search

ropensci-archive / wishlist

:no_entry: ARCHIVED :no_entry:
https://discuss.ropensci.org/c/wishlist/6
50 stars 4 forks source link

Static code analysis #11

Closed e-pet closed 2 years ago

e-pet commented 9 years ago

It would be nice to have a decent tool for static code analysis.

This could run automatically during the build process and detect errors early on, before they cause trouble, and with possibly easier to decipher warning/error mesages.

Citing an earlier question of mine on StackOverflow:

The only static code analysis tool I was able to find is codetools. Searching for more information, however, only yields

  • The packages CRAN page, stating that the last release is from 2011 and providing a very minimalistic documentation aswell as the code itself, which starts with the note "This code is a complete hack, may or may not work, etc.." and indeed looks like a quick hack.
  • A short, apparently academic presentation by the package author, Luke Tierney, from 2007.
  • The author's website, which however does not provide any further information on the subject (except for the above presentation).
  • An obscure blog entry indicating that "Since the release of R_2.6.0, R package developers were advised to use the ``codetools" package to check potential bugs.".

So, apparently, there have been no updates for a long time; it is not easily possible to contribute to the project (there is no git repository or something and the code is difficult to read) and there is no real documentation of what it does. Still, it is used by default for checking CRAN packages. Now that's weird?

In particular the referenced presentation shows some of the potential benefits that static code analysis could provide for R. It would be more of a general tool for use mainly by package authors to improve general code quality.

I am just suggesting this, as I really don't have time for such a project right now (and I'm not really an expert in static code analysis). I think, this would make for a great thesis project for computer science students, by the way.

ashander commented 9 years ago

See lintr from @jimhester

jimhester commented 9 years ago

Most of the lintr checks are geared towards style rather than function. However it does use the static code checks from codetools in the object_usage_linter (and you can turn off the style linters individually if you don't want to use a given one).

I would be happy to incorporate more static analysis linters in lintr as well, so if you have ideas or implementations please open issues/send pull requests.

jennybc commented 9 years ago

This reminds me. Back when I was a PhD student, I (!!!) actually wrote a lot of C. I used something to analyze all of my own code. Which functions called which others, which header files were used where, which libraries I was linking to and from where, etc etc. It actually generated a beautiful cross-referenced report, with LaTeX, I believe. Can anyone tell me what that tool might have been?

And once we get the name, let's add it as inspiration for this! Agree this would be great for developing R packages.

Ironholds commented 9 years ago

Jenny "Close to the Metal" Bryan. It fits!

I'd love to see that tool - as you say, it'd be great to adopt formats from other languages that have been wrestling with/thinking about this problem for a while.

ashander commented 9 years ago

@jimhester thanks for clarifying. I should have been clear in my curt comment that lintr isn't a solution to the general problem. great, useful package by the way!

@jennybc that sounds like a great tool. Any chance wiki's list of static code analysis tools jogs your memory?

maelle commented 2 years ago

Thank you! see also recent work by @mpadge in https://github.com/ropensci-review-tools/pkgcheck & co

Note that future ideas should go to our wishlist forum category.