Static analysis has a broad set of capabilities to offer the .NET world. It can enforce pattern-based rules, whether they're based on proven standards or custom patterns that help you identify application-specific defects. Nevertheless, some defects cannot be detected by this analysis technique. The flow analysis feature of dotTEST does exactly that.
Early reports suggested that the Rosyln project would just be a better runtime-accessible compiler and REPL-style interpreter, but it turns out that it is much more ambitious. By opening up the entire compiler pipeline Microsoft hopes that developers will create a wide variety of tools at many levels.
JRuby is now available on EngineYard's AppCloud Beta program, set up to run with the Trinidad server. Nick Sieger has released jruby-lint, a static analysis tool that checks Ruby code bases for patterns that are either discouraged or perform badly on JRuby vs. MRI. Also: JRuby 1.6.2 is out.
Code Contracts are making slow progress towards being ready for production use. While the technology still shows a lot of initial promise, it doesn’t take long to run into a road block or six that makes them unusable in their current form.
Building security into software applications from the initial phases of development process is critical. Static code analysis gives developers the ability to review their code without actually executing it to uncover potential security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other security assessment techniques like penetration testing.
Magnus Robertsson shows how to control the code architecture manually, statically and dynamically in order to avoid an architectural drift leading to a big-ball-of-mud. For that, he recommends ways to enforce the reference architecture through peer review, code analysis, and zero tolerance to warnings and errors.
Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis can uncover the kinds of errors that lead directly to vulnerabilities and in this talk, Brian Chess frames the software security problem and shows how static analysis is part of the solution.
Simon Thompson and Huiqing Li explain refactoring with functional languages and Wrangler (Erlang) and HaRe (Haskell). Also: how Wrangler's ad-hoc mode allows everyone to write custom refactorings.
Kostis Sagons talks about how type checking can help with a dynamic language like Erlang and how static analysis tools like Dialyzer or automated refactoring tools like Tidier help keep code clean.
