Reviews

  • Jim Bird. Static Analysis isn't Development Testing

    06.01.2012
    The post focuses on the false idea that static analysis tools are testing tools or can be a good substitute for them. The author explains the difference between various kinds of testing and static analysis bringing out the point of the latter and its role in development. He agrees that static analyzers are necessary tools, but they are intended for detecting a "narrow band of code-related defects".

  • Pierre Morel-Fourrier. C++ code analysis in Visual Studio 2012

    11.09.2011
    The article concerns the C++ code analyzer integrated into the Visual Studio 2012 development environment. The author speaks on the improvements introduced into the new version of the application and cites several code samples to show how it works and demonstrate various features of the analyzer. The text is complemented with screenshots explaining how to handle the analyzer.

  • Aditya Pratap Bhuyan. Code Review Principles, Process and Tools

    20.05.2011
    The article concerns the method of code review and explains the principles, types, steps and levels of this process as well as tools to be used for code review. The author also provides a list of examples demonstrating most common programming mistakes of different sorts.

  • Microsoft. Using Code Analysis with Visual Studio 2010 to Improve Code Quality

    04.04.2011
    Microsoft has added the new Code Analysis feature in the Visual Studio 2010 development environment. This feature performs static analysis on code and will help developers to find various potential problems at different levels. This course is intended for developers to get acquainted with Code Analysis and learn the principles of handling this feature completing some exercises.

  • David Cerezo Sánchez. Static vs. Formal Methods for Code Auditing

    27.02.2011
    In his post, the author speaks on various static code analysis tools intended to perform code auditing as an alternative to formal methods. He gives tips on how to use these tools according to programmers' needs and circumstances.

  • Gary McGraw, John Steven. Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal)

    31.01.2011
    Static analysis tools being able to find security vulnerabilities in source code, many firms adopting the static analysis technology feel the urge to compare different static analyzers to each other to find the best solution. Gary McGraw explains why this task is not so easy at it may seem and why comparing any tools without bearing in mind crucial pitfalls resembles comparing fruit and aardvarks. The author also gives advice on what to choose as the best criteria for tool comparison.

  • Walter Bright. Patterns of Bugs

    06.01.2011
    Walter Bright describes an interesting approach he took from the sphere of flight mechanical design and started applying to programming. What he does and suggests other programmers should do is to look for certain patterns of bugs occurring persistently and once some pattern is found, think how to change the programming process to avoid this pattern in future. Among possible ways, he offers changing coding standards, programming language, testing methodology and so on. The post is supplied with code samples containing various bugs, the author suggesting certain ways of solving for each of them.

  • Ajay Vijayvargiya. Elucidating all about Code Analysis in Visual C++

    04.12.2010
    The article was created in an attempt to cover all information concerning Code Analysis integrated into Visual Studio. It is divided into three sections: "The need of Code Analysis", "Performing Code Analysis on your code" and "Making your own code Analyzable". The first section explains why developers need Code Analysis, while the second section contains code samples on the main patterns of bugs and errors the Analyzer can detect. The third section tells you how to write and edit your code so that the analyzer could check it fully and not fail to emit important warnings. The article includes numerous code samples to illustrate the main points.

  • Sid Sidner. When Quality, Security Count

    24.04.2010
    Sid Sidner, director of security engineering in the ACI Worldwide company, tells about static code analysis as the best way to ensure software quality and security. He explains the working principle of static analysis tools and gives a list of questions and recommendations for developers to choose the right static analysis tool to integrate into development processes. The author also shares his experience of working with some of static analysis tool vendors and explains by the example of his company by what considerations they were guided when choosing a tool.

  • The Coverity Team. A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World

    01.01.2010
    In this article, the Coverity developers share their experience of developing and commercializing their own static analyzer as well as conclusions and lessons they draw from this experience. The authors formulate what they have called "laws of bug finding" and discuss various specifics of implementing a good static analysis tool.