	DevX News
	DevX: .NET Zone
	DevX

Biz Resources

ERP Software

Computer Hardware

Data Backup Services

eKit: Rational Build Forge Express. Access valuable resources to help you increase staff productivity, compress development cycles and deliver better software, fast.

DevX Home > DevX News

DevX News

January 30, 2008
Klocwork Expands Code Insight
By Sean Michael Kerner

Where is the best time and place to find bugs in an application?

According to code analysis vendor Klocwork, the best place is the source: the developer that writes the code. The best time is before they actually check the code in. IDE plugins have been helping developers find bugs for many years. But Klocwork argues that they are, for the most part, limited to what the developer is working on instead of enabling a broader look at the complete application.

Then again, Klockwork has a reason to say that. The firm's new Insight application provides a full view of an application and the code that goes into it so that developers can find flaws beyond their own desktop code boundaries.

"This new release is all about moving over the line in the sand, which is code check-in, and letting developers do code analysis before they check in," Klocwork's CTO, Gwyn Fisher, told InternetNews.com. "So developers can check in code that works instead of applying more techniques over the line in the sand at the integration build level."

Fisher argued that Klocwork Insight is different than traditional IDE plugins for bug detection in that plugins are limited by boundaries. The boundaries are what Fisher referred to as the locality of reference and could include method, file or project boundaries.

"Whatever the case they have a locality of reference, which is bound by the sandbox in which the developer is operating," Fisher explained. "So whatever the developer has on their desktop that is what will get analyzed."

The totality of modern software development, however, extends beyond the developers' code. As such, Fisher noted, the value of high-end source code analysis entails an understanding of how the whole system is built and how different components can create bugs.

The Klocwork Insight system uses a project knowledge base to map how an application is organized and the behaviors of any particular entity within that organization. Insight then takes the overall view and maps that to what a developer is doing in their own particular code sandbox.

Fisher explained that Insight knows when a developer is stepping outside the boundaries of their sandbox and knows where the developer is going.

"Insight understands the context of what the developer is calling so we can reflect back to him bugs that occur because of the developer's use of code that the developer doesn't have locally," Fisher commented.

Fisher was quick to note that Klocwork insight isn't just about code quality but includes check for security vulnerabilities as well. In his view the two issues are closely related.

"We follow the mantra that a security vulnerability is just a bug that happens to be exploitable," Fisher said. "And a bug is a security vulnerability that no one has managed to exploit yet."

Klocwork competes primarily against Coverity in the source code analysis space.

Print This Article
E-mail This Article

Archives

Work With InterSystems. Not Separate Systems. Rapidly develop and deploy connectable applications.

Walkthrough: Building a Mobile Game in Visual Studio 2008

Five Trends for Application Development & Program Management. Download Complimentary Report Now.

Best Practices for Developing a Web Site. Checklists, Tips & Strategies. Download Exclusive eBook Now.

Tutorial: The Ajax Transport Method-Learn how to put efficient Ajax controls anywhere you need them.

DevX Network:

Partners:

Company:

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks
Microsoft Article: HyperV-The Killer Feature in WinServer ‘08 Avaya Article: How to Feed Data into the Avaya Event Processor Microsoft Article: Install What You Need with Win Server ‘08 HP eBook: Putting the Green into IT Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1 Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency		Avaya Article: Setting Up a SIP A/S Development Environment IBM Article: How Cool Is Your Data Center? Microsoft Article: Managing Virtual Machines with Microsoft System Center HP eBook: Storage Networking , Part 1 Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
Intel Video: Are Multi-core Processors Here to Stay? On-Demand Webcast: Five Virtualization Trends to Watch HP Video: Page Cost Calculator Intel Video: APIs for Parallel Programming		HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2 MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
Sun Download: Solaris 8 Migration Assistant Sybase Download: SQL Anywhere Developer Edition Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook		Red Gate Download: SQL Compare Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors IBM Article: Collaborating in the High-Performance Workplace HP Demo: StorageWorks EVA4400		Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class Microsoft How-to Article: Get Going with Silverlight and Windows Live MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES