Domain: compuware.com
Stories and comments across the archive that link to compuware.com.
Comments · 25
-
Some automatic bug findingI figured I should chip in, since I'm a Dev that works in QA.
Somebody please explain to me exactly what kind of software bug can be found by automatic scanning that isn't found by standard debugging and compile-time checks. If a computer can ascertain exactly what the programmer intended to do, why do we need programmers?
Well first of all, you have to assume that all programmers even do the "standard debugging and compile-time checks". Even then, those checks are often hardly comprehensive. You can build some scanners that will catch rudimentary bugs that SHOULD have been caught, but were not. For example, assign things to null, test boundary conditions, etc. These are all things that should be part of a standard unit test that's delivered along with the code.
Also, things like memory leaks can be difficult to pinpoint. That's where tools like BoundsChecker are nifty.Considering that most software bugs are logic bugs (off by one, etc) that can't be directly seen in the code without actually, you know, RUNNING the program, I find it difficult to believe that AI has come to the point where it can guess the coder's intentions and infer the purpose of an application.
No one is saying that a program or "AI" (as you call it) can find all bugs. But it can certainly be used to find some rather simple ones. Overall, though, I agree that you can't depend on running programs to catch bugs. You've got to have a solid QA department, which will use all the right tools to get the job done and try to maintain quality to the highest degree.
I'm not saying that OSS can't do this at all. I certainly think it can be done, but it does take more process and structure. Not having worked on any OSS projects myself, I imagine the largest, most important code-bases have a lot of this in place to drive quality. But your smaller or even mid-size OSS projects may be lacking in that department (much in the same way smaller and mid-size dev houses lack a decent QA department). -
For us...
We use DevPartner which seems to work pretty well for me. It's fairly neat the way it works. Although it does seem to identify some things as memory leaks that probably aren't actually leaks (ResultSets, IBM MQ Series objects, etc), if you limit the check to your own packages, a lot of your in-house errors will stand out right way and it will ignore the (assumed) false spots. Give it a try.
-
Re:This is VERY GOOD news
I mean it has been analysed and designed, and documented, and modelled, and designed again until no stone is left unturned, and BAM! suddenly we are implmenting software? Am I the only guy who thinks this is too good to be true? Nowhere in the Rational Unified Process can I find any diagram, reference to, or project plan, about the "Build" or "Code" stage.
Wrong product. You want Compuware's OptimalJ. -
Windows Dev Setup
Visual Studio
- Whole Tomato Visual Assist (Intellisense done right) http://www.wholetomato.com/
- Compuware DevPartner (Serious Error Detection + Code Coverage) http://www.compuware.com/products/devpartner/defau lt.htm
Dual LCDs & Dual DVI Video Card
(Once you start developing on multiple monitors, you can't go back)
Kinesis Advantage Pro Keyboard + FootPad
(No one ever tries to borrow my computer since they can't type on my keyboard)
http://www.kinesis-ergo.com/advantage_pro.htm
Stardom-2600 Hardware RAID
(Fits into two 5 1/4" Slots, looks like a standard HD to the OS. Highly Recommended)
http://www.stardom.com.tw/web/index_e.htm
Quiet Homebuilt Devbox
- Lots of Memory
- Only one fan
Leap Chair from Steelcase
Big Ass Desk + Big Ass Bookshelf from IKEA
View of the Seattle Skyline (Take breaks and stare at something far away)
Honest Tea (Assam Black is my favorite)
I do contracting, so I pay for my own equipment. It ends up costing $$$, but I do get to choose exactly what I want. -
s/GPL/BSD/
Reducing the license count is good, but put those apps under the BSD license instead. That way folks can use your program without their hands being tied. They can even make a product out of it, make some money, and feed changes/improvements back into the program. I've had folks send in contributions to PMD and say that if it was GPL'd they wouldn't be contributing their code.
And the fact that Compuware wraps PMD and calls it OptimalAdvisor? More power to them! Maybe they'll contribute a bug fix or two, and maybe I'll sell a couple more copies of the book. A rising tide, as it were... -
Re:WINE is not just for "basic apps."
That is very true, however its a truth about WINE, not necessarily about Cedega. WINE is also very useful for its debugger, which is an extremely good reverse engineering tool along the lines of SoftICE. As well as winelib, which is a library that you can use to assist you in porting Windows code to Unix. I've used both, and had great success with them. Cedega on the other hand is a toy strictly for playing games. And WINE isn't limited to 16 bit applications.
-
It doesn't work with SoftIce installed ...
Although I must agree that Skype is one of the best applications for PC-based VoIP communications currently, I felt really disappointed the last time I tried to use it in my home PC and it wouldn't load due to SoftIce (http://www.compuware.com/products/driverstudio/s
o ftice.htm) being installed on the same PC. The weirdest fact is that SoftIce wasn't even really running (perhaps it searches my filesystem for that). This paranoia makes no sense to me. I wonder what Skype have to hide inside ... -
Tools
I have used a few tools, and like anything else it comes down to your proficiency with the language.
WinRunner http://www.mercury.com/ = Gotta know C++, and you better not be looking at modern tech (.net, java, etc...) plus requires add ins
Quick Test Pro http://www.mercury.com/ = Expensive but deals with modern tech if you but the extention and know VB needs add ins
OpenSource = OK for light stuff
Rational http://www.rational.com/ = Very confusing
SmarteScript http://www.accordsqa.com/ = easy to use, but doesnt require programming experience, new to market, no need for add ins
compuware http://www.compuware.com/ = have to hire them as consultants
just a few views. -
One example of Canadian "offshoring"
Here's a great example of a company that's doing some "offshoring" work in Canada and actively marketing it as a better alternative than Indian offshoring.
-
Some people ARE really clueless
Obviously adding any black-box code to a system with open source won't accomplish anything. I remeber hacking the OptimalJ by Compuware. It is a big application written in Java (so you can assume it to be Open Source - for instance use this), but it had some black-box module that has checked licenses and operating system. We were at the time OptimalJ licensee (so NO unlawful activity when copyright is considered) but wanted to run OptimalJ on FreeBSD (was 2xfaster than on Linux and 4xfaster than on Windows). Point was that this black-box module checked the operating system and made impossible for the program to start if it was not linux or windows. So we simply did circumvent the whole black-box module.
In my personal opinion if you want such regulations to have any effect both OpenSource and posession, use and selling of compilers/decompilers should be controlled by the state the same way as heavy arms/munitions. In particular it should be banned to own/use/sell/produce compilation tools, exept in the case you are a professional company having obtained a suitable license. -
Ida Pro 4.6, SoftICE, gdb and more...IDA Pro, the Interactive disassembler from datarescue is not only
the best disassembler but also a great debugger, it can
graph function flows, display pentium microcode, supports
nearly every processors on the market (including your car's
CPU.) Works nice with linux ELF binaries, etc... It is used by most antivirus researchers, crackers (who remove software protections), reverse engineers, hackers (who write exploits), etc. It runs perfect under wine without tweaking. Grab the
demo and give it a go.
Also under windows, SoftICE, is also an excellent debugger which lets you assemble in place and do many other neat things.
Under linux, people have been trying to make SoftICE look-a-like debugger, such as LinICE, etc. and gdb is quite a powerful tool and is scriptable.
-
It's everywhereThis happened to many of us at Compuware.
In order to "keep the company business", (and for Compuware to make sure they keep their margin), we were instructed to NOT bill more than 8h a day, despite the fact that clients would have us work overtime and more.
Apparently, the only difference here is that managers don't even hide that fact. I am not sure how more or less illegal does that makes it
-
Do you bet part of your quality of life on Java?
Remember Pascal? At one time, Pascal was the major development language. Pascal was taught at all the universities. But, an amazing thing happened. In a period of about 4 years, Pascal died. Hundreds of thousands of people had spent millions of hours learning the particular quirks of Pascal and of Pascal compilers. All of that time was lost.
If you have never lived through the loss of a major direction in your life, you may not even realize it can happen. The people saying I'm a troll in this thread probably haven't seen technology die.
Remember Powerbuilder? At one time there were about 1.5 million active Powerbuilder programmers.
No really, is Java dying? Now, I'm seeing, or think I'm seeing, the same thing with Java. The expected energy and support and standards have not appeared. Or have they? If I'm wrong, prove me wrong; I would like Java to be a success, that would simplify my choices. We bet part of our lives on our choices of specialization.
What frightens me is that there is so little support for GUIs in Java. When programmers don't work to improve their tools, they are consciously or unconsciously deciding that the technology does not warrant improvement.
I've seen Java programs that are unacceptably slow.
Sun mismanagement of Java makes people look elsewhere. The world is beginning to realize more fully that proprietary means, "I'm a dog on a leash; I'll bark whenever you yank my chain; please abuse me."
When you use Java, or any language in a way that is not fully compiled to native instructions, you give away your source code. Sure, what you give away is without comments or variable names, but nevertheless you may give away important routines. That's fine if you intend to make a gift of your work to the world; you should have the option not to do so. There has been surprisingly little work on full Java compilers; until Java has acceptable compilers, it hasn't proven itself. Is GCJ mature?
Visual Basic and Perl are written in C. Should it bother me about other languages that they are written in C or C++? Why not eliminate the middleman? Can an acceptable result for application development be achieved using something like Boundschecker and avoiding pointers and using automatic garbage collection where appropriate?
Slashdot has a moderation problem. You can't comment on and moderate the same story. So, moderators by definition moderate stories that don't interest them much.
Bet wrong and go back to being a novice. As I write this, the parent post has been moderated Flamebait=1, Insightful=1, Overrated=1, Total=3. The question is a real and important one, not a troll. When you pick a technology, you lose part of your quality of life if you are wrong; you go back to being a novice at something else.
If you know better, educate me. If I'm wrong, and you know better, educate me. That's the entire purpose of Ask Slashdot. -
IE's PNG Deflate Heap Corruption Vulnerability
*ahem*
Internet Explorer's Recently Discovered PNG Deflate Heap Corruption Vulnerability
Twas the night before Christmas, and deep in IE
A creature was stirring, a vulnerability
MS02-066 was posted on the website with care
In hopes that Team eEye would not see it there
But the engineers weren't nestled all snug in their beds,
No, PNG images danced in their heads
And Riley at his computer, with Drew's and my backing
Had just settled down for a little PNG cracking
When rendering an image, we saw IE shatter
And with just a glance we knew what was the matter
Away into SoftICE we flew in a flash
Tore open the core dumps, and threw RFC 1951 in the trash
The bug in the thick of the poorly-written code
Caused an AV exception when the image tried to load
Then what in our wondering eyes should we see
But our data overwriting all of heap memory
With heap management structures all hijacked so quick
We knew in a moment we could exploit this $#!%
More rapid than eagles our malicious pic came --
The hardest part of this exploit was choosing its name
Derek Soeder
Software Engineer
eEye Digital Security
Link to source -
Some useful RE links...
Those wishing to learn more about Reverse Engineering software may find the following pages useful:
Fravia's pages - A huge, sprawling resource of RE information. Chances are, any info you need is in here somewhere. It's just a matter of finding it...
The Art of Assembly and other essential ASM programming links. If you want to learn RE, sooner or later you're going to have to learn assembly. Get to it.
Mammon's Tales to his Grandson and other useful RE classics by a G.O.M. of the genre. Oh, and an older mirror, possibly with extra/different stuff on it.
Google's directory listing for Disassemblers, which you'll be wanting at least one of...
...and the listing for Testing tools, which may come in handy.
Finally, Compuware's SoftIce page - SoftIce being the single most popular RE tool for Win32 software... Not that you're likely to be paying for it, you warez monkey, you.
Have fun, kids, and release Open Source.
(Posting Anon because I don't need the Karma or the implication of knowledge =)... -
Re:Balmer's "Developers" is bullshit
This post to me is the classic "open-source is better than Windows because <blank>", where half the time, the poster hasn't completely investigated all of the claims he/she makes. I may be called a troll, but I've done development on both Linux and Windows (predominantly Windows), but I'd like to clear up some of the "comparisons" made by the poster.
COMPILERS:
MS:
Killed most compilers for their platform (except the oddball ones) by squashing them with their own. Visual C++ generates pretty tight code, but you're just screwed if you run into a bug with it. Oh, and it costs lots of money. Most compilers commercial. Mingw/cygwin exists but not supported well (MSDN support bitterly hates both).True, Microsoft has pretty much killed the competition, although your claim that it "costs a lot of money" is a little off centre. You can download the
.NET Framework, which includes everything you need to build Win32 applications (everything but the IDE) for free off of MSDN. If you decide to splurge, you can buy Visual C++ Standard for the massive sum of $89.99.DEBUGGERS/DIAGNOSTICS:
MS:
Um...ntinternals put out regmon and filemon. Apparently MS puts out WinDBG for free, though I haven't used it and apparently it isn't too popular. No free high level debuggers. Few diagnostic programs for already compiled code.Again, spoken like someone who barely has any actual experience in the realm. WinDBG is an extremely powerful kernel/user mode debugger, and in my experience works just as well as anything else on the Win32 platform for debugging user mode code. The Visual Studio integrated debugger is also great. As far as diagnostic programs, there are quite a few, such as NuMega DevPartner Studio, or Rational's DevelopmentStudio. Windows NT-based operating systems also ship with Performance Monitor which is an often unused tool which allows you to monitor many application specific diagnostics. For disassembly, there's IDA, which is without a doubt the ultimate disassembler for Windows.
DEVELOPER SUPPORT:
MS:
Guess at what's going on underneath the covers, most of the time. No source to look at. Some newsgroups, mostly for higher level problems. Can purchase extremely expensive (though usually effective) MSDN incidents.There are many Windows developer sites, namely sites like CodeProject, CodeGuru, and let's not forget: MSDN. MSDN has thousands of articles, and full API documentation. You can also read back-issues of MSDN Magazine. Provided you can't find your answers on the aforementioned sites, there's always Google Groups
... which in the past has had the answer to nearly every Win32-related question I've ever had. So you can see that saying developer support for Microsoft platforms is weak is quite an understatement.SAMPLE CODE:
Many many source examples listed on the sites above
...APIS:
Windows:
The most godawful APIs in the world. Win32 is so full of cruft, poor conventions, inconsistent conventions, and unnecessarily complicated *crap* that it's amazing. Most advanced MFC programmers end up having to interact with Win32 as well to do certain things that MFC can't do. Has some great snippits on MSDN, along the lines of "Do not use this argument, as it represents a security risk and has been obsoleted. Some developers may wish to use this argument for backwards compatibility with Microsoft CSPs."By the tone of this paragraph, I take it that the main area of exposure the developer has had to Microsoft APIs is with the CryptoAPI, which IMO is one of the worst APIs Microsoft has ever released. One of the advantages of having a sole API provider is that there is a uniformity across all areas of the system, so that if I need to figure out how to use a new API set, it always looks familiar.
MFC programmers need to interact with the API at some point. If you think that MFC will protect you from the API, then you are sorely mistaken. Many Windows programmers jump into development by learning MFC, without learning how API works underneath, and subsequently end up writing shit applications. I personally would not touch MFC with a 10-foot pole (try WTL instead).
Ultimately, I prefer development for the Windows platform, but only because it was what I was trained on. I do realize that Linux has excellent development tools. What I hate to see is Linux zealots bashing Microsoft without actually knowing anything or having a lot of experience with the Microsoft Platform.
scott -
I'll probably be accused of trolling but...COMPILER:
MS:
Mingw/cygwin exists but not supported well (MSDN support bitterly hates both). And icc and many of the free tools you mention for Linux are also available on Windows.
Maybe true, but MinGW works quite well. MAME is compiled with MinGW. And it works just as well as GCC does on Linux.
DEBUGGERS/DIAGNOSTICS:
MS: Um...ntinternals put out regmon and filemon. Apparently MS puts out WinDBG for free, though I haven't used it and apparently it isn't too popular. No free high level debuggers. Few diagnostic programs for already compiled code
Ummm... ever hear about Purfy and BoundsChecker? Also GDB works on Windows just fine?
GENERAL DEVELOPER COMPETENCE:MS: Many, many Visual Basic coders. MS dug its own grave with Visual Basic. Very low barrier to entry, very difficult to scale above a certain height
Very true, but how else are you going to get someone with a philosophy degree to program? The same fool would be out of his element on Linux.
APIS:Linux: Some UNIX cruft. Usually, APIs are pretty clean. Emphasis is on keeping things clean for the many developers -- if something is unclear in gtk1, fix it in gtk2.
No guarantee of binary compatibility between versions of GTK?
I could go on, but the point is that any MS claims of being ahead on making life good for developers are absolutely ludicrous. The *worst* thing about Windows, easily, is doing development for it.
For the record, I am not a MSFT schill, but they do have some things going for them and Linux is not perfect. It is important to recognize that they do have some advantages over us. Resorting to distorted "fact" sheets like this is just as bad as MSFT. -
A GNU Clone of Uniface
from Compuware would be interesting:
Uniface
-
Re:Why does everybody pick on developers
Writing software is not difficult. Writing high-quality software _is_ difficult and requires experienced craftsmen (infer journalistic gender-neutrality, please).
So how then, can you get high-quality software quickly? Two ways:
- Hire experienced experts. Experienced experts produce high-quality work quickly. They write code generators to do tedious work for them. They classify problems and hunt down and implement reusable solutions. Keep giving them raises and interesting problems. Granted, defects in the software will be of the extremely intractable variety (very subtle design flaws or bad/wrong requirements)
- Reuse experienced expert knowledge and technique in the form of pattern-driven code generating tools. Hire journeyman developers to adapt the code the tool burps out and get on with life. Keep an expert or two around to extend or correct the patterns the tool uses for generation. You'll get applications that are far less pretty than the hand-crafted variety. On the other hand, the defects are known and predicatable. Tools (apologies for the shameles plug) for this sort of development are just now becoming available and practical. Granted, when handed a powerful implement fools often find a way to hurt themselves (thus instantiating the 8th corollary to Murphy's Law).
Either method has drawbacks. #1 produces the best software, #2 produces the cheapest software. #1 makes the "Agile" crowd happy while #2 is the sermon of "Software Engineers."
Why single-out developers for defective code? Because developers write defective code. No, all developers aren't clods with text editors. Developers who do write buggy code may even care about their craft (Pragmatic Programmer tip #1). But developers themselves are to blame for the defects in their work, even though outside factors contribute to problems. We must take responsibilty for our bugs, move on and fix them. Then find new ways of working that make it more difficult for software defects to make it into production evironments.
We cannot fix imperfect programmers. We can only mitigate the effects of their imperfection through mentoring, certification, education, and proper management. In other words, treat software development as a craft, a talent to be polished and perfected.
Writing software well means communicating well with a computer. Artful written communication is very difficult to reduce to an engineering discipline, yet the skill can be taught and practiced.
-
Re:Can't compete? Sue!
Your comment works sometimes but you are wrong with this issue. Compuware is sueing IBM based on allegations that IBM could not compete and therefore cheated and copied intellectual property to improve their own product. IBM went on and increased their market share by bundling their applications (some of which contain allegedly copied code) and professional services with their hardware and software.
Compuware may not be the bohemoth of Big Blue but they ARE the leader in mainframe programming tools for Big Blue. The lawsuit has surfaced because they don't want to become the next Netscape; being forced to lose market share due to a monopoly similar to the browser wars.
More information can be seen about the case at the following links:
MSNBC
Story on Compuware's site
Actual Legal Complaint [PDF]
Complaint summary [PDF] -
Re:Can't compete? Sue!
Your comment works sometimes but you are wrong with this issue. Compuware is sueing IBM based on allegations that IBM could not compete and therefore cheated and copied intellectual property to improve their own product. IBM went on and increased their market share by bundling their applications (some of which contain allegedly copied code) and professional services with their hardware and software.
Compuware may not be the bohemoth of Big Blue but they ARE the leader in mainframe programming tools for Big Blue. The lawsuit has surfaced because they don't want to become the next Netscape; being forced to lose market share due to a monopoly similar to the browser wars.
More information can be seen about the case at the following links:
MSNBC
Story on Compuware's site
Actual Legal Complaint [PDF]
Complaint summary [PDF] -
Re:Can't compete? Sue!
Your comment works sometimes but you are wrong with this issue. Compuware is sueing IBM based on allegations that IBM could not compete and therefore cheated and copied intellectual property to improve their own product. IBM went on and increased their market share by bundling their applications (some of which contain allegedly copied code) and professional services with their hardware and software.
Compuware may not be the bohemoth of Big Blue but they ARE the leader in mainframe programming tools for Big Blue. The lawsuit has surfaced because they don't want to become the next Netscape; being forced to lose market share due to a monopoly similar to the browser wars.
More information can be seen about the case at the following links:
MSNBC
Story on Compuware's site
Actual Legal Complaint [PDF]
Complaint summary [PDF] -
Re:Let's look at this the other way....For years IBM stayed well out of the mainframe database tools market...
Of course, of the actual products named in the suit, IBM's File Manager and Fault Analyzer (which compete with File-AID and Adend-AID from Compuware), only File Manager actually has anything to do with DB2. It is a tool for accessing and manipulating IMS and DB2 databases.
Fault Analyzer supports "ABENDS" (sort of like seg faults and such) from DB2, but also from other applications on the system. There's a lot more than just DB2 involved.
Also, no one's commenting about one of the other allegations in the suit, the sudden reluctance of IBM to give out pre-release software and data to allow third parties to develop for their platforms.
Yes, I work for Compuware, but in their PC tools division. (And Compuware isn't evil... I've personally made sure the products that I work on support Linux, and it's a target for all the other applications where it makes sense.)
-
Re:Start with...
I understand what you mean about most code generators. All of them require you to accept what the designers decided, or code it yourself. I think this will change, though, as a greater understanding of the UML, and more importantly, patterns, comes to the industry.
One of the three amigos (Jacobson, I think) gave a speech describing what he called "UML all the way down." Basically, he meant that most (if not all) coding would be done at the UML level. I see a handful of tools moving in that direction already. Rose is one, Together is another, although OptimalJ (shameless plug on my part, I'm employed by Compuware) is the only one I've seen that generates a complete J2EE application from a diagram (deployment descriptors, JSP UI and all).
I'm also with you on the coding becoming the easy part of the process. I've found it to be a challenge explaining to management why we spend so much time in analysis and design. I have to say, though, that it's gotten easier now that we've been through the process a few times, and produced good software and happy users, on time.
In previous cycles, we've tended to do what diagramming needed to be done; just enough to communicate the design idea to the entire team. From there we went on to contract specification in comment headers, then to code. This has been very effective, as the end result of the design phase is to have the programmers just itching to fill out those signatures and contracts with implementations. The diagrams got us to the point of understanding the final solution well enough to visualize it in our mind. The other upside was that the bulk of the non-pictorial documentation lives with the code.
The only reason we haven't used code generation so far, is that we've not been working in a language supported by Rose, and OptimalJ has just come on the scene (we intend to use it internally).
All of that said, there will always be the Steve Gibson's of the world who eschew abstraction and write tight, small, effective assembler... for one platform... and only they can maintain it...
Anyway, happy coding.
-
No Success
I am going to be a junior in high school, turning 17 in august, and have applied to numerous companies, and alas, with no success whatsoever.
Some of the companies i have applied to included General Electric, NuEdge Systems where they wanted me to overhaul their web page, and i was really really close to getting the job, but the same excuse seems to come up alot.
"I'm sorry, but we're not ready to start this project yet"
And i've heard this excuse from at least 3 companies. Another example includes a company called Exacta Corp., where they saw my resume on monster.com and they were very interested, but again, the excuse came...
"I'm sorry, but we still haven't opened up our internship program yet. We will give you a call in a few months."
Well, its been 4 months, and not a single phone call.
Another company that i was applying to, ironically the company my father worked for, Compuware, but that didn't work out due to some messed up reasons.
Well that's enough out of me. Just giving you some feedback on what my experience with job searching has been as a soon to be junior in High School
--Unborracho