InfoQ Homepage Static Analysis Content on InfoQ
-
The Pure Attribute in .NET Core
The Pure attribute was added to .NET in version 4 as part of the Code Contracts initiative to help developers distinguish between code that free from side effects from other code. While the Code Contracts project is over, the Pure attribute continues to see life in .NET Core.
-
Facebook Open-Sources RacerD - Java Race Condition Detector
Facebook’s open-source static analysis tool, Infer, now ships with support for detecting race conditions in Java code via RacerD.
-
Facebook’s New AL Language Aims to Simplify Static Program Analysis
AL is a simple, declarative language for reasoning about abstract syntax trees that allows to extend Facebook Infer static analyzer.
-
Dead Code Must Be Removed
Dead code needs to be found and removed; leaving dead code in is an obstacle to programmer understanding and action, and there's the risk that the code is awakened which can cause significant problems. Deleting dead code is not a technical problem; it is a problem of mindset and culture.
-
Measure and Improve Code Quality
InfoQ interviewed Boris Modylevsky about the importance of measuring code quality and how measurements can be used to improve quality, integrating static code analysis in continuous integration, testing coverage and test automation, and the benefits that continuous integration with integrated code analysis and test coverage can bring.
-
C++ Core Guidelines will Help Writing Good Modern C++
As announced at CppCon, Bjarne Stroustrup and Herb Sutter have started working on a set of guidelines for modern C++. The goal of this effort is improving how developers use the language and help ensuring they write code that is type safe, has no resource leaks, and is as much as possible free of programming logic errors.
-
LinkedIn Release QARK to Discover Security Holes in Android Apps
LinkedIn has recently open sourced QARK, a static analysis tool meant to discover potential security vulnerabilities existing in Android applications written in Java.
-
Facebook Open Sources Infer, a Static Analysis Tool
Facebook has open sourced Infer, a static analysis tool for C, Java and Objective-C.
-
CppDepend now Supports C and C++14
CppDepend is a primarily a source code analyzer, with features geared towards making it easier to understand large code bases with complex interdependencies. In addition, it can integrate with static analyzers. With the introduction of version 5, CppDepend now supports C and C++14.
-
Guido van Rossum Wants to Bring Type Annotations to Python
Guido van Rossum, best known as designer of the Python programming language, recently sent out a proposal on the python-ideas mailing list for adding type annotations to Python function declarations. The proposal aims at bringing to Python the benefits provided by static typing without changing Python's dynamic typing nature and interpreter behaviour.
-
ThreadSafe Concurrency Static Analysis Tool Announces First Public Release
UK based Contemplate Ltd. has announced the first public release of their flagship product ThreadSafe, a static analysis tool for locating concurrency bugs and inefficiencies in Java code. InfoQ applied ThreadSafe and FindBugs to a multithreaded project and reports the results.
-
Coverity 2012: How to Get a Low Defect Density
This article contains the testimonies of several project leaders detailing the process used to achieve a low Coverity Scan defect density.
-
CAST: Adding Spring Lowers the Quality of JEE Applications
A CAST report discloses that JEE enterprise software has lower quality when using Spring or Struts than using just Hibernate. Also, the quality degrades when Java is mixed with C or C++.
-
An Errors List Underscores the Need for Static Code Analysis
Program Verification Systems, the creator of PVS-Studio, a static code analyzer for C and C++, has published a list of programming errors, some of them being found in popular open source projects such as Chromium, TortoiseSVN, Apache HTTP Server, MySQL, and others.
-
Spring Migration Analyzer: An Assistant For JavaEE To Spring Conversion
Spring Migration Analyzer is a command line utility, that takes as input the binary archive of a JavaEE application (e.g. an EAR file) and creates a report, containing JavaEE technologies used, along with advice on effort required to migrate them to Spring/Tomcat. It attempts to create an easier migration path for those who wish to migrate an existing JavaEE application to the Spring framework.