Question

Select any static source code analysis tool. Utilizing your Selection Sort code introduce three different data flow anomalies typically caught by a static analysis tool. Execute the tool on your code. Please submit the following:

1. description of the tool used and the types of analysis it provides
2. source listing of your code
3. a printout or screen shot showing the analysis performed
4. your evaluation of the tool’s usefulness

THE CODE FOR THE SELECTION SORT ALGORITHM IN C# IS BELOW

using System;

namespace SelectionSortAlgorithm
{
public class SelectionSort
{
//sortData method
public static void sortData(int[] dataSet)
{
//variable declaration / used in sorting the array
int sortedElements, lowestValue;

//After every iteration, the unsorted array reduces by 1 element, then iterates
for (int i = 0; i < dataSet.Length - 1; i++)
{
//initialize variable / used for lowest value element in loop
lowestValue = i;
//As array is being sorted, add 1 element to sorted array
for (int j = i + 1; j < dataSet.Length; j++)
{
if (dataSet[j] < dataSet[lowestValue])
{
//initialized variable for lowest value of element in sorted array
lowestValue = j;
}
}
//The sortedElements are equal to the data set sorted starting with lowest value elements
sortedElements = dataSet[lowestValue];
//The data set sorted with lowest value first is equal to sorted data set
dataSet[lowestValue] = dataSet[i];
//Sorted data set is equal to all sorted elements {2, 3, 27, 68, 99}
dataSet[i] = sortedElements;
}
}
//main method
public static void Main(string[] args)
{
//unsorted array
int[] dataSet = new int[5] { 2, 99, 27, 68, 3 };

//sortData method called for sorting the above unsorted array
sortData(dataSet);

//iterating the sorted array
for (int i = 0; i < dataSet.Length; i++)
{
//writing the sorted array to the console
Console.WriteLine(dataSet[i]);
}
}//end method

}//end class

}//end program

Answer 1

The Best Static Source Code Analysis Tool For C# : -

SonarSource delivers what is probably the best static code analyzer you can find on the market for C#. Based on Microsoft Roslyn compiler front-end, it uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find code smells, bugs and security vulnerabilities. It was built on the following principles: depth, accuracy and speed.

SonarC# has a great coverage of well-established quality standards. The SonarC# capability is available in Visual Studio for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or on-line SonarCloud.

Samples of Issues Detected : -

1.Always false condition

2.Dead store

3.Dereference of null pointer

4.I/O function call injection

#NOTE: - Hope You Get Knowlegde About Static Source Code Analysis Tool For C#...These Are Samples Provided By, You Can Also Run Your Code On This Open Source Platform And See What Are The Anamolies Your Code Is Facing.....Happy Coading : - )