/
Main Entities

Main Entities

Owned by MinHo Kim
Last updated: Sept 08, 2015

korean

Main Analysis Entities

EntityDescriptionEtc.
AnalysisConfig

a static analysis plug-in can use this object to analyze a source file.

this object transfer to a static analysis plug-in with full information.

 
AnalysisResult

a static analysis plug-in should fill(not create) the fields of this object as a result of analysis.

this object will be used by the dexter-execute project(EndOfAnalysisHandler).

 
Defect

a Defect object indicate one defect.

a defect object can have more than one Occurence object(s) as a List

a static analysis plug-in should create a Defect or Defects List

 
Occurence

a Occurence has a exact position information of a Defect.

a static analysis plug-in should create a Occurence or Occurence List

 
PreOccurence

sometimes, it is hard to create a Defect and a Occurence objects separately.

in this case, you can create PreOccurence object, then create a Defect and a Occurence objects
from the PreOccurence object.

 
IAnalysisEntityFactory

the dexter-execute project use a concreate class of this interface

to create an AnalysisConfig and an AnalysisResult objects.

You don't need to use this interface if you are concerns only a static analysis plug-in

 

Defect State

Defect has only three states: NEW, FIX, EXC

  • NEW : Created and not FIxed/Dismissed yet
  • FIX : Fixed
  • EXC : Excepted. Dismissed the defect, so it is now defect from now.

Defect Identification (combination of properties)

Tool Name + Language Name + Module Path + File Name + Class Name + Method Name + Checker Code

  • Tool Name: a static analysis plug-in name. eg) dexter-cppcheck, dexter-findbugs
  • Language Name: a source file type. eg) CPP, JAVA, JAVASCRIPT
  • Module Path: folder hierarchies from a root source folder. it can be a package name in Java. eg) package1.package2.package3
  • File Name: a source file name
  • Class Name: a class name, if it has.
  • Method Name: a method/function name, if it has.
  • Checker Code: a checker code from a static analysis plug-in. eg) NULL_CHECK, ArrayIndexOutOfBounds

Defect Severity

Severity
Code
Description
Example
CriticalCRI
  • can stop system
  • occurs in run-time

Memory Leak

Array Index

MajorMAJ
  • a unit module can not work, but system works fine
  • does not occur in run-time
Duplicated Branch Statements
MinorMIN
  • Defect but you don't need to fix immediately
Type Error
Clean Rule CodeCRC
  • Not Defect
  • for clean code

use explicit keyword

Nested If Statements

Etc.ETC
  • high false alarm (over 50%)
  • it can be a defect or not depends on a context

null dereference

opensource license check

Related content