UP | HOME
../../

Software Engineering Tools

Table of Contents

1 Abstract

Select tools are introduced under the "chapter headings" of this course. [Some are empty – I did not find any tool worth listing. If you wish that updated, let me know.] Most are FOSS, well documented, and in wide use. They are the results of 1000s to 1000 000s and up man-hours of development work. On most of these, there is a wikipedia page and good number of tutorial lectures and slides. Unless I quoted a line or two from their home page, it is not explicitly shown.

2 Assertions

2.1 Frama-C

  1. http://frama-c.com/ Frama-C is a free and open source tool, whose GUI resembles that of a typical IDE. Given a program and its assertions, it can mathematically verify if the program is correct. It is for the C language only, not C++ or other languages.
  2. http://cecs.wright.edu/~pmateti/Courses/FormalMethods/

2.3 SPLINT

  1. http://splint.org/ Splint can analyze C source code for security vulnerabilities and coding mistakes, even without you providing assertions. It is for the C language only, not C++ or other languages.

2.4 JML, Java Modeling Language

  1. ../Assertions/JML/jml.html An assertion language for Java. Plugins for Eclipse and IdeaJ.
  2. http://www.openjml.org/

2.5 Coverity

  1. http://www.coverity.com/ Research from Stanford U. Discovered 1000+ bugs in Linux kernel. Bought by https://www.synopsys.com/. Expensive to buy their service commercially. "Coverity Scan is our free, cloud-based solution specifically for the Open Source Community." Read https://www.synopsys.com/software-integrity.html

3 Requirements

3.1 Requirements Tracking

4 Specs

5 Design

6 Implementation

7 Architecture

8 Documentation

8.1 NoWeb

  1. http://www.cs.tufts.edu/~nr/noweb/ Literate Programming tool. You prepare a literate programming file and then run it through this tool to produce a nicely typeset pdf, and also ready-to-compile source code files. Debian Linux: apt-get install noweb
  2. Many other "literate programming" tools at URL TBD

8.2 Doxygen

  1. http://www.doxygen.org Doxygen is the de facto standard tool for generating documentation from annotated C++, Java, … sources.
  2. Linux src code TBD

9 Comprehension

  1. ../Comprehension/ Lecture Notes. Recommended Reading.
  2. Stand alone (tiny) tools: {ctags, etags, javadoc, …}
  3. http://doxygen.org Open source documentation system for software written in C++, C#, Java, Python, IDL, C and more. Can generate Class relationship diagrams and file relationships.
  4. https://www.google.com/search?q=static-analysis-plugins-for-intellij
  5. https://www.google.com/search?q=static-analysis-plugins-for-eclipse
  6. Source Navigator can display relationships between classes, functions, members, and display call trees mapping unknown source code for enhancement or maintenance tasks. For C/C++. Development stopped? http://sourcenav.sourceforge.net/
  7. http://lxr.linux.no/linux/ Linux source code browser
  8. Commercial Tools: JArchitect, NDepend, … [Free Trials?]
  9. https://www.sourcetrail.com/ A cross-platform source explorer for C/C++ and Java (Free for non-commercial use)
  10. P. Anderson; M. Zarins, The CodeSurfer Software Understanding Platform Program Comprehension, 2005. IWPC 2005. Proceedings. 13th International Workshop on (January 2005), 2005, pg. 147-148. Reference. http://www.grammatech.com/research/technologies/codesurfer [Commercial; free trial]

9.1 Reverse Engineering

  1. "Design Extraction"
  2. Source code is reverse-engineered back to … design … specs.
  3. Starting from source code; not binary-only. Reversing binary files is termed Reverse Code Engineering, or RCE. Often used in malware analysis.
  4. Obfuscation is used to deter both reverse engineering and re-engineering.
  5. Canfora, et al., see Refs. Required Reading
  6. https://www.apriorit.com/dev-blog/366-software-reverse-engineering-tools 9 Best Reverse Engineering Tools for 2018

9.2 Operations on Source Code

  1. Program Slicing: What could have affected this variable’s value? A program slice with respect to a given variable, v, is a set of variables the values of which can influence that of v.
  2. Ripple analysis: If a given statement is modified, where does it affect?

10 Maintenance

10.1 Removal of Bad Smells

10.2 OO Design Patterns

10.3 Tracking Issues

10.4 Metrics

10.5 SonarQube

  1. https://www.sonarqube.org/ "SonarQube software (previously called Sonar) is an open source quality management platform, dedicated to continuously analyze and measure technical quality, from project portfolio to method."
  2. Code Smells
  3. Bugs
  4. Vulnerabilities

11 Testing

11.1 JUnit5 Unit Testing

  1. https://github.com/ligurio/awesome-software-quality List of free software testing and verification resources.
  2. https://www.vdalabs.com/tools/The_Evolving_Art_of_Fuzzing.pdf

11.2 TestNG Unit Testing

11.3 Mutation

11.4 Fuzzing

11.5 Misc

  1. https://github.com/spockframework "The Enterprise-ready testing and specification framework." 2018

12 Debugging

13 Languages

13.1 MPS

  1. MPS: Domain-Specific Language Creator https://www.jetbrains.com/mps/
  2. https://en.wikipedia.org/wiki/JetBrains_MPS

14 Static Source Code Analysis

  1. http://cecs.wright.edu/~pmateti/Courses/7140/Lectures/SecureProg/StaticAnalysis/

15 SecureProg

16 Checkstyle

  1. "Checkstyle is a static code analysis tool used in software development for checking if Java source code complies with coding rules."
  2. https://en.wikipedia.org/wiki/Checkstyle

17 Gerrit

  1. "Gerrit is a free, web-based team code collaboration tool. Software developers in a team can review each other's modifications on their source code using a Web browser and approve or reject those changes. It integrates closely with Git, a distributed version control system."
  2. https://en.wikipedia.org/wiki/Gerrit_(software)
  3. https://review.openstack.org/Documentation/intro-quick.html

18 Git

  1. "Git is a version control system for tracking changes in computer files and coordinating work on those files among multiple people."
  2. https://en.wikipedia.org/wiki/Git
  3. Hosts: GitHub and GitLab; clients: many

19 Build Tools: Gradle, Maven, Ant

  1. Gradle is a software build system. It is more recent than ant, and maven.
  2. It is now (2017) the preferred build tool in Android Studio.
  3. https://maven.apache.org/guides/getting-started/maven-in-five-minutes.html
  4. Gradle does not use XML. Instead, it has its own DSL based on Groovy (one of JVM languages). As a result, Gradle build scripts tend to be much shorter and clearer than those written for Ant or Maven.

20 Jenkins

  1. "Jenkins is an open source automation server written in Java. Jenkins helps to automate the non-human part of the software development process, with continuous integration and facilitating technical aspects of continuous delivery. "
  2. https://en.wikipedia.org/wiki/Jenkins_(software)

21 Travis-CI

  1. https://en.wikipedia.org/wiki/Travis_CI "Travis CI is a hosted, distributed continuous integration service used to build and test software projects hosted at GitHub."
  2. https://docs.travis-ci.com/user/for-beginners/ Core Concepts for Beginners

22 Tools

We will use many of the following tools. Almost all of these are included as open-source packages ready to install on Ubuntu Linux distro; I do not know about RedHat. Almost all of them also have versions available for Windows.

  1. http://git-scm.com/ Git is a free and open source distributed version control system designed to handle everything from small (in KB) to very large projects (in TB) by individuals or teams. (The URL is to a site that hosts a free book.) Debian Linux: apt-get install git-gui
  2. http://www.eclipse.org/ Eclipse is an IDE for programming in Java, C++, and other languages. Has many plugins. Debian Linux: apt-get install eclipse
  3. http://www.jetbrains.com/idea/ Idea is an IDE for programming in Java, C++, and other languages. Has many plugins. Not in Debian. Community edition is free; Ultimate is not.
  4. Pants - Build system by Twitter, Foursquare, and Square. Bazel - Correct, reproducible, fast builds for everyone. Bazel is a tool in the Java Build Tools category. Buck - A build system developed and used by …
  1. https://please.build/faq.html
    1. Miscellaneous programs:
      1. indent, cccc, sloccount, pmccabe,
      2. bogosec, check, Electric Fence, valgrind, alleyoop, Valkyrie,
      3. KCachegrind, Massif Visualizer
      4. cobertura: java tool that calculates the percentage of code accessed by tests,
      5. cbmc: bounded model checker for C and C++ programs,
      6. Umbrello, dia2code, AutoDia
      7. xxgdb, kdbg, gdb server, ddd
      8. ant, maven

23 End

Copyright © 2018 pmateti@wright.edu www.wright.edu/~pmateti 2018-05-31