Archive for May, 2011

  • Top 10 List: Well Traveled Path to Source Code Analysis Success

    on May 31, 11 • by Brendan Harrison • with 1 Comment

    The Code Integrity folks have developed a lot of best practices on deploying static analysis and have compiled many of them in a solid whitepaper. They include a Top 10 list of what they call “The Well Traveled Path to Success”. Below is their (somewhat paraphrased in spots) list. 1. Determine who cares. Who has a vested interest that bugs actually get fixed. How much do they care? 2. Get an expert to tune the solution for your codebase. Static analysis tuning will maximize defect finding while minimizing false positives. 3. If possible, pilot with

    Read More »
  • The Evolution of Source Code Analysis – Part 2: The Early 21st Century

    on May 26, 11 • by Todd Landry • with 3 Comments


    In my last post, I took us back in time to an era of bad fashion, questionable music, legendary television shows, and source code analysis tools that were made specifically for software developers. It was the 1970s. In this post, I fast forward to just after the turn of the century to discuss the next evolution of static analysis tools. The Early 21st Century Not long after we first viewed hairy-footed Hobbits on the silver screen, and the sham that was affectionately known as Y2K, a new generation of source code analysis tools emerged to

    Read More »
  • And the word of the day is… docragination

    on May 19, 11 • by Helen Abbott • with No Comments

    I came to the practice of procrastination late in life. I was always one of those annoying people who arrived for appointments early, handed in assignments early, went to bed early. Becoming a full-time working parent drove me to the dark side. Now I’m routinely late — late for exercise classes, late going to bed, late getting the kids to daycare. My forgetfulness factor has increased about 26-fold too. I’ve always been a list-maker, but now I have a few sayings that my husband is sick of: If it’s not in my calendar, it’s not

    Read More »
  • The Evolution of Static Code Analysis – Part 1: The Early Years

    on May 17, 11 • by Todd Landry • with 2 Comments


    Our marketing people here at Klocwork like to see me racking up frequent flyer miles and expending CO2 at roadshows, conferences and tradeshows. Whenever I’m out speaking, I always like to gauge audience familiarity with Static Code Analysis. I’m happy to say that SCA knowledge has definitely increased over the years, but it is still not up to levels enjoyed by unit testing or integration testing. What I plan to do over the next three weeks is to provide you with a history lesson on how Static Code Analysis has evolved over the past few

    Read More »
  • IDE vs text editor

    on May 10, 11 • by Alen Zukich • with 8 Comments


    I’m sure this topic has been discussed a million times, but hey, here we go again.  A recent question came up on whether people liked their experience of Eclipse vs. Visual Studio.  Of course this brought up the advantages of one versus the other.  But is that really a fair comparison? It really depends.  What type of application are you building — a native Windows application?  Surely going with Visual Studio makes sense. But if the goal is cross-platform, then you might look at Eclipse. Glad to see people are thinking about IDEs, but what

    Read More »
  • Stack smashing

    on May 3, 11 • by Alen Zukich • with No Comments


    A while ago I talked about memory overflows.  Now in this latest installment, as we look at more interesting bugs, I’ve come across a new example.  Here is a situation described by a customer as “stack smashing”, which occurs when you copy a string of unknown length into a fixed buffer size. Just like the memory overflow post this is another form of a buffer overflow.  So there you have it, just more terminology to describe bad things in your code.  Gwyn promises to give a follow up to these posts with some details on

    Read More »
Scroll to top