• To InformationWeek re: static code analysis

    *Sent to editor of DrDobbs/InformationWeek* I enjoy Sid Sidner's [article on static code analysis tools](http://www.drdobbs.com/tools/224600102), but was surprised to see two big omissions, especially as they may provide a low-cost point of entry to the organization just starting to look at static analysis. First, [PC-Lint](http://www.gimpel.com/) is a relatively low-cost tool that does a fine job of C/C++ analysis. It's been around for years, and has found many C bugs in my code back in the early 90s. I've also been using the open source [Splint](http://splint.org/), for years on the [Perl 5](http://www.perl.org/) and [Parrot](http://parrot.org/) open source projects. Although Splint's not nearly as complete a package as Coverity's Scan product (Coverity runs Scan on dozens of open source projects for free as a service to the community), it's a great introduction to the power of static code analysis tools. I also suggest readers check the ["List of tools for static code analysis" page](http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis) on Wikipedia. Second, one crucial point missed is how any tool is going to require tuning. Splint will generate hundreds of errors in each source file on its first run on your code, since nobody in the real world is as pedantic as the tool is. Each organization will have to decide which policies are worth following, and which are just noise. Finally, static code analysis isn't strictly for C++ and Java. Many dynamic languages have similar tools. For example, [Perl::Critic](http://perlcritic.com) is a fantastic tool for analysis of Perl code, as well as an extensible framework that lets each organization create custom policies to fit its own development practices.
  • Perl 5.12 released; Perl 5 under new release process

    By Jesse Vincent, thanks to Eric Brine and Shlomi Fish for the markup. Please note the section about the new time-based release process below.

    'Please would you tell me,' said Alice, a little timidly, for she was not quite sure whether it was good manners for her to speak first, 'why your cat grins like that?'

    'It's a Cheshire cat,' said the Duchess, 'and that's why. Pig!'

    She said the last word with such sudden violence that Alice quite jumped; but she saw in another moment that it was addressed to the baby, and not to her, so she took courage, and went on again:--

    'I didn't know that Cheshire cats always grinned; in fact, I didn't know that cats COULD grin.'

    'They all can,' said the Duchess; 'and most of 'em do.'

    -- Lewis Carroll, Alice's Adventures in Wonderland

    On behalf of Perl's development team, It gives me great pleasure to announce the release of Perl 5.12.0.

    Perl 5.12.0 represents approximately two years of development since version 5.10.0 and contains over 750,000 lines of changes across over 3,000 files from over 200 authors and committers.

    SHA-1 signatures for this release:

    f533687077e2da113b48a6c5e578f4a206fbf173  perl-5.12.0.tar.bz2
    5341e60d099fdda71bc33b2a36e417fc0926518f  perl-5.12.0.tar.gz
    

    You can download this release from your nearest CPAN mirror or from:

    http://search.cpan.org/dist/perl-5.12.0/

    This release cycle marks a change to a time-based release process. Beginning with version 5.11.0, we make a new development release of Perl available on the 20th of each month. Each spring, we will release a new stable version of Perl. One month later, we will make a minor update to deal with any issues discovered after the initial ".0" release. Future releases in the stable series will follow quarterly. In contrast to releases of Perl, maintenance releases will contain fixes for issues discovered after the .0 release, but will not include new features or behavior.

    Notable changes in Perl 5.12 include:

    • Perl now conforms much more closely to the Unicode standard. Additionally, this release includes an upgrade to version 5.2 of the standard.

    • New experimental APIs allow developers to extend Perl with "pluggable" keywords and syntax.

    • Perl now has a better sense of time and will be able to keep accurate time well past the "Y2038" barrier.

    • New syntax allows developers to specify package version numbers directly in "package" statements

    • Perl now warns the user about the use of deprecated features by default.

    Perl 5.12.0 features numerous new features, optimizations and bugfixes. You can find a complete list of these changes on the web at:

    http://search.cpan.org/~jesse/perl-5.12.0/pod/perl5120delta.pod"> http://search.cpan.org/~jesse/perl-5.12.0/pod/perl5120delta.pod

    As specified in the licenses for Perl (see the files named Artistic or Copying in the Perl distribution), THIS PACKAGE IS PROVIDED WITH ABSOLUTELY NO WARRANTY.

    Based on extensive testing over the past 3 months, we believe that Perl 5.12.0 is ready for production deployments. However, you should never blindly trust any software vendor. It is imperative that you test new software before deploying it in production.

    While we have worked tirelessly to ensure that Perl 5.12.0 will be a solid platform for your software, it's possible that issues will be found after release day. You can find a current list of known issues with Perl 5.12.0 at http://dev.perl.org/perl5/errata.html

    Perl continues to flourish into its third decade thanks to a vibrant community of users and developers. The following people are known to have contributed the improvements that became Perl 5.12.0:

    Aaron Crane, Abe Timmerman, Abhijit Menon-Sen, Abigail, Adam Russell, Adriano Ferreira, Ævar Arnfjörð Bjarmason, Alan Grover, Alexandr Ciornii, Alex Davies, Alex Vandiver, Andreas Koenig, Andrei Yelistratov, Andrew Rodland, Andy Armstrong, Andy Dougherty, Jose Auguste-Etienne, Benjamin Smith, Ben Morrow, bharanee rathna, Bo Borgerson, Bo Lindbergh, Brad Gilbert, Bram, Brendan O'Dea, brian d foy, Charles Bailey, Chip Salzenberg, Chris 'BinGOs' Williams, Christoph Lamprecht, Chris Williams, chromatic, Claes Jakobsson, Craig A. Berry, Dan Dascalescu, Daniel Frederick Crisman, Daniel M. Quinlan, Dan Jacobson, Dan Kogai, Dave Rolsky, David Cantrell, David Dick, David Golden, David Mitchell, David M. Syzdek, David Nicol, David Wheeler, Dennis Kaarsemaker, Dintelmann, Peter, Dominic Dunlop, Dr.Ruud, Duke Leto, Enrico Sorcinelli, Eric Brine, Father Chrysostomos, Florian Ragwitz, Frank Wiegand, Gabor Szabo, Gene Sullivan, Geoffrey T. Dairiki, George Greer, Gerard Goossen, Gisle Aas, Goro Fuji, Graham Barr, Green, Paul, Hans Dieter Pearcey, Harmen, H. Merijn Brand, Hugo van der Sanden, Ian Goodacre, Igor Sutton, Ingo Weinhold, James Bence, James Mastros, Jan Dubois, Jari Aalto, Jarkko Hietaniemi, Jay Hannah, Jerry Hedden, Jesse Vincent, Jim Cromie, Jody Belka, John Malmberg, John Peacock, John P. Linderman, John Wright, Josh ben Jore, Jos I. Boumans, Karl Williamson, Kenichi Ishigaki, Ken Williams, Kevin Brintnall, Kevin Ryde, Kurt Starsinic, Leon Brocard, Lubomir Rintel, Luke Ross, Marcel Grünauer, Marcus Holland-Moritz, Mark Jason Dominus, Marko Asplund, Martin Hasch, Mashrab Kuvatov, Matt Kraai, Matt S Trout, Max Maischein, Michael Breen, Michael Cartmell, Michael G Schwern, Michael Witten, Mike Giroux, Milosz Tanski, Moritz Lenz, Nicholas Clark, Nick Cleaton, Niko Tyni, Offer Kaye, Osvaldo Villalon, Paul Fenwick, Paul Gaborit, Paul Green, Paul Johnson, Paul Marquess, Philip Hazel, Philippe Bruhat, Rafael Garcia-Suarez, Rainer Tammer, Rajesh Mandalemula, Reini Urban, Renée Bäcker, Ricardo Signes, Richard Foley, Rich Rauenzahn, Rick Delaney, Risto Kankkunen, Robert May, Roberto C. Sanchez, Robin Barker, Tomoyuki Sadahiro, Salvador Ortiz Garcia, Sam Vilain, Scott Lanning, Sébastien Aperghis-Tramoni, Sérgio Durigan Júnior, Shlomi Fish, Simon Schubert, Sisyphus, Slaven Rezic, Smylers, Steffen Müller, Steffen Ullrich, Stepan Kasal, Steve Hay, Steven Schubiger, Steve Peters, Tels, The Doctor, Tim Bunce, Tim Jenness, Todd Rinaldo, Tom Christiansen, Tom Hukins, Tom Wyant, Tony Cook, Torsten Schoenfeld, Tye McQueen, Vadim Konovalov, Vincent Pit, Hio Yamashina, Yasuhiro Matsumoto, Yitzchak Scott-Thoennes, Yuval Kogman, Yves Orton, Zefram and Zsban Ambrus.

    This list is woefully incomplete as it's automatically generated from version control history. In particular, it doesn't include the names of the (very much appreciated) contributors who reported issues in previous versions of Perl that helped make Perl 5.12.0 better. For a more complete list of all of Perl's historical contributors, please see the AUTHORS file in the Perl 5.12.0 distribution.

    Best,

    Jesse Vincent

  • What are you working on in Perl?

    My project list is a mile long, and I'm wondering what you're working on, too. Here's mine, in no order: * Internals of [Parrot](http://parrot.org/), trying to get the underlying C API handle to handle const STRING *. * Putting out [tidyp](http://tidyp.com/), my fork of libtidy, and HTML::Tidy which will rely on it. * Thinking about the plug-in API for [ack](http://betterthangrep.com/) 2.0. * Wanting to get more grep-like programs listed on [betterthangrep.com](http://betterthangrep.com/). * Gathering together info on Plack and PSGI for an article here * Getting [perl101.org](http://perl101.org/) to list both Perl 5 and Perl 6 syntax for how to do things. * Make an install mechanism for [vim-perl](http://github.com/petdance/vim-perl) so people don't have to wait for Bram to release a version of vim to get the updates. * Work on [Perl::Critic](http://perlcritic.org/) policies for [check_postgres.pl](http://github.com/bucardo/check_postgres). * Clean out the WWW::Mechanize bug queue, especially making the live tests not run by default. * Work on a talk on Perl 5.10 and 5.12 for [Chicago Uniforum](http://uniforumchicago.org/) in June. * Add more languages and more philosophy to [bobby-tables.com](http://bobby-tables.com). * Decide if I want to keep Perlbuzz in Movable Type and upgrade to the next version, or migrate to the Melody fork. What's on your plate? Tell us in the comments.
  • White House releases open source code

    I'm so happy that the [White House has fed back to the open source community](http://www.whitehouse.gov/tech) and, more importantly, advertised that fact. Remember how fifteen or twenty years ago you'd see mentions of the Internet in popular culture and think "This is really picking up"? That's how this announcement makes me feel.
  • Perl one-liner to sample your Mac's voices

    I’ve been following stories about Roger Ebert’s new voice, which a company has made so that they can apparently plug it into his Mac. In his appearances on camera, the voice he’s been using is the Mac “Alex” voice. What other voices does your Mac have? Here’s a Perl one-liner to play them.

    Read on →