Dead code needs to be found and removed; leaving dead code in is an obstacle to programmer understanding and action, and there's the risk that the code is awakened which can cause significant problems. Deleting dead code is not a technical problem; it is a problem of mindset and culture.
InfoQ interviewed Boris Modylevsky about the importance of measuring code quality and how measurements can be used to improve quality, integrating static code analysis in continuous integration, testing coverage and test automation, and the benefits that continuous integration with integrated code analysis and test coverage can bring.
As announced at CppCon, Bjarne Stroustrup and Herb Sutter have started working on a set of guidelines for modern C++. The goal of this effort is improving how developers use the language and help ensuring they write code that is type safe, has no resource leaks, and is as much as possible free of programming logic errors.
LinkedIn has recently open sourced QARK, a static analysis tool meant to discover potential security vulnerabilities existing in Android applications written in Java.
Facebook has open sourced Infer, a static analysis tool for C, Java and Objective-C.
CppDepend is a primarily a source code analyzer, with features geared towards making it easier to understand large code bases with complex interdependencies. In addition, it can integrate with static analyzers. With the introduction of version 5, CppDepend now supports C and C++14.
Guido van Rossum, best known as designer of the Python programming language, recently sent out a proposal on the python-ideas mailing list for adding type annotations to Python function declarations. The proposal aims at bringing to Python the benefits provided by static typing without changing Python's dynamic typing nature and interpreter behaviour.
UK based Contemplate Ltd. has announced the first public release of their flagship product ThreadSafe, a static analysis tool for locating concurrency bugs and inefficiencies in Java code. InfoQ applied ThreadSafe and FindBugs to a multithreaded project and reports the results.
This article contains the testimonies of several project leaders detailing the process used to achieve a low Coverity Scan defect density.
A CAST report discloses that JEE enterprise software has lower quality when using Spring or Struts than using just Hibernate. Also, the quality degrades when Java is mixed with C or C++.
Program Verification Systems, the creator of PVS-Studio, a static code analyzer for C and C++, has published a list of programming errors, some of them being found in popular open source projects such as Chromium, TortoiseSVN, Apache HTTP Server, MySQL, and others.
Spring Migration Analyzer is a command line utility, that takes as input the binary archive of a JavaEE application (e.g. an EAR file) and creates a report, containing JavaEE technologies used, along with advice on effort required to migrate them to Spring/Tomcat. It attempts to create an easier migration path for those who wish to migrate an existing JavaEE application to the Spring framework.
CppDepend is a tool for analyzing complex C++ applications. Using the Clang parser and a custom query language based on LINQ, developers can write scripts that examine complex relationships between classes and methods. These can be used for general exploration or to build up static code analysis rules. CppDepend is licensed for both Windows and Linux.
A Coverity study concludes that open source code using static analysis has on average a lower number of defects than commercial code, but they are on par when it comes to code of similar sizes.
JetBrains released version 4 of their Ruby IDE RubyMine. This release focuses on better performance, and contains incremental improvements and polishing in many areas. For NetBeans 7.1, a preview release of the community Ruby support is now available.