make a summary or it is depending of the tool?About symbolic execution:1. Where...Read more

Error in FxCop Phoenix analysis engine

So I'm trying to run a bunch of rules which are defined in a RuleSet. The RuleSet file is actually generated using Sonarqube - I've selected absolutely all rules in there, including the FxCop, ReSharper and StyleCop rules. I'm kicking off FxCop like this:C:/FxCop/FxCopCmd.exe /file:C:\TestProject\bin\TestProject.dll /ruleset:=C:\TestProject\testproject.ruleset /out:C:\TestProject\fxcop-report.xml /outxsl:none /forceoutput /searchgac /aspnetIt starts correctly, but I get the following message: Initializing Introspection engine... Analyzing... ...Read more

Configuration of Code Clones in Visual Studio 11

I really like the new built in feature of VS11 to find 'Code Clones' but there does not seem to be any way to configure it.An example would be only show me exact clones of 5 lines or more. Right now it gives Exact, Strong, Medium and Weak matches and it seems like they are for 10 lines or more. If I could configure this it would help work through the clones and it would find me those small methods that I am sure have been cut and pasted over the years.UPDATEHere is the notes from the documentation for the Release Preview version about how to ...Read more

Can code audits be considered static analysis?

When people talk about static analysis, they usually talk about quality metrics and programming conventions. And seems that code auditing is something apart, since what it finds are bugs and security breaches. When, in theory, both are static analysis (code audits are made without executing the program, aren't they? With tools like Findbugs, Coverity, etc.).So, is code auditing static analysis also?...Read more

Is its possible to implement CAST-like analysis with SonarQube?

In my (huge) company we mostly use two tools for code analysis:Sonar(Qube) - in the development, tightly integrated with CIs, known and loved my developers.CAST - required by the processes. No continuous measurements, only a couple of times a year, for instance on major releases. CAST analysis is completely decoupled from the development, done by a separate team (we just send the delivery package to analyse).I'm on the dev side as you may guess, I (somewhat) know Sonar/PMD, but not CAST. In any case I'm not quite happy with the frequency of the...Read more

How can we correct or suppress CA0503 and CA0505 messages from Code Analysis in Visual Studio 11 Beta

When I run Code Analysis on a fairly simple project, I immediately get "CA0503 Issue Running Code Analysis" and "CA0505 Issue Running Code Analysis" violations. The CA0503 documentation page says, "The property is deprecated. Use the superseding property." However, it does not point at a superseding property, how to deal with the error, or how to suppress it. Apparently, this is a hidden Microsoft ruleset and you can't just turn the rule off. The CA0505 documentation page similarly states, "The deprecated property will be ignored because the...Read more

code analysis - What program slicing tools actually exist?

I've just been introduced to the term "program slicing." It makes perfect sense that one would want such functionality, but does it exist anywhere?The term is 20 years old now, and I see there are lots of publications, research papers, etc. But where are the actual tools? Are people actually putting this concept into practice, or just studying it academically?What's out there, and for what languages?Edit: I guess what I'm looking for, what I'd reward as an Accepted answer, is a reference to some publication/organization/etc that's particular...Read more