BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage Static Analysis Content on InfoQ

  • CppDepend is Now Available for Linux

    CppDepend is a tool for analyzing complex C++ applications. Using the Clang parser and a custom query language based on LINQ, developers can write scripts that examine complex relationships between classes and methods. These can be used for general exploration or to build up static code analysis rules. CppDepend is licensed for both Windows and Linux.

  • Coverity: Open Source Code Has Fewer Defects than Commercial One

    A Coverity study concludes that open source code using static analysis has on average a lower number of defects than commercial code, but they are on par when it comes to code of similar sizes.

  • Ruby IDE Roundup: JetBrains Releases Rubymine 4.0, Ruby for NetBeans 7.1 in the Works

    JetBrains released version 4 of their Ruby IDE RubyMine. This release focuses on better performance, and contains incremental improvements and polishing in many areas. For NetBeans 7.1, a preview release of the community Ruby support is now available.

  • Microsoft Unveils its Compiler as a Service

    Early reports suggested that the Rosyln project would just be a better runtime-accessible compiler and REPL-style interpreter, but it turns out that it is much more ambitious. By opening up the entire compiler pipeline Microsoft hopes that developers will create a wide variety of tools at many levels.

  • JRuby Roundup: JRuby on EY AppCloud, JRuby-Lint, JRuby Delegates

    JRuby is now available on EngineYard's AppCloud Beta program, set up to run with the Trinidad server. Nick Sieger has released jruby-lint, a static analysis tool that checks Ruby code bases for patterns that are either discouraged or perform badly on JRuby vs. MRI. Also: JRuby 1.6.2 is out.

  • Code Contracts are Making Slow Progress

    Code Contracts are making slow progress towards being ready for production use. While the technology still shows a lot of initial promise, it doesn’t take long to run into a road block or six that makes them unusable in their current form.

  • Metrics for Ruby With Caliper

    Caliper calculates various metrics – for example code duplication and complexity – for your Ruby code; all you need is a public Git repository.

  • Spec# and Boogie Released on CodePlex

    The source code for Spec# is now available on CodePlex under the Microsoft Research Shared Source License Agreement (non-commercial use only). It’s code verification tools, named Boogie, has been released under the Microsoft Public License, which conforms to Free/Open Source standards.

  • The Future of ParseTree

    The current Ruby 1.9.1 doesn't have the required features to allow ParseTree's runtime features to work - which means some libraries that depend on those features won't work. Examples are Merb's action arguments or heckle. We take a look at the state of ParseTree - and how ruby_parser is a possible way out.

  • Static Analysis Tools Roundup: Roodi, Rufus, Reek, Flay

    Ruby_parser, ParseTree, and it's cleaned up output UnifiedRuby, provide access to Ruby source code ASTs. We take a look at four static analysis tools built in plain Ruby: Flay, Roodi, Rufus, Reek.

  • ParseTree 3.0 Released, Many Related Libraries Updated

    Ryan Davis announced the release of ParseTree 3.0, as well as an update to related libraries: Ruby2Ruby and Flog. Sexp_processor, the library to write visitors for analyzing parse tree s-exprs was split out as a gem. Also: ruby_parser 2.0, a Ruby parser written in Ruby, was released with many improvements.

  • FxCop 1.36 Released

    Microsoft has released a new version of FxCop, the popular static code analyzer and policy enforcement utility. This release fixes numerous bugs and adds support .NET Framework 3.5 language features. This release updates FxCop to have the same engine enhancements provided to VSTS Code Analysis in VS 2008 SP1.

  • Presentation: Secure Programming with Static Analysis

    Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis can uncover the kinds of errors that lead directly to vulnerabilities and in this talk, Brian Chess frames the software security problem and shows how static analysis is part of the solution.

  • Debate and more Insights on Dynamic vs. Static Languages

    The transcript of Steve Yegge’s presentation on dynamic languages in Stanford University, which he posted on his blog, triggered many reactions in the blog sphere. Cedric Beust, Ted Neward, Ola Beni and Greg Young provided their viewpoints and arguments on different tradeoffs involved in dynamic vs. static debate.

  • Review: Exception Hunter

    Unhandled exceptions are the bane of any application, especially those that run without user interaction. Red Gate has developed a product to detect and alert developers to these potential issues, but does it measure up?

BT