Goanna Static Analysis by Red Lizard Software

I used to be a keen windsurfer and once attended a training camp/holiday in Greece. We covered advanced maneuvers such as 360’s, forward rolls and duck gybes etc. The instructor always said, “Doesn’t matter if you pull it off, just so long as it looks good!”

The reason for this story is that at Red Lizards we have a mantra of “Bringing higher quality software to market faster”, and so the flip side of this coin is that we can’t ship a release until it is of sufficiently high quality. Double edged sword perhaps, yet this is the business we chose.

(more…)

So what’s different about Goanna and why did we approach the static analysis challenge with model checking?

In case you weren’t aware; Goanna is the first static analysis tool to implement model checking after 4 years research at NICTA (National ICT Australia), which is Australia’s leading ICT government research organisation. 

The result  is that the key attributes for Goanna’s differences are as follows;
(more…)

Internally we are encouraging new team members to watch the so called Sean Tapes. There is nothing dubious about these tapes, unless you call Static Analysis and OCaml “dubious”. They are actually just screen captures, in which Sean explains how the Goanna tool performs static analysis for C/C++ code.

We are happy to share Sean’s prized voice-over with you all. Here’s the first video on the use of Goanna.

The other day we met with a new prospective alpha partner for our upcoming MSVS release (Visual Studio support is scheduled for July 2009). This customer has a lot of smarter people creating impressive code bases to challenging requirements.

Having presented how Goanna is different in that we fit within the IDE, as opposed to sitting with/behind the central build, I asked the question as to when and how they run peer reviews.

(more…)

A static analysis tool for Java is FindBugs. I found this interesting Google Video, in which Bill Pugh talks about static analysis. While he talks mostly about bugs in Java it is still quite interesting in general. His most interesting lesson is “Smart people make dumb mistakes”. I’d like to add, “Really smart people are glad to find their dumb mistakes, and are not afraid to get help finding them“. (more…)

We are frequently asked whether Goanna is a software model checker. After all, we analyse software and use a model checker to do so. However, while Goanna uses a model checker in the background for part of its analysis, it is not a software model checker. In the typical meaning of the word. (more…)

The gcc compiler supports several “attributes” that you can tag a function with. The semantics of those attributes is described informally and, indeed, gcc doesn’t check that they attributes are observed. In other words, the attributes are just decorative, and really have no semantics at all.

(more…)

Often I am asked: How much does a bug cost? I would love to say $1023.76. Each and every time. Consistently. Use this as your metrics for calculating risks and you will be fine.

Well, the truth is costs are somewhere between nothing and your business. Now, let me explain why. (more…)