|
Dailydave
mailing list archives
Re: Java source code analysis tool
From: dave <dave () immunitysec com>
Date: Mon, 28 Jun 2004 19:46:39 -0400
Gah. I take it back. It's useful, but it's under some retarded
proprietary license.
-dave
Matt Hargett wrote:
dave wrote:
Really the bugs I'd look for in Java are logic errors, but my talk
focused on being able to use public tools to do custom source
analysis, and here's one of those tools.
http://freshmeat.net/projects/lint4j/?branch_id=46555&release_id=165263
*About:*
Lint4j is a static Java source code analyzer that detects locking and
threading issues, performance and scalability problems, and checks
complex contracts such as Java serialization by performing type, data
flow, and lock graph analysis.
Does it still require a fair amount of putting special comment tags
for it to provide any kind of accuracy? Last time I looked at it, it
did. There's nothing wrong with that, of course -- PC-Lint requires a
fair amount of training before one really starts to get value out of it.
Logic errors are a worthwhile thing to look for in my opinion, also.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
|
Intro
