http://redlizards.com/blog/development/goanna-12-released/ The Blog of the Goanna Team Mon, 06 Feb 2012 22:52:00 +0000 http://wordpress.org/?v=2.7 hourly 1 http://redlizards.com/blog/development/goanna-12-released/comment-page-1/#comment-8410 Ansgar Sat, 20 Mar 2010 00:39:50 +0000 http://redlizards.com/blog/?p=420#comment-8410 Most of the checks cover common ground such as uninitialised variables, null pointers, and common programming weaknesses. However, that doesn't mean that will give the same warning for the same piece of code, usually because they all use different techniques. There has been <a href="http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B75H1-4T0WSXB-2&_user=10&_coverDate=07%2F21%2F2008&_rdoc=1&_fmt=high&_orig=search&_sort=d&_docanchor=&view=c&_searchStrId=1405361723&_rerunOrigin=google&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=1e1a4b044851a61f38f0b4da22fae682" rel="nofollow">published research</a> that found that only a small fraction of all warnings of any given tool gives are shared with all other tools. And that at least half of them are unique to that particular tool. So, it might be better to compare approaches. Our approach is to use model checking, which is essentially a graph search algorithm to explore all paths. That said, many tools try to specialise by providing particular classes of checks. A few of the classes we currently support are array bounds checks, c++ copy control and usage, and memory and pointer usage. Most of the checks cover common ground such as uninitialised variables, null pointers, and common programming weaknesses. However, that doesn’t mean that will give the same warning for the same piece of code, usually because they all use different techniques. There has been published research that found that only a small fraction of all warnings of any given tool gives are shared with all other tools. And that at least half of them are unique to that particular tool. So, it might be better to compare approaches. Our approach is to use model checking, which is essentially a graph search algorithm to explore all paths. That said, many tools try to specialise by providing particular classes of checks. A few of the classes we currently support are array bounds checks, c++ copy control and usage, and memory and pointer usage.

]]> http://redlizards.com/blog/development/goanna-12-released/comment-page-1/#comment-6764 Basil Philipsz Wed, 10 Mar 2010 12:42:31 +0000 http://redlizards.com/blog/?p=420#comment-6764 Can I ask a difficult question- How far away is the checks provided by your version 1.2 and the forthcoming 100 new ones compare with the checks that the market leading packages like Fortify offer Basil Can I ask a difficult question-
How far away is the checks provided by your version 1.2 and the forthcoming 100 new ones compare with the checks that the market leading packages like Fortify offer
Basil

]]>