Tools Are Accurate if Not Stylish

Review: The updated Klocwork suite offers leverage for code and process involvement.

When eWEEK Labs encounters what seems like an especially clever trade name, it sometimes turns out that were working too hard: What looked to us like an ingenious pun is often unintended.

Were fairly certain, though, that Klocwork, in Burlington, Mass., intended its name to be a double play on words. It combines the abbreviation "kLOC," for "thousands of lines of code," with the notion that the software development process should run in a much more consistent and predictable way.

We got an early look at the shipping code of Version 7.1 of Klocworks development tool suite, finalized on June 14, which defies the easy categorization of the source code editors and debuggers that used to be the staples of development tool reviews.

/zimages/6/28571.gifClick here to read about IBMs free security tools for Java developers.

The Klocwork lineup might even be termed a suite of suites. It comprises several bundles of tools addressing varied combinations of source code defect and vulnerability analysis, application architecture visualization, and development process improvement.

The Klocwork teams efforts have clearly gone into substance rather than style. Developers whove grown accustomed to professionally packaged tools that install as easily as any end-user application, with correspondingly friendly user interface design, may form an unfavorable first impression of Klocworks products.

The installation guide is an 88-page manual, with nearly a quarter of that devoted to a chapter ominously titled "Planning Your Installation," plus 10 more pages of actual installation instructions.

Some of our early work with the product found us unceremoniously dumped from a multistep process when we pointed, for example, to a nonempty directory as the place to store a tools analysis results.

In practice, though, a development organization that assimilates these tools into its day-to-day operations will not continue to encounter these problems and should not be discouraged by them. Whats more important is the leverage these tools can provide—when assembled into a configuration that fits a particular environment—in making sure that quality code is built in a productive manner.

For teams developing in C/C++ or Java and seeking improved process measurement depth and rigor—especially when working on multiple development platforms—Klocworks tools merit investigation.

New in Junes Version 7.1 is Java 1.5 compatibility, incorporating the added features of that Java update into Klocworks inSight Architect tool (see screen). Java developers who are tempted to assert that Java has no security problems may find it educational to look over the list of potential security vulnerabilities that Klocwork can detect in Java code.

The tools can also offer Java style guidance in areas such as matching the abstraction level of a potentially thrown exception to that of the method in question.

Version 7.1s defect detection in C and C++ code has become more subtle. This release has a nasty, suspicious mind (we mean this as a compliment) when it comes to identifying pieces of code that might wind up dereferencing a null pointer by indirect, but sadly plausible, chains of misfortune.

We also note that Klocwork 7.1 has become more assertive about calling things errors, rather than merely suggesting their investigation, as the default response when certain patterns are noticed. Either the Klocwork developers are getting more confident in their detection algorithms, or (perhaps more likely) theyve decided that developers need to be whacked with a metaphorical two-by-four to get their attention.

Klocworks tools are available in two combinations. The Defect + Security Suite is priced at $2,995 per user, and the more complete Development Suite (which we tested) is priced at $3,995 per user. More information is available at

Peter Coffee can be reached at

/zimages/6/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.