Klocwork, a provider of source code analysis tools, just released the Insight Pro suite for agile development projects. Klocwork Insight Pro checks Java, C#, C and C++ code for memory and resource leaks, security vulnerabilities, and buffer overflows. DZone interviewed Klockwork CTO, Gwyn Fisher, to get an indepth look at Insight Pro and its static analysis engine. Insight Pro includes three tools to reduce bug debt and increase iteration speed.
Continuous static analysis
Static analysis traditionally relied on user interaction to perform code checks. Gwyn Fisher says, “Whether this is a complex server-side scripting process, or pushing buttons in desktop environments, the developer has been responsible for requesting an analysis to be performed, and is then responsible for taking action on the results all at once.” Insight Pro’s static analysis has what Klocwork calls a “no-click usability model.” Fisher explains, “The no-click usability model removes this step [requesting analysis] from the developer’s responsibilities, and ensures that static analysis is performed automatically for them, consciously providing an analog to how spell checking works within word processors. Without conscious interaction, therefore, developers always have the most up-to-date analysis results available to them, based on actions they’re taking anyway, such as saving a file, opening a file, transitioning between different files in a tabbed environment, etc.”