UK based Contemplate Ltd. has announced the first public release of their flagship product ThreadSafe, a static analysis tool for locating concurrency bugs and inefficiencies in Java code. InfoQ applied ThreadSafe and FindBugs to a multithreaded project and reports the results.
This article contains the testimonies of several project leaders detailing the process used to achieve a low Coverity Scan defect density.
A CAST report discloses that JEE enterprise software has lower quality when using Spring or Struts than using just Hibernate. Also, the quality degrades when Java is mixed with C or C++.
Program Verification Systems, the creator of PVS-Studio, a static code analyzer for C and C++, has published a list of programming errors, some of them being found in popular open source projects such as Chromium, TortoiseSVN, Apache HTTP Server, MySQL, and others.
Spring Migration Analyzer is a command line utility, that takes as input the binary archive of a JavaEE application (e.g. an EAR file) and creates a report, containing JavaEE technologies used, along with advice on effort required to migrate them to Spring/Tomcat. It attempts to create an easier migration path for those who wish to migrate an existing JavaEE application to the Spring framework.
CppDepend is a tool for analyzing complex C++ applications. Using the Clang parser and a custom query language based on LINQ, developers can write scripts that examine complex relationships between classes and methods. These can be used for general exploration or to build up static code analysis rules. CppDepend is licensed for both Windows and Linux.
A Coverity study concludes that open source code using static analysis has on average a lower number of defects than commercial code, but they are on par when it comes to code of similar sizes.
JetBrains released version 4 of their Ruby IDE RubyMine. This release focuses on better performance, and contains incremental improvements and polishing in many areas. For NetBeans 7.1, a preview release of the community Ruby support is now available.
Early reports suggested that the Rosyln project would just be a better runtime-accessible compiler and REPL-style interpreter, but it turns out that it is much more ambitious. By opening up the entire compiler pipeline Microsoft hopes that developers will create a wide variety of tools at many levels.
JRuby is now available on EngineYard's AppCloud Beta program, set up to run with the Trinidad server. Nick Sieger has released jruby-lint, a static analysis tool that checks Ruby code bases for patterns that are either discouraged or perform badly on JRuby vs. MRI. Also: JRuby 1.6.2 is out.
Code Contracts are making slow progress towards being ready for production use. While the technology still shows a lot of initial promise, it doesn’t take long to run into a road block or six that makes them unusable in their current form.
Caliper calculates various metrics – for example code duplication and complexity – for your Ruby code; all you need is a public Git repository.
The source code for Spec# is now available on CodePlex under the Microsoft Research Shared Source License Agreement (non-commercial use only). It’s code verification tools, named Boogie, has been released under the Microsoft Public License, which conforms to Free/Open Source standards.
The current Ruby 1.9.1 doesn't have the required features to allow ParseTree's runtime features to work - which means some libraries that depend on those features won't work. Examples are Merb's action arguments or heckle. We take a look at the state of ParseTree - and how ruby_parser is a possible way out.
Ruby_parser, ParseTree, and it's cleaned up output UnifiedRuby, provide access to Ruby source code ASTs. We take a look at four static analysis tools built in plain Ruby: Flay, Roodi, Rufus, Reek.