Trace: » goodcoding.html
Table of Contents

[hemmerling] Good Coding ! - Software Coding, Coding Rules, Static Code Analysis, Code Reviews

The Movement

Norms & Methologies

  • ISO/IEC 25010:2011”.
  • The legacy norm EN.Wikipedia "ISO/IEC 9126", DE.Wikipedia "ISO/IEC 9126" - “It has been replaced by ISO/IEC 25010:2011”, “ISO/IEC then started work on SQuaRE (Software product Quality Requirements and Evaluation), a more extensive series of standards to replace ISO/IEC 9126, with numbers of the form ISO/IEC 250mn”.

Manifesto of Software Craftsmanship

Clean Code

Simple Design

    • Simple code:
      1. Runs all the tests.
      2. Contains no duplication (OnceAndOnlyOnce).
      3. Expresses all the ideas you want to express.
      4. Minimizes classes and methods.

The Opposite: Copy and Paste, Cargo Cult, Magic,..

Important Static Code Analysis Tools, according to VDC Research in 2015, 2016, 2016-08, 2018-08

  • Abraxas (CodeCheck).
  • AdaCore.
    • AdaCore (CodePeer), 2016.
    • AdaCore (GNATcheck), 2016.
    • SofCheck Inspector (AdaCore).
  • Checkmarx (Checkmarx CxSAST).
  • Cleanscape (Cleanscape LintPlus for C/C++ Lint, FortranLint).
  • Coverity / Synopsys (Coverity Static Analysis Verification Engine).
  • Cppcheck (Sourceforge).
  • Eclipse (Codan).
  • Gimpel Software (PC-Lint/FlexeLint).
  • GrammaTech (CodeSonar, CodeSurfer).
  • HP (HP Fortify Static Code Analyzer) 2015-2016, Micro Focus/HP (Fortify Static Code Analyzer) 2018
  • IAR (C-STAT), 2018.
  • IBM (Rational Appscan).
  • Klocwork / Rogue Wave (Insight) / Klocwork Insight.
  • LDRA (LDRA Testbed).
  • MathWorks (Polyspace).
  • McCabe (McCabe IQ).
  • Monroe Software (Quicktest), 2016-08.
  • Parasoft (Parasoft C++test/Jtest/dotTEST).
  • Programming Research / PRQA (QA-C/C++).
  • Sourceforge (CPPcheck), 2016.
  • Veracode (Veracode).

Multi-Language Static Code Analysis Rules & Tools



Help to avoid Top Critical Errors / Vulnerabilities / Software Weakness

Common Weakness Enumeration ( CWE )
  • “A Community-Developed Dictionary of Software Weakness Types” - See Security.
SANS Institute

IPA/SEC ESCR Coding Standard

Free Tools




The Tool

Commercial Tools


Important Coding Standards, according to VDC Research in 2018-08

  • CERT C.
  • CERT C++.
  • CERT Java.
  • HIC++.
  • Common Weakness Enumeration (CWE) Secure Coding Standards.
  • HIS.
  • MISRA C.
  • MISRA C++.
  • Netrino C.
  • JSF AV++.

Static Code Analysis Rules & Tools for C/C++ and dynamic Code Analysis Tools for C/C++

MISRA-C, MISRA C++ ( Rules & Tools )

MISRA - MISRA-C:1998, MISRA-C:2004, MISRA-C++:2008, MISRA-C:2012

The Norm
Official Literature

Herstellerinitiative Software ( HIS ) / Hersteller Initiative Software ( HIS )


Static Code Analysis Rules & Tools for C/C++ - Some other Rules


Commercial Aircraft Products Division ( CAPD ) - Standards & Procedures #10

  • I got the 23-pages paper document “C Programming Standards & Practices #10, Version IR” ( “S & P #10 ) by “Commercial Aircraft Products Division” ( CAPD ) of 1990-03-15.
    • “Standards & Practices #10 establishes the programming standards and guidelines to be used by programmers in the development and maintenance of 'C' programs for the Commercial Aircraft Products Division ( CAPD )”.

High Integrity C++ Coding Standard ( HIC++ )

Joint Strike Fighter ( JSF )

Netrino C


Some other free Static Code Analysis Tools for C/C++

Embedded Systems

  • GitHub "saaadhu/naggy" for the IDE “Atmel Studio 6” & Atmel “C/C++” compiler chain.
    • Installation is integrated into the IDE “Atmel Studio 6”.
    • “A live compiler diagnostics extension for Atmel Studio”, “An Atmel Studio extension that uses the Clang frontend from the LLVM project to show errors/warnings on the fly, and to lowlight code excluded by preprocessor directives”.



Some other commercial Static Code Analysis Tools for C/C++

Additional Tools which play with PC-Lint

Dynamic Code Analysis Tools for C/C++


GCOV Plugin for Eclipse



Static Code Analysis Rules & Tools and dynamic Code Analysis Tools for Java

Static Code Analysis Rules

Static Code Analysis Tools

Free Static Code Analysis Tools

Free Static Source Code Analysis Tools

Commercial Static Source Code Analysis Tools

  • Parasoft Jtest - Java Testing, Static Analysis, Code Review”.
  • Xanitizer - “Web Application Security mit Statischer Code Analyse”, “Analysiert den Programmcode der Applikation und sucht darin systematisch nach Sicherheitslücken für Angriffsmethoden, wie z.B. SQL Injection, Cross-Site Scripting oder Command Injection”, “unterstützt insbesondere die Analyse von Java Webapplikationen inklusive Web-Frameworks”

Code Coverage Tools for Java

Static Code Analysis Tools for Javascript

Static Code Analysis Tools for .NET


  • The commercial Parasoft doTEST - ”.NET Static Analysis, Code Review, Unit Testing”.


Rules & Tools for PHP

Pear Coding Standards

PHP Standard Requirements ( PSR )

Static Code Analysis Tools


Static Code Analysis Tools for Python

Static Code Analysis Tools for Tcl / Tk

Integrated Development Tools

ConQAT - Toolkit for rapid Development and Execution of Software Quality Analyses

Tools with Target Runtimes

# Simplified (SXF) Standard C++ Execution Framework (OXF)
1 Static architecture Dynamic allocation​
2 MISRA C++ 2008 compliance with modeling checks​ Not validated for MISRA
3 No animation, tracing Animation, tracing​
4 Only Real Time mode​ Real Time, Simulated Time modes​
5 No containers (can be added) Containers
6 Static memory manager ​(only BasedNumberOfInstances)​ Static memory manager
7 Flat state charts​ Flat, reusable state charts​
8 No multicore​ Multicore​
9 No interfaces Interface-based​
9 No ports Ports
9 Windriver Workbench 653 Adapter or Microsoft Visual Studio 2008 or 2010 (for host) support Multiple operating systems support​


Control Algorithm Modeling Guidelines

Some other Catalogues of Code Rules

Germany ( Eisenbahn-Bundesamt, Bundesanstalt für Arbeitsschutz und Arbeitsmedizin )

EN 50128

Hungarian Notation

Some other Books with Code Rules and Best Pracices

Programming Languages which support Good Coding


Source Annotation Language ( SAL ) for Visual C++

Spec# for C#


.NET Languages


  • The OpenSource JaMoPP by DevBoost- “Java Model Parser and Printer” - “Bridging the gap between models and source code”.

Power Efficient Software Coding

Code Review Tools







Most Dangerous Software Errors

Known Problems with C/C++

  • The execution result of this code depends on compiler implementation and maybe even the code optimisation level :-(
    int aArray[10], aIndex;
    aIndex = 5;
    aArray[aIndex] = aIndex++;

Coding Resources

Code Reviews Resources

General Resources

Forums, Newsgroups

en/goodcoding.html.txt · Last modified: 2023/12/06 15:46 (external edit) · []
Recent changes RSS feed Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki