Reviews

  • Jim Bird. Static Analysis isn't Development Testing

    06.01.2012
    The post focuses on the false idea that static analysis tools are testing tools or can be a good substitute for them. The author explains the difference between various kinds of testing and static analysis bringing out the point of the latter and its role in development. He agrees that static analyzers are necessary tools, but they are intended for detecting a "narrow band of code-related defects".

  • Bojan Komazec. 32-bit and 64-bit versions of Windows C++ application

    06.10.2011
    The author uses a sample code to show how to set compiler and linker options to build a C++ application for 64-bit Windows. Each step is commented upon.

  • Pierre Morel-Fourrier. C++ code analysis in Visual Studio 2012

    11.09.2011
    The article concerns the C++ code analyzer integrated into the Visual Studio 2012 development environment. The author speaks on the improvements introduced into the new version of the application and cites several code samples to show how it works and demonstrate various features of the analyzer. The text is complemented with screenshots explaining how to handle the analyzer.

  • Eli Bendersky. Stack frame layout on x86-64

    06.09.2011
    This post describes the stack frame layout of the x64 architecture focusing mainly on Linux and other operating systems that follow the official System V AMD64 ABI. The author gives diagrams and code samples to show the specifics of stack frame layout on the x64 platform.

  • Aditya Pratap Bhuyan. Code Review Principles, Process and Tools

    20.05.2011
    The article concerns the method of code review and explains the principles, types, steps and levels of this process as well as tools to be used for code review. The author also provides a list of examples demonstrating most common programming mistakes of different sorts.

  • ESET Team. TDSS (part 1: The x64 Dollar Question)

    19.04.2011
    The article presents a large research on the TDSS family of malware programs and consists of three parts each of which describes certain aspects of the TDSS rootkits and bootkits, including internals of the malware, mechanisms of rootkit distribution, specifics of bootkit installation on various systems (x86 and x64) and embedding into the bootsector. The processes of infecting the system are described in detail and illustrated by plenty of tables, schemes and figures.

  • Microsoft. Using Code Analysis with Visual Studio 2010 to Improve Code Quality

    04.04.2011
    Microsoft has added the new Code Analysis feature in the Visual Studio 2010 development environment. This feature performs static analysis on code and will help developers to find various potential problems at different levels. This course is intended for developers to get acquainted with Code Analysis and learn the principles of handling this feature completing some exercises.

  • David Cerezo Sánchez. Static vs. Formal Methods for Code Auditing

    27.02.2011
    In his post, the author speaks on various static code analysis tools intended to perform code auditing as an alternative to formal methods. He gives tips on how to use these tools according to programmers' needs and circumstances.

  • Gary McGraw, John Steven. Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal)

    31.01.2011
    Static analysis tools being able to find security vulnerabilities in source code, many firms adopting the static analysis technology feel the urge to compare different static analyzers to each other to find the best solution. Gary McGraw explains why this task is not so easy at it may seem and why comparing any tools without bearing in mind crucial pitfalls resembles comparing fruit and aardvarks. The author also gives advice on what to choose as the best criteria for tool comparison.

  • Guy Steele. How to Think about Parallel Programming: Not!

    14.01.2011
    Guy Steele's presentation expresses his idea that it is not the programmer's job to think about parallelism; instead, a new approach is required to build programming languages that would provide ways to run tasks in parallel and support algorithms built on independence and build-and-conquer principles rather than on linear decomposition of problems.