The right software, delivered defect free, on time, on cost, every time, require the correct tools. |
|
[Added Aug/06/2006:]
When starting new projects, most of us plan to review code before actually releasing it into production; however, when delivery schedules supersede other factors, reviews tend to be the first practice thrown out. What if you were able to perform a portion of these reviews automatically? In this first article of the new series Automation for the people, development automation expert Paul Duvall begins with a look at how automated inspectors like CheckStyle, JavaNCSS, and CPD enhance the development process and when you should use them.
[Added Jan/01/2006:]
This Is Broken A project to make businesses more aware of their customer experience, and how to fix it
[Added Nov/26/2005:]
Valgrind is an award-winning suite of tools for debugging and profiling Linux programs. With the tools that come with Valgrind, you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting, making your programs more stable. You can also perform detailed profiling, to speed up and reduce memory use of your programs. The Valgrind distribution currently includes three tools: a memory error detectors, a cache (time) profiler and a heap (space) profiler. It runs on the following platforms: x86/Linux, AMD64/Linux, PPC32/Linux.
[Added Sept/18/2005:]
SLOCCount,
a set of tools for counting physical Source Lines of Code (SLOC) in a
large number of languages of a potentially large set of programs. As
of Sept/18/2005 SLOCCount works with 27 different
languages.
SLOCCount will even automatically estimate the effort,
time, and money it would take to develop the software. Prove to the
boss that your estimate was correct and his was unrealistic to put it
politely.
CleanSoftware.org is a resource to help Windows users find the best free daily-use software, free from nasties: adware, spyware, harmful/intrusive components, and threats to privacy.
National Security Agency Security Configuration Guides
[Added July/17/2005:]
Writing software requirements specifications as XML documents has quite a few advantages. Using open source tools like Emacs, PSGML, CVS and xsltproc gives us a powerful Requirements Engineering tool.
[Added July/16/2005:]
CAN in Automation (CiA) now has a chip and set of tools that are certified to IEC61508-SIL3.
To get my hardware design business off the ground I have managed to get the Open Source Compiere Enterprises Resource Planing (ERP) program up on my Gentoo Linux system, using the Fyracle data base abstraction layer.
David's Advanced Revision Control
System is yet another replacement for CVS.
I am starting to migrate my
code to DARCS. [I switched to SubVersion, as DARCS did nothing but
crash on Windows, seems fine on my Linux box.]
[Added Jun/05/2005:]
Computer Rage --> Take the SURVEY!
[Added Apr/30/2005:]
Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.
My personal preference is Gimpel Software's Lint, however they both have strengths in different areas and should be used together. Splint is stronger when it comes to issues of security, hence the name Secure Programming Lint.
Test your skills with Gimpel's The Bug of the Month.
Past colleagues have told me that "Lint is to hard to use because of the number of warnings it produces". That is exactly Lints job, to be "Nit-picky". I look at as a game, can I beat Lint today and have code with no errors or warnings on my first run of Lint on new code?
Lout is high-level language for document formatting system that targets the same audience as LaTex, but is much easier to set up and maintain.
The Goal Structuring Notation (GSN) is a graphical argumentation notation explicitly represents the individual elements of any safety argument (requirements, claims, evidence and context) and (perhaps more significantly) the relationships that exist between these elements (i.e. how individual requirements are supported by specific claims, how claims are supported by evidence and the assumed context that is defined for the argument.)
When the elements of the GSN are linked together in a network they are described as a goal structure. The principal purpose of any goal structure is to show how goals (claims about the system) are successively broken down into sub-goals until a point is reached where claims can be supported by direct reference to available evidence (solutions). As part of this decomposition, using the GSN it is also possible to make clear the argument strategies adopted (e.g. adopting a quantitative or qualitative approach), the rationale for the approach and the context in which goals are stated (e.g. the system scope or the assumed operational role.)
GNU cflow analyzes a collection of C source files and prints a graph charting control flow within the program.
Current implementation is able to produce both direct and inverted flow-graphs for C sources. Optionally a cross-reference listing can be generated. Two output formats are implemented: POSIX and GNU (extended).
Input files can optionally be preprocessed before analyzing.
The package also provides Emacs major mode for examining the produced flowcharts in Emacs.
Archimedes is
a tool for development of semiconductor devices, incorporating some
intensive mathematics. In the present release, GNU Archimedes is able to simulate
electrons and heavy holes in Silicon and GaAs (Gamma and L-valleys)
devices (holes are simulated by means of a simplified MEP model). lcc-win32: A Compiler system for windows by Jacob
Navia. This software is not freeware, it is copyrighted by Jacob Navia.
It is free for non-commercial use, if you use it professionally
you have to have to buy a license. The Galileo
Project pursues basic and applied research in two fields: software
design and engineering, and dynamic fault tree analysis. The project
revolves around Galileo, an experimental software tool supporting
dynamic fault tree analysis and having, as additional properties, ease
of use, rich non-analysis functions (printing, display, etc), low
development costs, and a case for the dependability of its core
modeling functions based on mathematical validation and
verification. For commercial use contact Exelix, L.L.C. [Added Sep/21/2004:] Foremost is a console program to recover files based on their headers and
footers. Foremost can work on image files, such as those generated by dd,
Safeback, Encase, etc, or directly on a drive. The headers and footers are
specified by a configuration file, so you can pick and choose which headers you
want to look for. Developed by the United States
Air Force Office of Special Investigations [Its primary
responsibilities are criminal investigations and counterintelligence
services.], foremost has been opened to the general public. PScan: A limited problem scanner for C source files. Are you
tired of yet more externally exploitable buffer overflows in C programs? Do you
want to audit your source for common mistakes? Gnu
Arch revision control system. I found Arch to be hideously slow
for the one project I checkout with it. [Added Aug/01/2004:]
Static analysis tools find tough problems fast By Jack Ganssle, Embedded.com.
[Previous:]
It can help you in three ways:
) from a set of documented source files.
There is also support for generating output in RTF (MS-Word),
PostScript, hyper-linked PDF, compressed HTML, and Unix man
pages. The documentation is extracted directly from the
sources, which makes it much easier to keep the documentation
consistent with the source code.Doxygen is
developed under Linux, but
is set-up to be highly portable. As a result, it runs on most
other Unix flavors as well. Furthermore, executables for
Windows 9x/NT and Mac OS X are available.
Susan Dart once wrote: "The goals of using CM
(Configuration Management) are to ensure the integrity
of a product and to make its evolution more manageable.
Although there is overhead involved in using CM, it is
generally agreed that the consequences of not using CM can lead
to many problems and inefficiencies. The overhead of using CM
relates to time, resources, and the effects on other aspects of
the software life-cycle." Configuration Management is some
times referred to as "Version Control".
Still asking
what version control is and why you should use it? One nice
introduction is the book
Practical Software Configuration Management, which
discusses storing your software in version control and handling
basic situations, like coordinating edits by several people. It
uses RCS in the examples, but many of the concepts would apply
to CVS or other version control systems as
well.
If you face challenges like these ...:
I have used TLIB and always been happy with it. They think enough of their product to put links to their competitors on their own site.
Do you think they'll put links to Burton Systems Software on their Web sites?
Open Source Configuration Management:
Aegis is a
transaction-based software configuration management system. It
provides a framework within which a team of developers may work
on many changes to a program independently, and Aegis
coordinates integrating these changes back into the master
source of the program, with as little disruption as
possible.
The FHist package contains 3 utilities, a file history tool ``fhist'', a file comparison tool ``fcomp'', and a file merging tool ``fmerge''. All three are bundled together, because they all use the same minimal-difference algorithm.
The history tool presented here, fhist, is a minimal history tool. It provides no locking or branching. This can be useful in contexts where the configuration management or change control be being provided by some other tool.
The history tool, fhist is able to handle binary
files. The file comparison tool, fcomp, usually does a
line-for-line plain-text comparison, however it is also capable
of a byte-for-byte binary comparison.
CVS is the Concurrent Versions System, the dominant open-source network-transparent version control system. CVS is useful for everyone from individual developers to large, distributed teams:
the CVS
FAQ-O-Matic system is up. you can contribute by adding
new items. 
The goal of the Subversion project is to build a revision
control system that is a compelling replacement for CVS in the
open source community. The software is released under an Apache/BSD-style
open source license.
"If C gives you enough rope to hang yourself, think of Subversion as a sort of rope storage facility." - Brian Fitzpatrick
Bugzilla is one example of a class of programs called
"Defect Tracking Systems", or, more commonly, "Bug-Tracking
Systems". Defect Tracking Systems allow individual or groups of
developers to keep track of outstanding bugs in their product
effectively. Bugzilla was originally written by Terry Weissman
in a programming language called "TCL", to replace a crappy
bug-tracking database used internally for Netscape
Communications. Terry later ported Bugzilla to Perl from TCL,
and in Perl it remains to this day. Most commercial
defect-tracking software vendors at the time charged enormous
licensing fees, and Bugzilla quickly became a favorite of the
open-source crowd (with its genesis in the open-source browser
project, Mozilla). It is
now the de-facto standard defect-tracking system against which
all others are measured.What is Bugzilla?
| Scarab: Issue Tracking Built for the Ages |
|
The goal of the Scarab project is to build an Issue / Defect tracking system that has the following features:
Although the final product will have a strong feature set, many of these features will be based on support in an underlying library of collaboration components. For example, Scarab will not implement its own notification system or localization system, that should be a reusable component of the underlying framework. Scarab is licensed under a BSD/Apache style license. |
 |
|
|
Dart,
an open-source, distributed, software quality system.
Dart allows software projects to be tested at
multiple sites in multiple configurations (hardware,
operating systems, compilers, etc.). Results from a
build/test sequence are transmitted to a central
server using standard Internet protocols. The server
produces concise dashboards, summarizing the current
state of a software system. The dashboards link to
detailed reports on inter- and intra- configuration
results. Testing results are tracked over time,
allowing developers to trace the history of
development.
Dart empowers every developer in a distributed software development team to track the quality of their project. Furthermore, Dart allows a developer to experiment with a locally modified version of their software and submit the results of their experiments to a central dashboard for all developers to see. Dart consists of a server and several client machines. Dart clients build and test a software project and submit build logs and test results to the Dart server. Dart clients encode build logs and test results in XML and transmit these reports to the Dart server over the Internet. The Dart server summarizes the information from the clients and produces dashboards and reports. |
|
The official site is at: AT&T Research.
Tigris.org provides information resources for software engineering professionals and students, and a home for open source software engineering tool projects. We also promote software engineering education and host some undergraduate senior projects.
Software engineering practices are key to any large development project. Unfortunately, software engineering tools and methods are not widely used today. Even after over 30 years as a engineering profession, most software developers still use few software engineering tools. Some of the reasons are that tools are expensive and hard to learn and use, also many developers have never seen software engineering tools used effectively.
The open source software development movement has produced a
number of very powerful and useful software development tools,
but it has also evolved a software development process that
works well under conditions where normal development processes
fail. The software engineering field can learn much from the
way that successful open source projects gather requirements,
make design decisions, achieve quality, and support users. Open
source projects are also a great for developers to keep their
skills current and plug into a growing base of shared
experience for everyone in the field.
TUTOS is a tool to manage the the
organizational needs of small groups, teams, departments
...
To do this it provides some web-based tools:
Ticketsmith is an all-in-one web-based email support ticket system. Messages sent to your support email list will be inserted into a database and cataloged for easy viewing on the web. Replies, both staff and customer, are also cataloged, even though your customer uses a regular mail client. Other features include internal staff comments about tickets, fast sorting and searching capabilities, and email notification upon ticket receipt.
FlawFinder, a program that examines source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public. See ``how does Flawfinder work?'', below, for more information on how it works.
Maven defines itself as a project-management and project-comprehension tool. Its project object model (POM) controls the development and management of a project. The POM controls builds, document creation, site publication and distribution publication and can be stored in an XML file. Maven also provides a set of tools to enable developers to automatically generate a number of critical items, such as source metrics; mailing, developer and dependency lists; software development process documentation; change logs based directly on source repository; and source cross-references.
