|4 days ago||5 days ago|
|MIT License||GNU Lesser General Public License v3.0 only|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
A quick look at free C++ static analysis tools
3 projects | reddit.com/r/cpp | 4 Jan 2023
I notice there isn't fbinfer. It's pretty cool, and is used for this library.
OCaml 5.0 Multicore is out
19 projects | news.ycombinator.com | 16 Dec 2022
Beyond Functional Programming: The Verse Programming Language (Epic Games' new language with Simon Peyton Jones)
5 projects | reddit.com/r/programming | 12 Dec 2022
TBH, there's a non-zero amount of non-"ivory tower" tools you may have used that are written in functional languages. Say, Pandoc or Shellcheck are written in Haskell; Infer and Flow are written in OCaml. RabbitMQ and Whatsapp are implemented in Erlang (FB Messenger was too, originally; they switched to the C++ servers later). Twitter backend is (or was, at least) written in Scala.
The State of Affine Types in C++?
2 projects | reddit.com/r/cpp | 22 Nov 2022
- borrow-cpp which exploits some null dereference checks in the infer static analyzer to model some of borrow checking.
Prusti: Static Analyzer for Rust
8 projects | news.ycombinator.com | 13 Oct 2022
Programming Breakthroughs We Need
17 projects | news.ycombinator.com | 17 Aug 2022
> Maybe you could write tests as queries that would test a whole set of possible programs, not only the current version of your program at the moment.
I think that the future of programming is more sophisticated static analysis. Programmers will write statements like, "every code path that writes to the Payments database must have called validate_user()." Then, the tooling will confirm that rule with every commit.
We kind of have this already (for example, Facebook's Infer tool ), but I think it will become much more important in the coming decade.
Formally Verifying Industry Cryptography
2 projects | news.ycombinator.com | 14 Jul 2022
Great question! Formal methods groups in industry are growing rapidly and popping up in surprising places. Amazon's group is probably the most famous, but I think pretty much every big tech company has something going on in the formal verification / static analysis space. There's also a lot going on in blockchain . It's definitely becoming harder to hire people with FM skills, so in that sense, I think it's a great space to get into.
The downside is that the space is quite fragmented and a lot of tools have a high skill bar. If I was starting out, I'd probably focus on static analysis (eg. Infer or something similar - https://github.com/facebook/infer) because those tools tend to be easier to learn, and they have the potential to scale to really big systems. In contrast, Coq is a fine tool, but most people learn it by going to grad school which isn't useful short term career advice.
There are lot of great interviews with practitioners on the Galois podcast, Building Better Systems - that might be a good place to start exploring: https://www.stitcher.com/show/building-better-systems
Hard Things in Computer Science
2 projects | news.ycombinator.com | 28 Jun 2022
> The only reliable way to have bug-free code is to prove it. It requires solid mathematical foundations and a programming language that allows formal proofs.
I'm going to be the "actually" guy and say that, actually, you can formally verify some studff about programs written in traditional/mainstream languages, like C. Matter of fact, this is a pretty lively research area, with some tools like CBMC  and Infer  also getting significant adoption in the industry.
How to make develop C application easier?
2 projects | reddit.com/r/C_Programming | 28 Mar 2022
There are also static analyzers, for example PVS-Studio which is commercial and solid: https://pvs-studio.com/en/ The GCC compiler, starting with version 10, has a static analyzer that you activate with the “-fanalyzer” option. It’s still quite limited but I use it. Be sure the get GCC version 11.2 or later because the analyzer got much better after version 10. Facebook has a no-cost analyzer, but I haven’t tried it yet: https://fbinfer.com/
infer - A static analyzer for Java, C, C++, and Objective-C open-sourced by Facebook
3 projects | reddit.com/r/programming | 5 Mar 2022
5 easy paths to become a recognized Java expert. Really. For free.
5 projects | dev.to | 25 Aug 2022
How does Apache ShardingSphere standardize and format code? We use Spotless
6 projects | dev.to | 7 Jun 2022
1. Conflicts between Spotless and Checkstyle Checkstyle is a tool for checking Java source code for compliance with code standards or a set of validation rules (best practices).
Seriously who cares about the warnings
2 projects | reddit.com/r/ProgrammerHumor | 18 Apr 2022
Never had anything like that though for four years my life revolved around getting PMD, checkstyle and Sonar rules to pass so my pull request would merge.
Code smell plugin
2 projects | reddit.com/r/javahelp | 15 Feb 2022
PMD, and checkstyle as well.
How can I help my partner write better code?
2 projects | reddit.com/r/learnprogramming | 27 Nov 2021
I’m a little out of date with Java, but I believe Checkstyle is currently popular: https://github.com/checkstyle/checkstyle
Why You Need Static Code Analysis
2 projects | dev.to | 1 Oct 2021
Another example can be applied to code quality itself. Most static analyzers are configurable. If you tried to set Checkstyle Google configuration to the mature project, you would probably get hundreds or even thousands of errors. You can start with just one rule. Ar first glance, it seems not so important. But after the moment when the configuration reaches the repository, you can be sure that no one else can violate this rule in the future.
I have made a list of 55 plus open source software list for doing various tasks
10 projects | reddit.com/r/software | 26 Aug 2021
Checkstyle: a tool that helps programmers write Java code that adheres to a coding standard: https://github.com/checkstyle/checkstyle
5 projects | reddit.com/r/neovim | 24 Aug 2021
So I was there once, sharing my solution. For my current project I use the java formatter jar, but on my previous work I was using checkstyle, you can get it from here: Checkstyle. Then pass your checkstyle xml format config.
I want to set some standards and practices around the development process at my company. Just looking for any tips. Has anyone done this before? Is there any reference material you might suggest?
2 projects | reddit.com/r/ExperiencedDevs | 20 Jun 2021
On the coding standards side, use linters like https://github.com/checkstyle/checkstyle and https://github.com/eslint/eslint so you have an automated way to detect some errors and enforce style standards.
Design an Effective Build Stage for Continuous Integration
12 projects | dev.to | 8 Apr 2021
sem-version java 11 wget https://github.com/checkstyle/checkstyle/releases/download/checkstyle-8.41/checkstyle-8.41-all.jar java -jar checkstyle-8.41-all.jar -c /sun_checks.xml MyFile.java
What are some alternatives?
SonarQube - Continuous Inspection
Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
spotless - Keep your code spotless
Error Prone - Catch common Java mistakes as compile-time errors
PMD - An extensible multilanguage static code analyzer.
FindBugs - The new home of the FindBugs project
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security