Klocwork Unveils Static Analysis Debug Tool

• By Kurt Mackie
• 02/04/08

Klocwork last week announced the debut of a new static analysis tool that aims to ensure quality and security in the code development process, both at the level of the desktop and organization wide.

The new Klocwork Insight product is a "second generation" static analysis tool, according to Gwyn Fisher, Klocwork's CTO. It goes beyond just the mechanics of tracking missing semicolons and brackets.

As second-generation technology, Insight represents a step forward in terms of the kinds of bugs that can be found, Fisher explained.

"Instead of worrying about code structure and coding practice, now it's worrying about where we are leaking memory, where are we going to be vulnerable, where are going to use memory that's already been freed," he said.

Those kinds of problems typically are found during the traditional compiler-link build phase, Fisher said, although static analysis happens without actually compiling code.

"It's very analogous to compiling," he said. "We call it compiling, as do many of our competitors."

Another feature of Insight is that it is designed to meet the needs of a software development lifecycle.

"The real key invention here--and this is patent pending for the Insight release--is the ability to take the analysis that is performed centrally (i.e., modeling the entire software project, the entire system) and projecting down to each individual developer sufficient knowledge from that central model," Fisher said.

As a consequence, developers responsible for a small component of the project can still understand what is going on as they "step up outside of that small component by a function call or dereferencing a function point or whatever they happen to be doing," Fisher explained.

Development managers can use Insight to understand how individual developers, groups of developers and organizations of developers are doing. Insight has a reporting, trending, and metrics management environment exposed through an AJAX-enabled Web portal, which gives managers a graphical view of the project's code-based health, Fisher said.

The product also enables collaboration on bugs, providing a "continuous feedback loop for educational purposes," he added, and facilitating role-based security and policy-based control.

Insight also lets developers build their own checkers using a declarative language that's heavily influenced by XPath. "You can state what kinds of behavior you are looking for in a very simple query-oriented manner," Fisher said.

Klocwork Insight is priced by developer, starting at $25,000, which includes one server and five developer seats; additional developer seats beyond that cost $2,750, according to Brendan Harrison, Klocwork's director of marketing. The product is currently available in two versions, one for C/C++ and one for Java.

Harrison said that Klocwork was founded in 2001 and currently has more than 250 professional developer customers, spanning various industries, including telecom, aerospace, finance and insurance, among others.

"That number grew by 100 over the last 12 months, so we're definitely on a good trajectory in terms of growth rate," Harrison added.

Further information on Klocwork Insight is available here.