Sliced Bread and Bottled Beer simply don't hold a candle to
the Goanna Static Analysis tools suite - if you're a C/C++
programmer. Or indeed if you are managing a software team
tasked with getting a quality outcome. Goanna is the best
thing to emerge in the Static Analysis arena for a long
time. There are some great tools that have been servicing the bigger projects for a long
time. If you are using one of them - stick with it. If
not - you should be. In which case I invite you to give Goanna
a serious look.
Projects appear to be more tightly resourced than they have ever
been. Staff are doing more autonomously than I believe was
previously expected. What has suffered is process.
Process included top down specification of the application,
design reviews at every level, and so on. You know the drill -
we all learned it. So why do we hear that code reviews
are rarely performed and that developers are working in
towers? Its not rare. Also there are many single
developer projects lumbering the search for rare and sporadic
software failures on the lone developer.
Bring in some help. Tools are better at helping us
visualise and test our code than ever before. But C and C++
are powerful languages. This is good for the wise and
experienced and fun for the bold and daring.
The Motor Industry discovered long ago that certain coding
constructs and behavior resulted in software issues - so they
developed some rules. There are various sets of rules and a
variety of applications (tools) designed to find suspect bits
of code in your source files.
What is Goanna?
Goanna is an industry leading static analysis
tool that detects a wide range of bugs, vulnerabilities, and general
deficiencies in C/C++ source code. Goanna Studio is tightly
integrated in Visual Studio (Windows) and Eclipse (Windows/Linux).
Goanna supports a number of industry standards for C and C++:
Cutting Edge Technology Goanna
uses advanced model checking technology delivering highly efficient
path coverage for all functions.
Whole Program Interprocedural Analysis
Goanna Studio supports whole program analysis for checking,
e.g., that null pointers are not passed on and dereferenced in other
Incremental Analysis Goanna Studio
generates digital fingerprints of earlier analyzed functions and
prevents potentially costly re-analysis when the function has not
Abstract Data Value Tracking
Goanna Studio automatically tracks potential ranges of
variables, detecting possible array overruns, overflows, and
Over 200 Classes of Checks Growing
number of high-value checks ensure that even more critical bugs can
be found at development time. An in-depth list of checks can be
found in the distribution available for download and in the user manuals.
Analyze Files, Projects, and Solutions
Goanna Studio for Visual Studio supports the analysis of
whole solutions, single projects and even selected set of files for
Unique Path Simulator Goanna
Studio can "replay" bugs directly in the IDE to better understand
Reporting and Exporting Analysis
results can be filtered by file and defect type, and exported in CSV
format for further triage.
>> Still Reading? - well you may be interested in this :-
Java developers are not imune. It's oldish but interesting: http://findbugs.cs.umd.edu/talks/JavaOne2007-TS2007.pdf
We can't help you with Java - yet.