Coverity Tackles Open-Source Defects

Application development testing specialist Coverity has revealed that its software now enables an open-source tool known as ANother Tool for Language Recognition (ANTLR) to find and fix open-source software defects.

Coverity released the results of its latest Coverity Scan Project Spotlight, which analysed the ANTLR Java project, including defect density as compared with the industry average defect density for good quality software and types of defects identified. The scan found a series of previously undiscovered defects.

ANTLR Project

ANTLR is a Java-based parser generator for reading, processing, executing and translating structured text or binary files. The software, which is used to build languages, tools and frameworks, is downloaded more than 5,000 times per month and is used by several major companies, including Apple, Oracle, and Twitter.

Although the ANTLR project only started using the Scan service in late August 2013, it has already leveraged Coverity’s development testing technology to find and fix 20 previously undiscovered high- and medium-risk defects, including a resource leak and copy-paste error that could have caused a significant software crash in production, Coverity officials said.

Coverity expanded its free Coverity Scan service to include Java projects in May 2013, to help drive higher levels of software quality and security within the open-source community. The Scan service uses Java analysis algorithms in the Coverity Development Testing Platform to find critical defects such as resource leaks and concurrency issues. The service also uses a highly tuned version of the FindBugs static analysis tool, which is integrated into the Coverity platform, to identify coding standard and style issues. Since August 2013, the Coverity Scan service has analysed 43,000 lines of ANTLR code and identified 171 defects.

“ANTLR is one of a growing number of Java open source projects that have joined the Scan service to help enhance code quality,” said Jennifer Johnson, chief marketing officer for Coverity, in a statement. “The ANTLR team has done an excellent job of addressing key defects in their code in the short time that they have been participating in the service, and we look forward to continuing to work with them to ensure that their Java code is of the highest quality, as well as to further expanding our engagement with the Java community.”

Open Source Quality

Coverity introduced its monthly Coverity Scan Project Spotlights due to high demand for the annual Coverity Scan Report and the insight it provides into the state of open-source software quality. The Coverity Scan Report has become something of a standard for measuring the state of open-source software quality. The 2012 Scan Report found an average defect density of .69 for open-source software projects that leverage the Coverity Scan service, as compared with the accepted industry standard defect density for good quality software of 1.0.

At the end of August, the Coverity Scan service analysed the Python open-source project. The scan found that Python’s defect density of .5 significantly surpasses the accepted industry standard defect density for good quality software and introduces a new level of quality for open-source software.

As of late August, the Coverity Scan service had analysed nearly 400,000 lines of Python code and identified 996 new defects – 860 of which have been fixed by the Python community.

“Python is the model citizen of good code quality practices, and we applaud their contributors and maintainers for their commitment to quality,” Johnson said in a statement. “Python’s decision to join the Coverity Scan service and leverage our industry-leading development testing platform has raised the bar for open source software. This Scan Spotlight – and Python’s impressive level of software quality – should be a call to action for any C/C++ or Java open source project not yet reaping the benefits of the Coverity Scan service.”

Are you a security pro? Try our quiz!

Originally published on eWeek.

Darryl K. Taft

Darryl K. Taft covers IBM, big data and a number of other topics for TechWeekEurope and eWeek

Recent Posts

Apple Security Flaw Being Actively Exploited

Update now. Vulnerability impacts a number of Apple iPhone, iPad and Mac models, and the…

11 hours ago

Yale University Names Firms Still Operating In Russia

Data from Yale University shows a number of big name tech companies continue to trade…

12 hours ago

Police Arrest Four Over BT Cable Theft In North Yorkshire

Police make arrests after Openreach confirms to Silicon UK that a cable theft left 200…

1 day ago

UK Staff Resisting ‘Big Return’ To The Office, Says infinitSpace

Remote working to stay? Majority of business leaders are struggling to get staff to return…

1 day ago

Apple Axes 100 Recruiters, Amid Hiring Slowdown – Report

Hiring slowdown at Apple? Tech giant reportedly lets go 100 contract-based recruiters in the past…

1 day ago