5 Replies Latest reply: May 2, 2012 11:03 AM by peter henriksen RSS

Java Analysis in Coverity 6.0.0

Contributor
Currently Being Moderated

This is the feature expert discussion, looking forward to your questions.

  • Re: Java Analysis in Coverity 6.0.0
    Contributor
    Currently Being Moderated

    Why did you make the change to analyze source code versus byte code?

    • Re: Java Analysis in Coverity 6.0.0
      Contributor
      Currently Being Moderated

      You probably meant analyzing source code (as we now do in 6.0.0) rather than byte code (as prior to 6.0.0).

       

      By generating an AST from source code, we can now use the same powerful Analysis engine that we also use for C/C++, so this approach allows us to unify our C/C++ and Java Analysis.

       

      In general you would expect better precision from AST/source code Analysis, much better cross references and no problems with artifacts coming from compiler optimization/obfuscation.

      • Re: Java Analysis in Coverity 6.0.0
        Contributor
        Currently Being Moderated

        Let me add that we still Analyze byte code in 6.0.0. However, if we do not have source code, we will only create models/function summaries, without reporting any defects.

        • Re: Java Analysis in Coverity 6.0.0
          Kristin Brennan Moderator
          Currently Being Moderated

          Can you share the greatest advantages of our Java analysis with the 6.0 release?

          • Re: Java Analysis in Coverity 6.0.0
            Contributor
            Currently Being Moderated

            The greatest advantage is that we now have a platform that is build upon our highly successful C/C++ product that will allow us to quickly innovate.

             

            Functionality-wise in 6.0.0, the release is very similar to 5.5.3. However, under the covers you will get much more precise Analysis results. Problems with stupid-looking False Positives, problems we haven't been able to fix for years in our old Java Analysis product, are all gone, just as a long list of customer requests have been resolved.

             

            And then you should not forget that Java Analysis can now run in parallel, and incremental, with exact same results as when the Analysis is done in serial.

             

            There is also a nifty new checker called COPY_PASTE_ERROR checker (shared between C/C++ and Java, our first new checker that is tuned to multiple languages) and we are shipping FindBugs 2.0 with our product.

More Like This

  • Retrieving data ...