This article explains the McCabe metric, the definition and calculation of cyclomatic complexity, its relationship to code quality, and introduces the concept of excessive cyclomatic complexity as a more meaningful indicator for managing software maintainability.
The article explains why and when to scan product code for vulnerabilities, describes static source‑code and binary scanning methods, introduces deep code‑search techniques, outlines the system architecture and incremental indexing pipeline, and shows how these practices can substantially raise overall product quality.
The article outlines how integrating CheckStyle, Lint, and FindBugs with a custom Gradle plugin, applying full‑scan optimizations to collect only necessary source and class files and implementing incremental scans that target only files changed in a PR, cuts Android CI static‑analysis time by over 50 %, dropping full scans from nine to five minutes and enabling sub‑minute incremental checks.
This comprehensive guide explains why code auditing is essential for modern enterprises, compares enterprise and white‑hat audits, outlines a seven‑step methodology, and reviews both open‑source and commercial SAST tools with practical case studies across PHP, Node.js, Python, and Go.
This guide explains how to configure SonarQube scan parameters to automatically include the current GitLab branch name and commit SHA, enabling detailed code‑quality reporting within CI pipelines; it also shows the required command‑line flags and how to set up the Reporting section with GitLab credentials.
The paper reverse‑engineers Linux’s Lockdep and introduces a universal deadlock prediction algorithm that treats mutexes as write‑locks of read‑write locks, using a two‑thread model and indirect‑dependency analysis to accurately detect potential deadlocks in complex rwlock scenarios.
The article presents a scalable ESLint‑based framework for large front‑end teams that combines a layered, unified rule configuration, CI/CD and pre‑commit lint checks, a one‑click onboarding CLI, and automated metrics collection with dashboards, enabling consistent code standards across diverse projects while reducing maintenance overhead.
This guide explains how to install a set of useful IntelliJ IDEA plugins—including FindBugs‑IDEA, Maven Helper, VisualVM Launcher, GenerateAllSetter, Rainbow Brackets, Translation, and Alibaba Java Coding Guidelines—by configuring the IDE, restarting it, and verifying successful loading through visual cues and practical usage examples.
This article presents five practical PyCharm shortcuts—including error navigation, recent change view, static analysis, precise keyboard navigation, and TODO management—to help Python developers work faster and more efficiently, even without version control or external plugins.
This article demonstrates how to query SonarQube web APIs for Java rule data, retrieve quality profile information, and use a Python script that leverages execjs to translate rule descriptions via Google Translate, providing examples of both API responses and translation code.
This article explains SonarQube’s architecture, detailing its server, database, plugin library, and scanner components, and describes the typical development workflow from IDE integration and code commit through CI‑triggered analysis, result submission, and code review, including deployment considerations for machines and network placement.
This article explains how Spring 5’s spring‑core jar incorporates JSR‑305 annotations, introduces the JSR‑305 standard for static analysis, and demonstrates practical usage—including package‑level rules and @Nullable/@NonNull examples—in Spring Boot microservice projects.
This article shares practical experiences from unit testing a 6000‑line C module, detailing static code review and dynamic gtest testing, uncovering common defects such as memory leaks, and presenting two memory‑leak case studies with root‑cause analysis and cleanup recommendations.
Learn how to dramatically improve your Python development workflow by adopting static analysis tools, enforcing a consistent code style, optimizing tool responsiveness, choosing a comfortable editor, and wisely investing in essential software, with practical advice that transforms everyday coding into a faster, more enjoyable experience.
This article walks through creating a complete CI/CD workflow for a Python service using GitLab CI, Docker‑based gitlab‑runner, unit testing, static code analysis with SonarQube, service containers for Redis and MongoDB, and deployment steps, providing all necessary configuration files and commands.
This article explains why TSLint is essential for React Native projects, walks through installing and configuring TSLint, demonstrates local and CI checks, and provides a step‑by‑step guide to creating and deploying custom TSLint rules for improved code quality.
Error Prone is a Google‑released open‑source Java static analysis tool that integrates into build pipelines to catch code defects early, offering non‑intrusive checks, configurable severity levels, and extensibility, making it valuable for Java and Android development.
This article describes how a hotel testing team integrated white‑box testing—code review and static analysis—into fast‑paced agile workflows, detailing the exploration timeline, typical functional testing challenges, three concrete bug‑finding case studies, measurable quality improvements, and practical promotion guidelines.
This article explains how redundancy and voting schemes improve system reliability, introduces Gödel’s incompleteness and consistency concepts, describes the undecidable halting problem, and outlines static program analysis techniques—including data‑flow, inter‑procedural, pointer analysis, and constraint solving—while discussing practical heuristic rules and tools.
The article explores reliability engineering with redundant systems, explains Gödel’s incompleteness theorem and the halting problem, and introduces program static analysis techniques, illustrating how theoretical foundations guide practical approaches to detecting software defects through approximations and abstract interpretation.
The article examines Kotlin’s hidden runtime overheads—such as companion‑object constants, default synchronized lazy delegates, boxing‑prone array types, and temporary progression objects in loops—and describes how the author built a custom Android Lint plugin (KLint) that parses Kotlin files, defines detectors, integrates with Gradle and IDE, and enforces performance‑aware coding standards through CI checks.
This article explains how to set up a PHP project with Composer, PHING, and a suite of quality‑checking tools—including PHPCS for coding standards, PHPCPD for duplicate detection, and Phan for deep static analysis—to automatically enforce code quality and reduce manual review effort.
This article outlines the motivation, tool comparison, and detailed step‑by‑step process for implementing static code scanning across Android and iOS codebases, emphasizing the selection of Infer and the integration of scanning results into CI pipelines and issue‑tracking workflows.
Learn how to dramatically improve PHP code quality by setting up automated testing, static analysis, code style enforcement, duplicate detection, and advanced analysis tools using Composer, PHING, PHP_CodeSniffer, PHPCPD, and Phan, with step‑by‑step configuration examples and sample outputs.
This article explains static analysis concepts, why cppcheck was chosen for Baidu's testing workflow, details its architecture, and walks through the creation of custom rules—including a printf misuse detector and a dynamic switch misuse rule—while sharing practical challenges and results.
The article explains how early defect prevention through a strong test mindset, exploratory testing, and automated static code analysis with tools like SonarQube and Git hooks can dramatically reduce bug‑fix costs, improve software quality, and streamline development workflows.
The article explains how to create, configure, and integrate custom Android Lint rules—using Issue, Detector, Scope, and IssueRegistry APIs—to catch crashes, bugs, performance and security problems such as missing Toast.show() or unsafe Log usage, supports incremental git‑based scans, and demonstrates deployment in IDE, builds, pre‑commit hooks and CI for improved code quality.
This article outlines five common pitfalls that slow down Python developers and provides practical, tool‑based solutions—like static analysis, consistent code style, fast editors, and smart tool investments—to dramatically boost productivity and create a comfortable coding setup.
This article shares practical experiences from unit testing a critical C module, describing common memory‑leak scenarios, their root causes, and concrete solutions while also offering a checklist of typical leak‑prone patterns for developers.
This article introduces five key aspects of Java code quality—coding standards, duplicate code, test coverage, dependency analysis, and complexity analysis—and explains how Eclipse plugins such as CheckStyle, PMD/CPD, EclEmma, JDepend, and Metrics can be configured and used to assess and improve each aspect.
This guide explains how to add Alibaba’s Java development handbook scanning plugin to IntelliJ IDEA and Eclipse, showing its Blocker/Critical/Major issue levels, real‑time inspection support, batch fixes for legacy code, and step‑by‑step installation procedures.
Alibaba unveiled its Alibaba Java Development Specification (P3C) scanning plugin at the Hangzhou Cloud Expo, detailing its automated IDE checks, multi‑level issue reporting, batch fixes, installation steps for IDEA and Eclipse, and its ambition to become a global open‑source coding‑standard.
This article describes an integrated solution that combines code quality monitoring during development with automated crash issue tracking after deployment, using a custom platform, Jenkins, Gradle plugins, static analysis tools, and rule-based filtering to continuously improve project reliability and performance.
This article compiles comprehensive shell scripting best‑practice guidelines—including shebang usage, commenting, parameter validation, variable handling, indentation, naming conventions, encoding, permissions, logging, password safety, line continuation, efficiency tricks, quoting, function structuring, scope control, indirect references, heredocs, path resolution, parallel execution, modern syntax, and static analysis with ShellCheck—to help developers write readable, maintainable, and performant Bash scripts.
Code Arbiter extends the FindBugs plugin to provide real‑time Android Studio source‑code security scanning, implementing line‑by‑line API misuse detection, empty TrustManager checks, taint‑analysis of sources and sinks, and custom bytecode checks for unprotected Intent/Bundle reads, all packaged as a JAR for instant developer feedback.
This article debunks the myth of writing a million lines of code, explains why code quantity matters less than quality, and offers ten practical steps—including solid fundamentals, coding standards, design principles, refactoring, technical debt management, code reviews, static analysis, unit testing, self‑testing, and leveraging open source—to help developers produce high‑quality software efficiently.
A humorous yet insightful look at the myths of massive codebases, featuring developer anecdotes, realistic productivity calculations, and practical advice on prioritizing code quality, solid fundamentals, and modern tooling over sheer line count.
This article compares Facebook's open‑source static analyzer Infer with 360's Fireline, focusing on resource‑leak detection for Android, presenting test methodology, detailed results across 30 leak scenarios, and highlighting Fireline's higher detection rate and lower false‑positive ratio.
This article introduces Gixy, a static analysis tool for Nginx configurations, demonstrates how to detect and fix HTTP header splitting and other security issues, explains its handling of included files, lists detectable vulnerabilities, and provides simple installation instructions.
Learn how to ensure high‑quality Java code throughout agile development by standardizing coding conventions, applying static analysis, writing unit tests, implementing continuous integration, and conducting thorough code reviews and refactoring, with practical tool recommendations and best‑practice guidelines for each step.
This article explains iOS memory performance testing by covering static analysis via Xcode's Analyze feature and dynamic analysis tools such as Leaks, Activity Monitor, Allocations, and Zombies, illustrating how to detect memory leaks, unreasonable memory usage, and EXC_BAD_ACCESS errors with practical examples and step‑by‑step guidance.
This guide explains how to set up Jenkins to automatically poll a Git repository, run cppcheck static analysis, process the XML results, and email the findings, including detailed configuration steps, command examples, and troubleshooting tips.
Security testing, performed from near completion to release, verifies that software meets security requirements and quality standards by identifying common vulnerabilities such as DLL hijacking, ASLR/DEP misuse, and heap overflows, and employs static scanning and dynamic testing methods to detect and remediate these issues.
Godeyes is a cross‑platform static analysis tool that scans Android applications for crash‑related issues such as API incompatibilities, OOM risks, and uncaught exceptions, offering Eclipse, Android Studio, and Jenkins integrations along with customizable rules and detailed HTML reports.
This tutorial walks through preparing the PMD environment, exploring its directory structure, and step‑by‑step instructions for implementing a custom rule—such as enforcing braces on while loops—using both Java code and XPath expressions, including packaging and execution details.
Android Lint, Google’s static analysis tool, scans Android code for potential bugs and style violations, enabling developers to fix problems early, and Meituan enforces its use in the development pipeline so that any Lint-detected issues block merges into the main branch, ensuring higher code quality.
The article introduces FindBugs, an open‑source Java static analysis tool, explains how it inspects Android bytecode to detect bugs such as null pointers, multithreading issues, and performance problems, and describes its integration with IDEs, command‑line builds, and its severity ranking system.
Android Lint is a static code analysis tool for Android that detects potential defects and optimization opportunities across correctness, security, performance, usability, accessibility, and internationalization, offering command‑line and IDE integration, customizable rules, and detailed HTML reports to improve code quality.
This article outlines twelve practical techniques—including TDD, ATDD, CI, pair programming, code reviews, static analysis, coding standards, automation, refactoring, early demos, user testing, and team cohesion—that collectively raise software quality while reducing bugs and development costs.
This article outlines six practical habits for developers—self‑checking code before blaming tools, continuous learning, embracing refactoring, acting professionally, using static analysis, and genuinely caring about code quality—to improve productivity and reduce bugs in any software project.
The article examines Quora's engineering practices—including static analysis, post‑commit code review, automated testing, and systematic legacy code cleanup—that enable the company to maintain high code quality while sustaining fast development cycles.
This article introduces five key aspects of Java code quality—coding standards, duplicate code, test coverage, dependency analysis, and complexity analysis—and demonstrates how Eclipse plugins such as CheckStyle, PMD, EclEmma, JDepend, and Metrics can be configured and used to assess and improve each aspect.
