Monthly Archives: September 2012

Static Analysis Tools – A list and a process to use these tools

Welcome! If you saw my talk at PNSQC, here is the promised list of static analysis tools. Actually, a list of lists.

My paper and talk described how our team introduced static analysis in a mature codebase. Our initial experience matched earlier attempts, where the tools identified thousands of issues. We had a hard time accepting those results, since the software was successful in the marketplace. Though not bug free, our customers were actually using the code and were satisfied with the quality. The paper describes how we effectively incorporated static analysis in our development workflow. Instead of worrying about the mountain of old issues, we designed the static analysis process to monitor the new code, to make sure we were not introducing more harm.

After a few months of seeing the value in keeping new code clean (and the value of the issues identified through static analysis), the team decided to spend the time to analyze the older issues. Now, the backlog is zero.  If this sounds interesting, check out my paper and presentation on the PNSQC site.

Another team at Intuit, where I work, also used static analysis very effectively, in a very old (and large) code base. The code management practices is documented in Dr. Dobb’s.

This post shows a list of static analysis tools, and the paper describes the process to incorporate a tool in your workflow. In the future, I plan to break down the process in this blog instead of linking to the PDF of the paper.

Please leave a comment if you have any tools to add to the list.

UU: Udacity Update

A while back, I posted a review of the Udacity testing course, CS258. I started that class without knowing Python. But, about half-way through, the exercises required more and more language skill. So, I took a break from that class and started the CS101 class, which provided a good framework to learn Python (and build a search engine).

Learning through the course required clicking through very basic material, but it did inspire me to write more code.  Also, to setup a very powerful (and free) dev environment: Eclipse running pydev, synchronizing code between machines with a git repository in my dropbox folder. Its cool, as soon as I make a commit on one machine, the source is automatically updated on the other.