Trace: » goodcoding.html
Table of Contents

[hemmerling] Good Coding ! - Software Coding, Coding Rules, Static Code Analysis, Code Reviews

The Movement

Norms & Methologies

  • ISO/IEC 25010:2011”.
  • The legacy norm EN.Wikipedia "ISO/IEC 9126", DE.Wikipedia "ISO/IEC 9126" - “It has been replaced by ISO/IEC 25010:2011”, “ISO/IEC then started work on SQuaRE (Software product Quality Requirements and Evaluation), a more extensive series of standards to replace ISO/IEC 9126, with numbers of the form ISO/IEC 250mn”.

Manifesto of Software Craftsmanship

Clean Code

Simple Design

    • Simple code:
      1. Runs all the tests.
      2. Contains no duplication (OnceAndOnlyOnce).
      3. Expresses all the ideas you want to express.
      4. Minimizes classes and methods.

The Opposite: Copy and Paste, Cargo Cult, Magic,..

Important Static Code Analysis Tools, according to VDC Research in 2015, 2016, 2016-08, 2018-08

  • Abraxas (CodeCheck).
  • AdaCore.
    • AdaCore (CodePeer), 2016.
    • AdaCore (GNATcheck), 2016.
    • SofCheck Inspector (AdaCore).
  • Checkmarx (Checkmarx CxSAST).
  • Cleanscape (Cleanscape LintPlus for C/C++ Lint, FortranLint).
  • Coverity / Synopsys (Coverity Static Analysis Verification Engine).
  • Cppcheck (Sourceforge).
  • Eclipse (Codan).
  • Gimpel Software (PC-Lint/FlexeLint).
  • GrammaTech (CodeSonar, CodeSurfer).
  • HP (HP Fortify Static Code Analyzer) 2015-2016, Micro Focus/HP (Fortify Static Code Analyzer) 2018
  • IAR (C-STAT), 2018.
  • IBM (Rational Appscan).
  • Klocwork / Rogue Wave (Insight) / Klocwork Insight.
  • LDRA (LDRA Testbed).
  • MathWorks (Polyspace).
  • McCabe (McCabe IQ).
  • Monroe Software (Quicktest), 2016-08.
  • Parasoft (Parasoft C++test/Jtest/dotTEST).
  • Programming Research / PRQA (QA-C/C++).
  • Sourceforge (CPPcheck), 2016.
  • Veracode (Veracode).

Multi-Language Static Code Analysis Rules & Tools

Rules

CERT

Help to avoid Top Critical Errors / Vulnerabilities / Software Weakness

Common Weakness Enumeration ( CWE )
  • “A Community-Developed Dictionary of Software Weakness Types” - See Security.
OWASP
SANS Institute

IPA/SEC ESCR Coding Standard

Free Tools

Coala

PHP_CodeSniffer

SonarQube

The Tool
Components
SonarLint
Resources

Commercial Tools

Sonargraph

Important Coding Standards, according to VDC Research in 2018-08

  • CERT C.
  • CERT C++.
  • CERT Java.
  • HIC++.
  • Common Weakness Enumeration (CWE) Secure Coding Standards.
  • HIS.
  • MISRA C.
  • MISRA C++.
  • Netrino C.
  • JSF AV++.
  • PA/SEC ESCR.

Static Code Analysis Rules & Tools for C/C++ and dynamic Code Analysis Tools for C/C++

MISRA-C, MISRA C++ ( Rules & Tools )

MISRA - MISRA-C:1998, MISRA-C:2004, MISRA-C++:2008, MISRA-C:2012

The Norm
Official Literature

Herstellerinitiative Software ( HIS ) / Hersteller Initiative Software ( HIS )

Tools

Static Code Analysis Rules & Tools for C/C++ - Some other Rules

CBMC

Commercial Aircraft Products Division ( CAPD ) - Standards & Procedures #10

  • I got the 23-pages paper document “C Programming Standards & Practices #10, Version IR” ( “S & P #10 ) by “Commercial Aircraft Products Division” ( CAPD ) of 1990-03-15.
    • “Standards & Practices #10 establishes the programming standards and guidelines to be used by programmers in the development and maintenance of 'C' programs for the Commercial Aircraft Products Division ( CAPD )”.

High Integrity C++ Coding Standard ( HIC++ )

Joint Strike Fighter ( JSF )

Netrino C

quEST

Some other free Static Code Analysis Tools for C/C++

Embedded Systems

  • GitHub "saaadhu/naggy" for the IDE “Atmel Studio 6” & Atmel “C/C++” compiler chain.
    • Installation is integrated into the IDE “Atmel Studio 6”.
    • “A live compiler diagnostics extension for Atmel Studio”, “An Atmel Studio extension that uses the Clang frontend from the LLVM project to show errors/warnings on the fly, and to lowlight code excluded by preprocessor directives”.

General

Resources

Some other commercial Static Code Analysis Tools for C/C++

Additional Tools which play with PC-Lint

Dynamic Code Analysis Tools for C/C++

GCOV

GCOV Plugin for Eclipse

GPROF

LCOV

Static Code Analysis Rules & Tools and dynamic Code Analysis Tools for Java

Static Code Analysis Rules

Static Code Analysis Tools

Free Static Code Analysis Tools

Free Static Source Code Analysis Tools

Commercial Static Source Code Analysis Tools

  • Parasoft Jtest - Java Testing, Static Analysis, Code Review”.
  • Xanitizer - “Web Application Security mit Statischer Code Analyse”, “Analysiert den Programmcode der Applikation und sucht darin systematisch nach Sicherheitslücken für Angriffsmethoden, wie z.B. SQL Injection, Cross-Site Scripting oder Command Injection”, “unterstützt insbesondere die Analyse von Java Webapplikationen inklusive Web-Frameworks”

Code Coverage Tools for Java

Static Code Analysis Tools for Javascript

Static Code Analysis Tools for .NET

C#

  • The commercial Parasoft doTEST - ”.NET Static Analysis, Code Review, Unit Testing”.

Powershell

Rules & Tools for PHP

Pear Coding Standards

PHP Standard Requirements ( PSR )

Static Code Analysis Tools

Resources

Static Code Analysis Tools for Python

Static Code Analysis Tools for Tcl / Tk

Integrated Development Tools

ConQAT - Toolkit for rapid Development and Execution of Software Quality Analyses

Tools with Target Runtimes

# Simplified (SXF) Standard C++ Execution Framework (OXF)
1 Static architecture Dynamic allocation​
2 MISRA C++ 2008 compliance with modeling checks​ Not validated for MISRA
3 No animation, tracing Animation, tracing​
4 Only Real Time mode​ Real Time, Simulated Time modes​
5 No containers (can be added) Containers
6 Static memory manager ​(only BasedNumberOfInstances)​ Static memory manager
7 Flat state charts​ Flat, reusable state charts​
8 No multicore​ Multicore​
9 No interfaces Interface-based​
9 No ports Ports
9 Windriver Workbench 653 Adapter or Microsoft Visual Studio 2008 or 2010 (for host) support Multiple operating systems support​

​​

Control Algorithm Modeling Guidelines

Some other Catalogues of Code Rules

Germany ( Eisenbahn-Bundesamt, Bundesanstalt für Arbeitsschutz und Arbeitsmedizin )

EN 50128

Hungarian Notation

Some other Books with Code Rules and Best Pracices

Programming Languages which support Good Coding

Coccinelle

Source Annotation Language ( SAL ) for Visual C++

Spec# for C#

Refactoring

.NET Languages

Java

  • The OpenSource JaMoPP by DevBoost- “Java Model Parser and Printer” - “Bridging the gap between models and source code”.

Power Efficient Software Coding

Code Review Tools

Atlassian

Gerrit

Rietveld

Resources

Literature

Resources

Most Dangerous Software Errors

Known Problems with C/C++

  • The execution result of this code depends on compiler implementation and maybe even the code optimisation level :-(
    int aArray[10], aIndex;
    aIndex = 5;
    aArray[aIndex] = aIndex++;
    

Coding Resources

Code Reviews Resources

General Resources

Forums, Newsgroups

 
en/goodcoding.html.txt · Last modified: 2024/03/17 07:22 (external edit) · []
Recent changes RSS feed Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki