Skip to content

Open Source

Codehaus & Ben: Thank You and Good Bye

Sonar - Thu, 03/26/2015 - 20:55

It seems very natural today that SonarQube is hosted at Codehaus, but there was a time when it was not! In fact joining Codehaus was a big achievement for us; you might even say it was one of the project’s first milestones, because Codehaus didn’t accept just any project. That may seem strange today, when you can get started on Github in a matter of minutes, but Codehaus was picky, and just being accepted was a big deal.

It was also a big deal because being accepted by Codehaus gave us access to a full suite of best-of-breed tools: IntelliJ, JProfiler, and Nexus, plus Jira, Confluence, and the rest of the Atlassian suite… This, coupled with the fact that Codehaus took on the burden of hosting and maintaining that infrastructure, allowed us to focus on the SonarQube platform and ecosystem. It enabled us to make what we think is a great product – a product that wouldn’t be what it is today without Codehaus.

The first ticket ever created for the SonarQube (née Sonar) project was SONAR-1, entered in the Codehaus Jira on Dec. 17th, 2007. The project was just under a year old at the time (SonarSource hadn’t even been founded yet). Over the next 7+ years, that ticket was followed by nearly 14,000 more across 42 projects, more than 60,000 emails across two mailing lists, and countless documentation revisions over the many versions of SonarQube and its plugins.

Of course, “Codehaus” really boils down to one guy: Ben Walding, who has been running the 1,000-project forge on his own time and his own dime from the beginning. No matter what was going on in Ben’s life, Codehaus was up. And he wasn’t just “keeping the lights on”, either; Ben always made things not just possible, but easy. So when he told us a couple of months ago that Codehaus was shutting down, it wasn’t really a surprise. In fact, as he said, the writing had been on the wall for a while. But it was saddening. Because no matter how many other options there are today for open source projects, Codehaus will always have a special place in the history of the open source movement and in our hearts.

We’ll announce what Life After Codehaus will look like in May, but in the meantime, we say: Merci beaucoup, Большое спасибо, Heel erg bedankt, Grazie mille, vielen Dank, Suur aitäh, Nagyon köszönöm, and Thank you, Ben. Goodbye to Codehaus, and thank you very much.

Categories: Open Source

Registration for JUC 2015 is Open!

It's that time of the year again: 2015 Jenkins User Conference Registration is OPEN for all cities. This year, we are making some changes to JUC — JUC will be a two-day event in three out of the four cities across the globe. You will get opportunities to network with other users and developers in the community, learn more about how other people are using Jenkins and attacking broader continuous delivery problem. As always, we love to meet & talk to you to learn what you are doing with Jenkins. To get the sense of how JUC is like, take a look at our past JUC reports like this and this.

Early Bird pricing for JUC tickets is available until May 1.

You can learn a lot more information here about the 2015 Jenkins User Conference World Tour. As always, we are tweaking JUC to make it better, based on feedback. I'll post about those in coming months. Make sure to follow or tweet at @jenkinsconf to stay up to date on JUC news or to share which JUC you will be attending!

See you there!

Categories: Open Source

JUC 2015 Call for Paper Deadlines Approaching!

The deadlines to speak at a 2015 Jenkins User Conference are fast approaching. Don’t miss out on this great opportunity to share your Jenkins tips, tricks, stories, and know-how with the community! Submit your proposal by the below deadlines to have your talk considered by a panel of Jenkins experts:

Please note: The deadline to submit a speaking proposal for East Coast US (DC) and Europe (London) is SUNDAY, MARCH 22, 2015. That is only FIVE days away!

2015 JUC Cities & Call for Papers Deadlines

  • East Coast US: Deadline to Submit - March 22, 2015
  • London: Deadline to Submit - March 22, 2015
  • West Coast US (Bay Area): Deadline to Submit - May 3, 2015
  • Israel: Deadline to Submit - May 15, 2015

Not interested in speaking? Contribute to the community in another way: nominate or refer a speaker you would like to hear from at JUC! Contact alytong13@gmail.com or simply become a sponsor.

Categories: Open Source

The speed of a caravan in the desert

Sonar - Thu, 03/12/2015 - 12:22

“What is the speed of a caravan in the desert?” Language Team Technical Lead Evgeny Mandrikov posed that question recently to illustrate a point about developer tools. The answer to the caravan question is that it moves at the speed of the slowest camel. He was using the metaphor to illustrate a point about developer tools: a developer can only work at the speed of her slowest tool.

This is one reason developers want – and smart managers buy – machines with fast processors. We like them not just because we’re gear-head (chip-head?) geeks, but because they get us closer to the ability to work at the speed of thought. But what about the other tools? What about the quality tools?

For the same reason developers want fast processors, fast IDE’s and fast compilers, we also want fast quality tools. Forget the semicolon at the end of a line of Java code and most IDE’s will immediately light it up in red. That fast quality feedback lets you code quickly and efficiently, without agonizing over trivial details.

Similarly, fast feedback on code quality lets you mark features “done and dusted”, and move on. That’s why SonarSource offers three different options for pre-commit analysis. That’s also why we advocate (and practice!) Continuous Inspection. Looking at code quality once a month or once a week or just before a release is waaay too late.

Because developers want to work at the speed of thought, not the speed of corporate bureaucracy. And smart managers want that too.

Categories: Open Source

The Art of Unit Testing

The Typemock Insider Blog - Wed, 03/11/2015 - 15:09

As Roy Osherove wrote in his book, The Art of Unit Testing, “Unit testing isn’t a new concept in software development. It’s been floating around since the early days of the Smalltalk programming language in the 1970s, and it proves itself time and time again as one of the best ways a developer can improve […]

The post The Art of Unit Testing appeared first on The Unit Testing Blog - Typemock.

Categories: Open Source

Google Apps SSO no longer supported in Jenkins OpenID plugin

This is a guest post from Owen Mehegan (aka autojack)

In 2014 Google announced that they will be shutting down their OpenID 2.0 authentication endpoint and replacing it with Google+ Sign-in, a library built on top of OpenID Connect. The old Google endpoint will shut down on April 20th, 2015! Accordingly, if you are using the Jenkins OpenID plugin to authenticate users with the ‘Google Apps SSO’ feature (typically when Google hosts your personal or corporate email), you need to upgrade. Ryan Campbell took the initiative to develop the new Google Login plugin which implements the Google+ Sign-in functionality. This is the recommended solution going forward. Follow the steps here to configure it for your site. Note that you DON’T need to have a Google+ social network account/profile. Any Google account can be used.

If you find yourself locked out of your Jenkins system after the old endpoint is shut down you will need to follow the steps here to disable Jenkins security temporarily. Then you can connect without authentication and switch to the Google Login plugin. You will probably want to uninstall the old OpenID plugin at that point as well.

References:

Categories: Open Source

Jenkins User Conference – Save the Date

We have some exciting news to share with you! We have finalized most of the dates and locations for the 2015 Jenkins User Conference (JUC) World Tour.

Save the date(s):

  • US East (Washington DC): June 18-19
  • Europe (London): June 23-24
  • Israel: July 16 (ETA)
  • US West (Santa Clara): September 2-3

The big news? The JUC agenda has been expanded this year to cover two days! That means you get twice as many opportunities to learn how others are using Jenkins and to network with other Jenkins users.

CALL FOR PAPERS IS OPEN FOR ALL JUC CONFERENCES

We need JUC speakers! The Call for Papers is open now and you can apply here. This is an opportunity for YOU to give back to the community by sharing your Jenkins knowledge and success. Jenkins speakers contribute significantly to the overall JUC experience.

In return for speaking, you will receive free admission to the conference and fame/fortune within the Jenkins community. OK, we can’t guarantee the latter, but we can guarantee the former! Hurry and apply now, because the Call for Papers deadline for US East and Europe expires on March 22, 2015.

Not interested in speaking? Another way to contribute to the community is by letting us know who you want to hear from. Nominate or refer that amazing speaker and we’ll do the rest. Contact alytong13@gmail.com

JUC SPONSORSHIPS

Lastly, be a JUC sponsor. Any organization can do this – whether a vendor that sells into the Jenkins ecosystem or a company that has received value from Jenkins and wants to give back to the community. You can find out more here. (NOTE: JUC is not a moneymaking venture for the community – so sponsorships do make a difference.)

Categories: Open Source

100K Celebration Podcast

As a part of the Jenkins 100K celebration, Dean Yu, Andrew Bayer, R. Tyler Croy, Chris Orr, and myself got together late Tuesday evening to go over the history of the project, how big the community was back then, how we grow, where we are now, and maybe a bit about future.

We got carried away and the recording became longer than we all planned. But it has some nice sound bites, back stage stories, and stuff even some of us didn't know about! I hope you'll enjoy it. The MP3 file is here, or you can use your favorite podcast app and subscribe to http://jenkins-ci.org/podcast.

Categories: Open Source

Eating the dog food

Sonar - Wed, 02/25/2015 - 17:36

The SonarQube platform includes an increasing powerful lineup of tools to manage technical debt. So why don’t you ever see SonarSourcers using Nemo, the official public instance, to manage the debt in the SonarQube code? Because there’s another, bleeding-edge instance where we don’t just manage our own technical debt, we also test our code changes, as soon as possible after they’re made.

Dory (do geeks love a naming convention, or what?), is where we check our code each morning, and mid-morning, and so on, and deal with new issues. In doing so, each one of us gives the UI – and any recent changes to it – a thorough workout. That’s because Dory doesn’t run the newest released version, but the newest milestone build. That means that each algorithm change and UI tweak is closely scrutinized before it gets to you.

The result is that we often iterate many times on any change to get it right. For instance, SonarQube 5.0 introduced a new Issues page with a powerful search mechanism and keyboard shortcuts for issue management. Please don’t think that it sprang fully formed from the head of our UI designer, Stas Vilchik. It’s the result of several months of design, iteration, and Continuous Delivery. First came the bare list of issues, then keyboard shortcuts and inter-issue navigation, then the wrangling over the details. Because we were each using the page on a daily basis, every new change got plenty of attention and lots of feedback. Once we all agreed that the page was both fully functional and highly usable, we moved on.

The same thing happens with new rules. Recently we implemented a new rule in the Java plugin based on FindBugs, "Serializable" classes should have a version id. The changes were made, tested, and approved. Overnight the latest snapshot of the plugin was deployed to Dory, and the next morning the issues page was lit up like a Christmas tree.

We had expected a few new issues, but nothing like the 300+ we got, and we (the Java plugin team and I) weren’t the only ones to notice. We got “feedback” from several folks on the team. So then the investigation began: which issues shouldn’t be there? Well, technically they all belonged: every class that was flagged either implemented Serializable or had a (grand)parent that did. (Subclasses of Serializable classes are Serializable too, so for instance every Exception is Serializable.) Okay, so why didn’t the FindBugs equivalent flag all those classes? Ah, because it has some exclusions.

Next came the debate: should we have exclusions too, and if so which ones? In the end, we slightly expanded the FindBugs exclusion list and re-ran the analyses. A few issues remained, and they were all legit. Perfect. Time to move on.

When I first came to SonarSource and I was told that the internal SonarQube instance was named Dory, I thought I got it: Nemo and Dory. Haha. Cute. But the more I work on Dory, the more the reality sinks it. We rely on Dory on a daily basis; she’s our guide on the journey. But since our path isn’t necessarily a straight line, it’s a blessing for all of us that she can forget the bad decisions and only retain the good.

Categories: Open Source

100K Celebration Podcast Recording

In preparation for Jenkins 100K celebration, I'm going to record a one-time podcast with Dean Yu, Andrew Bayer, and R. Tyler Croy.

My current plan is to go over the history of the project, how big the community was back then, how we grow, where we are now, and maybe a bit about future.

But if you have any other suggestions/questions that you'd like us to discuss, you have 3 or 4 more hours to send in that suggestion! Your feedback would help us make a better recording, so please don't hesitate to tell us.

Categories: Open Source

Four things that blew my mind with “Typemock Isolator”

The Typemock Insider Blog - Tue, 02/24/2015 - 12:49

I just started working at Typemock a few months ago and the company decided that we need to take a hour a week to write about our experience or about anything but is has to be about the company. Believe it or not I actually like writing and not only code. So yeah… I decided […]

The post Four things that blew my mind with “Typemock Isolator” appeared first on The Unit Testing Blog - Typemock.

Categories: Open Source

Jenkins 100K celebration pictures

In preparation of the celebration of 100K installations, 1000 plugins, and 10 years of Jenkins, we've got these images created.

I hope folks can use these images to mark the occasion! The full size pictures are here.

Categories: Open Source

SonarQube Java Analyzer : The Only Rule Engine You Need

Sonar - Thu, 02/12/2015 - 17:17

If you have been following the releases of the Java plugin, you might have noticed that we work on two major areas for each release: we improve our semantic analysis of Java, and we provide a lot of new rules.

Another thing you might have noticed, thanks to the tag system introduced by the platform last year, is that we are delivering more and more rules tagged with “bug” and “security”. This is a trend we’ll try to strengthen on the Java plugin to provide users valuable rules that detect real problems in their code, and not just formatting or code convention issues.

What you might wonder then is: where do we get the inspiration for those rules?  Well, for starters, the SonarSource codebase is mostly written in Java, and most SonarSource developers are Java developers. So in analyzing our own codebase we find some patterns that we want to detect, turn those patterns into rules, and provide the rules to our users. But that is not enough, and that is why we are taking inspiration from other rule engines, and more specifically FindBugs. We are in the process of deprecating FindBugs rules by rewriting them using our technology.

Our goal is that at some point in 2015 we’ll stop shipping the FindBugs plugin by default with the platform (we’ll still support it and provide it through the update center) because out of the box, the Java Plugin will provide at least as much (hopefully more!) value as FindBugs.

This might seem pretentious, but there are a couple of reasons we are moving in this direction:

  • This is a move we already made with PMD and Checkstyle (and we are still supporting the sonar-pmd-plugin and sonar-checkstyle-plugin).
  • FindBugs works only at the bytecode level: the analysis only runs on compiled classes. The Sonar Java Plugin works with both sources and bytecode, and is thus able to be more precise in its analysis, eliminating false positives and detecting patterns that cannot be detected by FindBugs.
    For instance consider the following code run against the Java Plugin rule “Identical expressions should not be used on both side of a binary operator”, which deprecates multiple FindBugs rules:

    //...
    if(a == a) { //self comparison
      System.out.println(“foo”);
    }
    if( 2+1*12 == 2+1*12 ) { //selfcomparison
      System.out.println(“foo”);
    }//...
    

The approach used by FindBugs, which relies only bytecode, will not be able to detect the second issue because the second if will be erased by the compiler and thus will not be visible in bytecode.

  • FindBugs project activity: The activity on the project is quite low and thus the value coming out of it does not come fast enough to satisfy our users.
  • Documentation: One thing we really value at SonarSource, and that we think has made our products great, is that for each issue we raise we provide a clear explanation of why we raised the issue and an indication of how to fix it. This is something that FindBugs clearly lacks in our view, and we are confident we can offer better value in this area.

As we reimplement the FindBugs rules, our goal is also to remove some useless  or outdated rules, merge close-in-meaning rules, and report fewer false positives that FindBugs does.

However, this is going to take some work: we are still one step behind FindBugs regarding an essential part of what makes it valuable, the Control Flow Graph (CFG). Briefly: CFG allows tracking the value of a variable through the execution paths your code. An example of its use is to be able to detect NullPointerException without executing the code. This feature is not implemented yet in the SonarQube Java Plugin, but a first version was shipped in the latest version (3.3) of the C/C++ plugin. It’s in the roadmap of the Java plugin to embed this feature and deprecate the FindBugs rules requiring it.

This rewriting of FindBugs rules has already started, with a huge effort on documenting and specifying them properly. Out of the 423 rules provided by FindBugs we have decided to reimplement 394, and have already specified replacements for 286. At the time of this writing, 157 rules have already been reimplemented using our own technology (so about 40% of the implementable rules).

Don’t get me wrong: FindBugs is a great tool providing a lot of useful feedback to Java developers. But within the year, we will be at a point in the development of the SonarQube Java plugin where we can deliver even better feedback, and detect issues that even FindBugs can’t find.

Categories: Open Source

Jenkins Celebration Day is February 26

Congratulations! The Jenkins project officially went over the 100K active users mark sometime in January. As of January 31, we were at 102,992. YOU are one of the 100K active users!

As discussed on a couple recent project meetings, we have designated February 26 as Jenkins Celebration Day.

To make some noise, here is what we are doing starting NOW:

  • Write a blog about anything related to Jenkins. Post your blog and Tweet out a link to it. Include the hashtag #Jenkins100K in your post.
  • On February 26, we will hold a raffle and pick four names at random. The grand prize winner will get a 3D Jenkins Butler model. Five others will get their pick of Jenkins swag (up to $20) from the Jenkins online store.
OTHER WAYS TO CELEBRATE

There are a number of other things planned and we want YOU to be involved. This blog post is the central place to come for all things related to the celebration.

  • Recording – Jenkins Governance Board Dean, Tyler, Andrew and I will get together this month and record some thoughts about the Jenkins project. We will share that recording with you from this page on February 26.
  • Twitter Badge For those of us on social media that want to proudly celebrate our community, we will have a special badge that you can use for your profile image on Twitter or any of the other social media forums. Feel free to use the badge as long as you want – but let’s get as many of us using it as possible between now and February 27.
  • Social Media Images
    • CloudBees is donating a series of images that we can all push out on social media (whatever platform(s) you use).
    • Pick your favorite(s) and push them out on Twitter, Facebook, G+
  • Certificate (available on this blog post soon) Download your very own “I am part of the Jenkins 100K” certificate. Print it out and proudly display it on the wall of your cube or office.
  • Visibility The Community will also issue a press release on February 26 announcing our milestone news.
  • Sign the “card” Consider this blog a Congratulations card to the entire community. Share your thoughts in a comment on this blog about anything Jenkins-related that you wish!

This is a big milestone for the Community and one you should be proud to be part of! Let’s make some noise…

Categories: Open Source

IntelliJ

Selenium - Sun, 02/08/2015 - 16:15

Every year, Jetbrains are kind enough to donate an OSS license for IntelliJ to the Selenium project. As part of that process, they’ve asked that we review the product and (kudos to them!) have been clear that they hope we’re open and honest. So, I’ll be open and honest.

When I tell people that I’m a professional Java developer, people in some circles make sympathetic noises and (sometimes) jokingly refer to how painful my coding life must be. After all, there are several far trendier and hipper languages, from Ruby, various flavours of Javascript, Python, Haskell, and even other languages running on the JVM such as Scala and Clojure. I tend to agree that Java is a relatively unexciting language as it’s generally practiced — Java 8 contains a wealth of goodies that lots of people won’t be using for years since they’ve still got to support Java 6(!) apps. Where I disagree with the detractors is that using Java is something to feel sorry for a developer for: Java on its own isn’t much fun, Java and IntelliJ is one of my favourite programming experiences.

I’ve been using Java since the (very) late 90s, and have been using IntelliJ off-and-on since 2003 or so. In the intervening just-over-a-decade, what started as a tool that crossed the Rubicon of “being able to do refactoring” has matured. It has literally changed the way I write code: I now use the “Introduce Variable” refactoring to avoid needing to do initial assignments of values to variables as a matter of course. Indeed, with IntelliJ, I frequently stop thinking about the programming language and start thinking about the structure of the solution. Its refactorings make exploring large scale changes easy and entirely reliable, and once the restructurings are complete, I can jump to symbols with ease.

Code exploration is aided by the simple and quick ways IntelliJ can find usages, and it’s simple to find unused code as method declarations get highlighted in a different shade to used ones. The integrated debugger is sufficiently capable that, coupled with unit tests, it’s normally pretty easy to figure out why some odd behaviour is happening. And, speaking of unit tests, the UI is clear and (I find) intuitive and easy to use.

And those users of fancy-pants languages such as Clojure, Ruby, Python and Javascript (and PHP) can get plugins that extend IntelliJ’s capabilities and insight into those languages. Although it’s been a long time since I’ve had to deal with Spring and JEE, when I do IJ has my back, grokking the config files. The maven and gradle integration appears to work too, though Selenium uses CrazyFun and is migrating to Buck, so I’ve seldom any need to

It’s not all wonder and joy. On large, multi-module codebases, IntelliJ seems to spend too long building caches. Activity Monitor on the Mac suggests it’s doing this in a single threaded manner, which is wasteful on a multicored machine. Switching away from IJ, doing something on the command line involving source control and then switching back is a sure-fire way to make it rebuild the caches, making it unresponsive. Extending IntelliJ by writing plugins is a black art — the documentation is scattered and appears out of date, making getting started on writing one hard.

Overall, though, I love IntelliJ. On the Selenium project, it’s the IDE of choice, and I’ve been incredibly productive in it. Thank you, Jetbrains, for a wonderful tool.


Categories: Open Source

C/C++/Objective-C: Dark past, bright future

Sonar - Thu, 02/05/2015 - 14:03

We’ve just released version 3.3 of the C/C++/Objective-C plugin, which features an increased scope and precision of analysis for C, as well as detection of real bugs such as null pointer dereferences and bugs related to types for C. These improvements were made possible by the addition of semantic analysis and symbolic execution, which is the analysis not of the structure of your code, but of what the code is actually doing.

Semantic analysis was part of the original goal set for the plugin about three years ago. Of course, the goal was broader than that: develop a static analyser for C++. The analyzer needed to continuously check your code’s conformance with your coding standards and practices, and more importantly detect bugs and vulnerabilities to help you to keep technical debt under control.

At the time, we didn’t think it would be hard, because many languages were already in our portfolio, including Java, COBOL, PL/SQL. Our best engineers, Freddy Mallet and Dinesh Bolkensteyn, were already working on C, the natural predecessor of C++. I joined them, and together we started work on C++. With the benefit of hindsight, I can say that we all were blind. Totally blind. We had no idea what a difficult and ambitious task we had set ourselves.

You see, a static analyzer is a program which is able to precisely understand what another program does. And, roughly speaking, a bug is detected when this understanding is different from what the developer really wanted to write. Huh! Already, the task is complex, but it’s doubly so for C++. Why is automatic analysis of C++ so complicated?

First of all, both C and C++ have the concept of preprocessing. For example consider this code:

struct command commands[] = { cmd(quit), cmd(help) };

One would think that there are two calls of the “cmd” function with the parameters “quit” and “help”. But that might not be the case if just before this line there’s a preprocessing directive:

#define cmd(name) { #name, name ## _command }

That directive completely changes meaning of the original code, literally turning it into

struct command commands[] = { { "quit", quit_command }, { "help", help_command } };

The existence of the preprocessor complicates many things on many different levels for an analysis. But most important is that the correct interpretation of preprocessing directives is crucial for the correctness and precision of an analysis. We rewrote our preprocessor implementation from scratch three times before we were satisfied with it. And it’s worth mentioning that on the market of static analysers (both commercial and open-source) you can easily find tools that don’t do preprocessing at all or do it only imprecisely.

Let’s move to the next difficulty. I’ve mentioned in the past that C and C++ are hard to parse. It’s time to talk a little bit about why. Roughly speaking, parsing is the process of recognizing language constructions – i.e. seeing what’s a statement, what’s an expression, and so on. Let’s take some example code and try to figure out what it is.

T * a

If this were Java code, the answer would be straightforward: most probably this is multiplication, and part of bigger expression. But the answer isn’t that simple in for C/C++. In general, the answer is “it depends…” This could indeed be an expression statement, if both “T” and “a” are variables:

int T, a;
T * a;

But it could also be the declaration of variable “a” with a type of pointer to “T”, if “T” is a type:

typedef int T;
T * a;

In other words, the context can completely change the meaning of code. This is called ambiguity.

Like natural languages, the grammars of programming languages can be ambiguous. While the C language has just a few ambiguous constructions, C++ has tons of them. And as you’ve seen, correct parsing is not possible without information about types. But getting that information is a difficulty in and of itself because it requires semantic analysis of language constructs before you can understand their types and relations. And that’s where it starts to be really complex. To parse we need semantic analysis, and to do semantic analysis we need to parse. Chicken and egg problem.

We had hit a wall, and when we looked around, we realized we weren’t alone. Many tools don’t even try to parse, get information about types or distinguish between ambiguous and unambiguous cases.

And then we found GLL, a relatively new theory about generalized parsing. It was first published in 2010, and there still aren’t any ready-to-use, publicly-available implementations for Java. Implementing a GLL parser wasn’t easy, and took us quite a while, but the ROI was high. This parser is able to preserve information about encountered ambiguities without their actual resolution. That allows us to do precise analysis of at least the unambiguous constructions without producing false-positives on ambiguous constructions.

The GLL parser was a win-win, and game changer! After 2 years of development from the first commit (which was approximately a year ago) we released precise preprocessing and parsing in version 2.0 of the C++ Plugin.

With the original goal well on the way to being met, we started to dream again, raised our expectations even higher, and were ready to welcome new developers. Today, I still work on the plugin, but it’s maintained primarily by Massimo Paladin and Samuel Mercier. They solved the analysis configuration problem, added support of Objective-C and Microsoft Component Extensions to the plugin.

Our next goal is to apply Semantic Analysis and Symbolic Execution on Objective-C and of course after that on C++, and to use them to cover more MISRA rules. So this is probably not the end of the story about difficulties in development of static analyser for C/C++/Objective-C – who knows what else will be encountered on the way. But now we are not blind as it was before, now we know that this is difficult. However based on past, I can say that we in SonarSource are unstoppable and even most incredible dreams come true! So keep dreaming! And just never ever give up!

Categories: Open Source

Test Framework Feature Comparisons – What If We Cooperated?

NUnit.org - Sun, 04/07/2013 - 03:14

Software projects often publish comparisons with other projects, with which they compete. These comparisons typically have a few characteristics in common:

  • They aim at highlighting reasons why one project is superior – that is, they are marketing material.
  • While they may be accurate when initially published, competitor information is rarely updated.
  • Pure factual information is mixed with opinion, sometimes in a way that doesn’t make clear which is which.
  • Competitors don’t get much say in what is said about their projects.
  • Users can’t be sure how much to trust such comparisons.

Of course, we’re used to it. We no longer expect the pure, unvarnished truth from software companies – no more than from drug companies, insurance companies, car salesmen or government agencies. We’re cynical.

But one might at least hope that open source projects might do better. It’s in all our interests, and in our users’ interests, to have accurate, up-to-date, unbiased feature comparisons.

So, what would such a comparison look like?

  • It should have accurate, up-to-date information about each project.
  • That information should be purely factual, to the extent possible. Where necessary, opinions can be expressed only if clearly identified as opinion by it’s content and placement.
  • Developers from each project should be responsible for updating their own features.
  • Developers from each project should be accountable for any misstatements that slip in.

I think this can work because most of us in the open source world are committed to… openness. We generally value accuracy and we try to separate fact from opinion. Of course, it’s always easy to confuse one’s own strongly held beliefs with fact, but in most groups where I participate, I see such situations dealt with quite easily and with civility. Open source folks are, in fact, generally quite civil.

So, to carry this out, I’m announcing the .NET Test Framework Feature Comparison project – ideas for better names and an acronym are welcome. I’ll provide at least a temporary home for it and set up an initial format for discussion. We’ll start with MbUnit and NUnit, but I’d like to add other frameworks to the mix as soon as volunteers are available. If you are part of a .NET test framework project and want to participate, please drop me a line.

Categories: Open Source

Software Testing Latest Training Courses for 2012

The Cohen Blog — PushToTest - Mon, 02/20/2012 - 05:34
Free Workshops, Webinars, Screencasts on Open Source Testing Need to learn Selenium, soapUI or any of a dozen other Open Source Test (OST) tools? Join us for a free Webinar Workshop on OST. We just updated the calendar to include the following Workshops:
And If you are not available for the above Workshops, try watching a screencast recording.

Watch The Screencast

Categories: Companies, Open Source

Selenium Tutorial For Beginners

The Cohen Blog — PushToTest - Thu, 02/02/2012 - 08:45
Selenium Tutorial for Beginners Selenium is an open source technology for automating browser-based applications. Selenium is easy to get started with for simple functional testing of a Web application. I can usually take a beginner with some light testing experience and teach them Selenium in a 2 day course. A few years ago I wrote a fast and easy tutorial Building Selenium Tests For Web Applications tutorial for beginners.

Read the Selenium Tutorial For Beginners Tutorial

The Selenium Tutorial for Beginners has the following chapters:
  • Selenium Tutorial 1: Write Your First Functional Selenium Test
  • Selenium Tutorial 2: Write Your First Functional Selenium Test of an Ajax application
  • Selenium Tutorial 3: Choosing between Selenium 1 and Selenium 2
  • Selenium Tutorial 4: Install and Configure Selenium RC, Grid
  • Selenium Tutorial 5: Use Record/Playback Tools Instead of Writing Test Code
  • Selenium Tutorial 6: Repurpose Selenium Tests To Be Load and Performance Tests
  • Selenium Tutorial 7: Repurpose Selenium Tests To Be Production Service Monitors
  • Selenium Tutorial 8: Analyze the Selenium Test Logged Results To Identify Functional Issues and Performance Bottlenecks
  • Selenium Tutorial 9: Debugging Selenium Tests
  • Selenium Tutorial 10: Testing Flex/Flash Applications Using Selenium
  • Selenium Tutorial 11: Using Selenium In Agile Software Development Methodology
  • Selenium Tutorial 12: Run Selenium tests from HP Quality Center, HP Test Director, Hudson, Jenkins, Bamboo
  • Selenium Tutorial 13: Alternative To Selenium
A community of supporting open source projects - including my own PushToTest TestMaker - enables you to apply your Selenium tests as functional tests for smoke testing, regression testing, and integration tests, load and performance tests, and production service monitors. These techniques and tools make it easy to run Selenium tests from test management platforms, including HP Quality Center, HP Test Director, Zephyr, TestLink, QMetry, from automated Continuous Integration (CI) tests, including Hudson, Jenkins, Cruise Control, and Bamboo.

I wrote a Selenium tutorial for beginners to make it easy to get started and take advantage of the advanced topics. Download TestMaker Community to get the Selenium tutorial for beginners and immediately build and run your first Selenium tests. It is entirely open source and free!

Read the Selenium Tutorial For Beginners Tutorial

Categories: Companies, Open Source

5 Services To Improve SOA Software Development Life Cycle

The Cohen Blog — PushToTest - Fri, 01/27/2012 - 00:25
SOA Testing with Open Source Test Tools PushToTest helps organizations with large scale Service Oriented Architecture (SOA) applications achieve high performance and functional service delivery. But, it does not happen at the end of SOA application development. Success with SOA at Best Buy requires an Agile approach to software development and testing, on-site coaching, test management, and great SOA oriented test tools.

Distributing the work of performance testing through an Agile epoc, story, and sprints reduces the testing effort overall and informs the organization's business managers on the service's performance. The biggest problem I see is keeping the testing transparent so that anyone - tester, developer, IT Ops, business manager, architect - follows a requirement down to the actual test results.

With the right tools, methodology, and coaching an organization gets the following:
  • Process identification and re-engineering for Test Driven Development (TDD)
  • Installation and configuration of a best-in-class SOA Test Orchestration Platform to enable rapid test development of re-usable test assets for functional testing, load and performance testing and production monitoring
  • Integration with the organization's systems, including test management (for example, Rally and HP QC) and service asset management (for example, HP Systinet)
  • Construction of the organization's end-to-end tests with a team of PushToTest Global Professional Services, using this system and training of the existing organization's testers, Subject Matter Experts, and Developers to build and operate tests
  • On-going technical support
Download the Free SOA Performance Kit On-Site Coaching Leads To Certification
The key to high quality and reliable SOA service delivery is to practice an always-on management style. That requires on-site coaching. In a typical organization the coaches accomplish the following:
  • Test architects and test developers work with the existing Testing Team members. They bring expert knowledge of the test tools. Most important is their knowledge of how to go from concept to test coding/scripting
  • Technical coaching on test automation to ensure that team members follow defined management processes
Cumulatively this effort is referred to as "Certification". When the development team produces quality product as demonstrated by simple functional tests, then the partner QA teams take these projects and employ "best practice" test automation techniques. The resulting automated tests integrate with the requirements system (for example, Rally), the continuous integration system, and the governance systems (for example, HP Systinet.)
Agile, Test Management, and Roles in SOA
Agile software development process normally focuses first on functional testing - smoke tests, regression test, and integration tests. Agile applied to SOA service development deliverables support the overall vision and business model for the new software. At a minimum we should expect:
  1. Product Owner defines User Stories
  2. Test Developer defines Test Cases
  3. Product team translates Test Cases into soapUI, TestMaker Designer, and Java project implementations
  4. Test Developer wraps test cases into Test Scenarios and creates an easily accessible test record associated to the test management service
  5. Any team member follows a User Story down into associated tests. From there they can view past results or execute tests again.
  6. As tests execute the test management system creates "Test Execution Records" showing the test results
Learn how PushToTest improves your SOA software development life cycle. Click here to learn how.


Download the Free SOA Performance Kit

Categories: Companies, Open Source