Goanna 1.2 released

Goanna version 1.2 has been released. Download it now.

The major change is More Checks, in fact 40% more than were previously available in v1.1. Over the next few months we will continue to add new checks with each release. You can expect to see up to 100 additional high quality checks within the coming 6 months, which as usual will be free for all existing customers. Additionally, should you require a 30 day Trial Extension for your version 1.2 update please complete this trial extension request form.

We are also very pleased to announce the Beta release of Goanna for Command Line. This new command line version enables more flexibility and freedom for those wishing to integrate our powerful C/C++ static analyzer into their own development process. The Beta is currently available for Linux users and a version for Windows users is scheduled to be available in May. Linux users can now access a fully gcc-compatible solution integrated with over 60 classes of flow-sensitive quality checks to detect critical bugs as early as possible in the development cycle.

Inter-procedural analysis is also well under way, so stay tuned for a public Beta release soon!

  • Basil Philipsz

    March 10, 2010 at 11:42 pm

    Can I ask a difficult question-
    How far away is the checks provided by your version 1.2 and the forthcoming 100 new ones compare with the checks that the market leading packages like Fortify offer

    • Ansgar

      March 20, 2010 at 11:39 am

      Most of the checks cover common ground such as uninitialised variables, null pointers, and common programming weaknesses. However, that doesn’t mean that will give the same warning for the same piece of code, usually because they all use different techniques. There has been published research that found that only a small fraction of all warnings of any given tool gives are shared with all other tools. And that at least half of them are unique to that particular tool. So, it might be better to compare approaches. Our approach is to use model checking, which is essentially a graph search algorithm to explore all paths. That said, many tools try to specialise by providing particular classes of checks. A few of the classes we currently support are array bounds checks, c++ copy control and usage, and memory and pointer usage.

Post a Comment