IT conferences and meetings on programming languages see a growing number of speakers talking about static code analysis. Although this field is quite specific, there is still a number of interesting discussions to be found here to help programmers understand the methods, ways of use, and specifics of static code analysis. In this article, we have collected a number of videos on static analysis whose easy style of presentation makes them useful and interesting to a wide audience of both skilled and novice programmers.
What is Static Analysis?
A development team, working on a static analyzer, has already checked a game engine under Windows. In this check we used a Linux version and the result showed that there were a large number of serious errors. The article covers only the general analysis warnings and only “High” level of severity (there are also Medium and Low levels).
In this article we'll look at the main features of SonarQube - a platform for continuous analysis and measurement of code quality, and we'll also discuss advantages of the methods for code quality evaluation based on the SonarQube metrics.
SonarQube is an open source platform, designed for continuous analysis and measurement of code quality. SonarQube provides the following capabilities:
One of the main problems with C++ is having a huge number of constructions whose behavior is undefined, or is just unexpected for a programmer. We often come across them when using our static analyzer on various projects. But, as we all know, the best thing is to detect errors at the compilation stage. Let's see which techniques in modern C++ help writing not only simple and clear code, but make it safer and more reliable.
What is Modern C++?
The term Modern C++ became very popular after the release of C++11. What does it mean? First of all, Modern C++ is a set of patterns and idioms that are designed to eliminate the downsides of good old "C with classes", that so many C++ programmers are used to, especially if they started programming in C. C++11 looks way more concise and understandable, which is very important.
The PVS-Studio team have written an interesting article about the ways in which you might shoot yourself in the foot working with serialization, code examples, where the main pitfalls are, and also about the way static code analyzer can help you avoid getting into trouble.
This article will be especially useful to those who are only starting to familiarize themselves with the serialization mechanism. More experienced programmers may also learn something interesting, or just be reassured that even professionals make mistakes.
However, it is assumed that the reader is already somewhat familiar with the serialization mechanism.
Roslyn is a platform which provides the developer with powerful tools to parse and analyze code. It's not enough just to have these tools, you should also understand what they are needed for.
The article can be divided into 2 logical parts:
General information about Roslyn. An overview of tools provided by Roslyn for parsing and analyzing the code. We provide a description of entities and interfaces, as well as the point of view of a static analyzer developer.
Peculiarities that should be taken into account during the development of static analyzers. Description of how to use Roslyn to develop products of this class; what should be considered when developing diagnostic rules; how to write them; an example of a diagnostic.
This article is intended to answer these questions. Besides this, you will find details about the static analyzer development which uses Roslyn API.
More: Introduction to Roslyn and its use in program development
You are so lucky to be a programmer. I would like to be the programmer.
- Why do not you learn?
- I already tried. I checked out codeacademy and other websites, but it is not mine.
- Yep, the programming is not really for everyone.
- You are well paid, and you can create different things. Almost every day you get some crazy offers at least for 100 thousand dollars.
- Yep, honestly it's very flattering and a little mind-blowing.
- You get your share in the company and you know that the software engineers are always respected. You can implement any idea in the app and get rich. Moreover, you do not need to hire anyone for this.
- Actually, the programming makes me miserable.
- Wow. What do you mean by that?
- In order to be a good programmer, I need to develop a special mindset and that makes me sad. I noticed this in other programmers, of course, not all, but in many.
- What is this mindset?
- This is concentration on the strengths, and not on the weaknesses.
- Why do you need this to become a good coder?
- I work like this:
Presently, the distance learning system has been developing all the time. There is no longer a problem to get a good education remotely. Online learning has several advantages, such as learning at own pace, freedom and flexibility, accessibility, and social equality. The Web offers a variety of services to help gaining new knowledge.
A couple years ago, I worked together with Ken Thompson on the interactive graphics language that was developed by Gerard Holzman in Bell Labs. I was typing quicker, therefore, I sat at the keypad, and Ken stood behind me. We worked quickly and when the compiler gave out an error, I started reflexively digging in a problem, studying the call stack, program output and launching a debugger, and so on. But Ken simply was standing nearby and thinking, ignoring me and a code, which we just wrote. Soon I noticed regularity that Ken often understood the problem faster than me and was saying, “I know, what is going on”. Usually, he was right. I understood that Ken built the mental model of a code, and when something was broken, it was the error in this model. He was thinking of how this problem could arise, so he explained what was wrong with model, or where our code could mirror this model incorrectly.
Today, I am going to talk about how you can hide the “spare" assembler commands in the regular code. This method is useful for complexity of disassembling the code, especially if the generation of "hidden" commands to automate. Tools: debugger - OllyDbg.