LinkedIn has recently open sourced QARK, a static analysis tool meant to discover potential security vulnerabilities existing in Android applications written in Java.
Facebook has open sourced Infer, a static analysis tool for C, Java and Objective-C.
CppDepend is a primarily a source code analyzer, with features geared towards making it easier to understand large code bases with complex interdependencies. In addition, it can integrate with static analyzers. With the introduction of version 5, CppDepend now supports C and C++14.
Guido van Rossum, best known as designer of the Python programming language, recently sent out a proposal on the python-ideas mailing list for adding type annotations to Python function declarations. The proposal aims at bringing to Python the benefits provided by static typing without changing Python's dynamic typing nature and interpreter behaviour.
UK based Contemplate Ltd. has announced the first public release of their flagship product ThreadSafe, a static analysis tool for locating concurrency bugs and inefficiencies in Java code. InfoQ applied ThreadSafe and FindBugs to a multithreaded project and reports the results.
This article contains the testimonies of several project leaders detailing the process used to achieve a low Coverity Scan defect density.
A CAST report discloses that JEE enterprise software has lower quality when using Spring or Struts than using just Hibernate. Also, the quality degrades when Java is mixed with C or C++.
Program Verification Systems, the creator of PVS-Studio, a static code analyzer for C and C++, has published a list of programming errors, some of them being found in popular open source projects such as Chromium, TortoiseSVN, Apache HTTP Server, MySQL, and others.
Spring Migration Analyzer is a command line utility, that takes as input the binary archive of a JavaEE application (e.g. an EAR file) and creates a report, containing JavaEE technologies used, along with advice on effort required to migrate them to Spring/Tomcat. It attempts to create an easier migration path for those who wish to migrate an existing JavaEE application to the Spring framework.
CppDepend is a tool for analyzing complex C++ applications. Using the Clang parser and a custom query language based on LINQ, developers can write scripts that examine complex relationships between classes and methods. These can be used for general exploration or to build up static code analysis rules. CppDepend is licensed for both Windows and Linux.
A Coverity study concludes that open source code using static analysis has on average a lower number of defects than commercial code, but they are on par when it comes to code of similar sizes.
JetBrains released version 4 of their Ruby IDE RubyMine. This release focuses on better performance, and contains incremental improvements and polishing in many areas. For NetBeans 7.1, a preview release of the community Ruby support is now available.
Early reports suggested that the Rosyln project would just be a better runtime-accessible compiler and REPL-style interpreter, but it turns out that it is much more ambitious. By opening up the entire compiler pipeline Microsoft hopes that developers will create a wide variety of tools at many levels.
JRuby is now available on EngineYard's AppCloud Beta program, set up to run with the Trinidad server. Nick Sieger has released jruby-lint, a static analysis tool that checks Ruby code bases for patterns that are either discouraged or perform badly on JRuby vs. MRI. Also: JRuby 1.6.2 is out.
Code Contracts are making slow progress towards being ready for production use. While the technology still shows a lot of initial promise, it doesn’t take long to run into a road block or six that makes them unusable in their current form.