This line comes from an interview I recently conducted with the creator of ANTLR, Terence Parr. ANTLR, which is written in Java, is the focus of our latest Coverity Scan Project Spotlight. ANTLR (ANother Tool for Language Recognition) is a powerful parser generator for reading, processing, executing or translating structured text or binary files. It was first introduced in 1989 and is now widely used by the likes of Apple, Twitter, SalesForce and more.
Now back to testing a Yugo into a BMW… Terence made this comment in response to my question about the challenges of getting Java developers to care about quality. He thought it was a general issue, not one specific to Java. Many programmers do not take responsibility for the quality of their code. He then went on to say, “You don’t start with a Yugo and test it into a BMW.”
The ANTLR project has shown that they take responsibility for the quality of their code. In the first three weeks of joining the Coverity Scan service, they had already fixed 20 high- and medium-impact defects. In fact they had at least one “Holy cr#p!” moment when the analysis from the Coverity platform found a critical issue that had previously gone undetected and could have crashed the software around it. In all, ANTLR found 171 defects in their code through the service, including critical issues such as an interprocedural null dereference, a copy-paste error and a resource leak. They had a defect density rate of .67 for high- and medium-impact defects and 3.48 overall defect density.
We’re very interested in collecting metrics on the average defect density rates in Java projects. Java has many built-in protections from some of the critical issues in C, C++, but also is subject to numerous coding style and standard rules found by FindBugs, which is integrated into the Coverity analysis engine. These coding standard and style issues can inflate defect density rates but aren’t necessarily an indicator of increased risk. We think a more accurate defect density comparison with C, C++ projects may be the density of high- and medium-impact defects in Java projects as compared to overall defect density in C, C++. We plan to continue to collect data on this subject and closely follow the defect density trends in the more than 65 Java projects that have joined Coverity Scan since May, when we expanded the service.
To learn more about what ANTRL found in their code, read our latest Coverity Scan Project Spotlight.
The post You Can’t Start with a Yugo and Test it into a BMW appeared first on Software Testing Blog.