Klocwork Unveils Static Analysis Debug Tool

Klocwork last week announced the debut of a new static analysis tool that aims to ensure quality and security in the code development process, both at the level of the desktop and organization wide.

The new Klocwork Insight product is a "second generation" static analysis tool, according to Gwyn Fisher, Klocwork's CTO. It goes beyond just the mechanics of tracking missing semicolons and brackets.

As second-generation technology, Insight represents a step forward in terms of the kinds of bugs that can be found, Fisher explained.

"Instead of worrying about code structure and coding practice, now it's worrying about where we are leaking memory, where are we going to be vulnerable, where are going to use memory that's already been freed," he said.

Those kinds of problems typically are found during the traditional compiler-link build phase, Fisher said, although static analysis happens without actually compiling code.

"It's very analogous to compiling," he said. "We call it compiling, as do many of our competitors."

Another feature of Insight is that it is designed to meet the needs of a software development lifecycle.

"The real key invention here--and this is patent pending for the Insight release--is the ability to take the analysis that is performed centrally (i.e., modeling the entire software project, the entire system) and projecting down to each individual developer sufficient knowledge from that central model," Fisher said.

As a consequence, developers responsible for a small component of the project can still understand what is going on as they "step up outside of that small component by a function call or dereferencing a function point or whatever they happen to be doing," Fisher explained.

Development managers can use Insight to understand how individual developers, groups of developers and organizations of developers are doing. Insight has a reporting, trending, and metrics management environment exposed through an AJAX-enabled Web portal, which gives managers a graphical view of the project's code-based health, Fisher said.

The product also enables collaboration on bugs, providing a "continuous feedback loop for educational purposes," he added, and facilitating role-based security and policy-based control.

Insight also lets developers build their own checkers using a declarative language that's heavily influenced by XPath. "You can state what kinds of behavior you are looking for in a very simple query-oriented manner," Fisher said.

Klocwork Insight is priced by developer, starting at $25,000, which includes one server and five developer seats; additional developer seats beyond that cost $2,750, according to Brendan Harrison, Klocwork's director of marketing. The product is currently available in two versions, one for C/C++ and one for Java.

Harrison said that Klocwork was founded in 2001 and currently has more than 250 professional developer customers, spanning various industries, including telecom, aerospace, finance and insurance, among others.

"That number grew by 100 over the last 12 months, so we're definitely on a good trajectory in terms of growth rate," Harrison added.

Further information on Klocwork Insight is available here.

About the Author

Kurt Mackie is online news editor, Enterprise Group, at 1105 Media Inc.

Featured

  • illustration of a futuristic building labeled "AI & Innovation," featuring circuit board patterns and an AI brain motif, surrounded by geometric trees and a simplified sky

    Cal Poly Pomona Launches AI and Innovation Center

    In an effort to advance AI innovation, foster community engagement, and prepare students for careers in STEM fields and business, California State Polytechnic University, Pomona has teamed up with AI, cloud, and advisory services provider Avanade to launch a new Avanade AI & Innovation Center.

  •  black graduation cap with a glowing blue AI brain circuit symbol on top

    Report: AI Is a Must for Modern Learners

    A new report from VitalSource identifies a growing demand among learners for AI tools, declaring that "AI isn't just a nice-to-have; it's a must."

  • glowing shield hovers above a digital cloud platform with abstract data streams and cloud icons in the background

    Google to Acquire Cloud Security Firm Wiz

    Google has announced it will acquire cloud security startup Wiz. If completed, the acquisition — an all-cash deal valued at $32 billion — would mark the largest in Google's history.

  • digital dashboard featuring a shield icon, graphs, a world map, and network nodes

    IBM Introduces Agentic AI Governance and Security Platform

    IBM has launched a new software stack for enterprise IT teams tasked with managing the complex governance and security challenges posed by autonomous AI systems.