Coverity Finds and Fixes Critical Defects in Open-Source Projects
Coverity’s testing solution enables the ANTLR open-source project to find and fix critical software defects.Coverity, a provider of application development testing, Sept. 19 announced that its software enables an open-source tool known as ANother Tool for Language Recognition, or ANTLR, to find and fix open-source software defects. Coverity released the results of its latest Coverity Scan Project Spotlight, which analyzed the ANTLR Java project, including defect density as compared with the industry average defect density for good quality software and types of defects identified. The scan found a series of previously undiscovered defects. ANTLR is a Java-based parser generator for reading, processing, executing and translating structured text or binary files. The software, which is used to build languages, tools and frameworks, is downloaded more than 5,000 times per month and is used by several major companies, including Apple, Oracle, Salesforce.com and Twitter. Although the ANTLR project only started using the Scan service in late August 2013, it has already leveraged Coverity's development testing technology to find and fix 20 previously undiscovered high- and medium-risk defects, including a resource leak and copy-paste error that could have caused a significant software crash in production, Coverity officials said.
Coverity expanded its free Coverity Scan service to include Java projects in May 2013, to help drive higher levels of software quality and security within the open-source community. The Scan service uses Java analysis algorithms in the Coverity Development Testing Platform to find critical defects such as resource leaks and concurrency issues. The service also uses a highly tuned version of the FindBugs static analysis tool, which is integrated into the Coverity platform, to identify coding standard and style issues. Since August 2013, the Coverity Scan service has analyzed 43,000 lines of ANTLR code and identified 171 defects.