Klocwork will be showing off its extended Java static source-code-analysis capabilities as part of its Klocwork Insight product at ESC. Its source code analysis solution can identify critical bugs and security vulnerabilities. The new Java analysis engine works with source code directly addressing the inaccuracies and noise associated with byte-code analysis.
Typical static analysis of Java byte code involves excessive estimation due to the significant dependencies on the Java compiler being used by newer Java compilers that typically mutate information that is required to perform accurate, high quality analysis. Klocwork has addressed these limitations by creating an all new source code-based quality and security analysis tool chain, thereby increasing the accuracy and breadth of coverage, while at the same time improving the readability of any resulting bug and vulnerability descriptions.
It supports all versions of Java up to and including 1.6 and has enhanced support for a variety of popular Java frameworks such as the Google Web Toolkit, AWT, Hibernate, JavaMail, J2EE and J2ME.
Klocwork Insight supports Eclipse, IBM Rational Application Developer, Intellij IDEA, and JBuilder 2007 IDEs as well as the ANT & Maven build environments.