Despite widespread developer criticism of its code scan project results, Coverity continues to proffer forth its PR-fueled waves of news relating to the firm's analysis activities. The most recent of these defect density "revelations" comes as a result of inspection of the ANTLR open source Java project.
NOTE: ANTLR (ANother Tool for Language Recognition) is a Java-based parser generator for reading, processing, executing, or translating structured text or binary files.
ANTLR is used to build languages, tools, and frameworks and is downloaded more than 5,000 times per month. Coverity claims that ANTLR project members have used its technology to find and fix 20 previously undiscovered, high- and medium-risk defects, including a "resource leak" and a "copy-paste" error that could (allegedly) have caused a significant software crash in production.
Coverity expanded its free Coverity Scan service to include Java projects in May 2013. The service uses Java analysis algorithms to find critical defects such as resource leaks and concurrency issues. The service also uses a highly tuned version of the FindBugs static analysis tool, which is integrated into the testing platform in use here, to identify coding standard and style issues.
Since August 2013, the Coverity Scan service has analysed 43,000 lines of ANTLR code and identified 171 defects.
Coverity's Jennifer Johnson says that the ANTLR team has done an excellent job of addressing key defects in their code in the short time that they have been participating in the service.