Polyspace Bug Finder
Polyspace Bug Finder™ is a static code analysis tool used to analyze code components or entire embedded software projects. Polyspace Bug Finder uses fast static code analysis techniques including formal methods to pinpoint run-time errors, concurrency issues, security vulnerabilities, and other defects in C or C++ source code, with low false-positive rates.
You can use Polyspace Bug Finder to quickly find, triage, and fix bugs. It highlights defects as soon as they are detected, so you do not need to wait for the analysis of the entire source code to finish. You can use it iteratively to detect bugs or to enforce coding rules early in the development process, as soon as the code is written, modified, or generated. You can use Polyspace Bug Finder with the Eclipse IDE, by command line invocation, and through a standalone user interface. You can integrate it into build environments for automated use.
Polyspace Bug Finder supports critical activities in a software development workflow, including:
With Polyspace Bug Finder, you can set up a project and perform static code analysis:
Polyspace Bug Finder works with Polyspace Code Prover™ to prove the absence of certain run-time errors in your source code. These products together offer an end-to-end static analysis capability for early-stage development use, which spans bug-finding, code rules checking, and proof. This capability ensures the reliability of embedded software while optimizing cost and shortening the duration of testing.
Polyspace Bug Finder detects a variety of defects such as numerical, static memory, dynamic memory, concurrency, and security vulnerabilities. You can identify defects without the cost of writing test cases. In one single analysis, you can identify most of the defects in your code. This is particularly important for defects, such as concurrency issues, that are extremely difficult to catch with test cases because of the undeterminstic nature of such issues.
Defects are highlighted in the source code, with traceback information to help you identify the cause and source of the defect. This further reduces the cost of tracking down defects during the debugging and fixing phases of your test cycle.
The straightforward workflow enables developers and quality engineers to classify and triage defects. For each defect detected, Polyspace Bug Finder provides detailed information on what caused the defect. For example, in situations where an integer overflow occurs, Polyspace Bug Finder traces all line numbers in the code that lead to the overflow condition. Software developers can use this information to determine how best to fix the code. Quality engineers can use this information to classify the defect for further action. For example, a quality engineer can mark a defect for further investigation or indicate that the defect is low priority.
Polyspace Bug Finder supports the detection of MISRA-C:2004, MISRA-C++:2008, MISRA C:2012, MISRA AC AGC, JSF++, and custom naming coding-rule violations. You can use Polyspace Bug Finder to enforce coding rules to improve the readability and quality of your code. You can configure Polyspace Bug Finder to focus on all the rules of the standard, or only the rules required by the standard. You can also individually select the rules you want to enforce. In addition, you can define your own configuration to ensure that the same coding rules are enforced within your team.
You can fix rule violations by tracing them to your source code editor, or you can justify the coding rule violations for the purpose of documentation or code comments. The Polyspace Bug Finder interface lets you focus on differences from the previous analysis to avoid reviewing the same violation twice. To track results over time, you can export coding rules analysis results to a web dashboard.
Checking MISRA Code Rule Compliance with Polyspace Products
Check code for compliance to MISRA C® rules, identify and fix violations, and generate a report for documentation.
Polyspace Bug Finder generates project-level, file-level, and function-level metrics to evaluate the complexity of code. Polyspace Bug Finder supports the generation of Hersteller Initiative Software (HIS) metrics, which can be exported to a web dashboard. Code complexity metrics include:
You can define a centralized quality model to track defects, code complexity, and coding rules violations. Using these metrics, you can track your progress toward predefined software quality objectives as your code evolves. By measuring the rate of improvement in code quality, Polyspace Bug Finder enables developers, testers, and project managers to target and deliver high-quality code.
You can use Polyspace Bug Finder to analyze generated code or mixed code, which contains both generated and handwritten code. Code-level defect results in the automatically generated code can be traced back to the model in Simulink. You can identify which parts of the model are reliable, and then correct design problems that cause errors in the code. You can also identify potential integration problems between generated and handwritten code. For example, the mixing of handwritten, low-level code with generated code might result in a problem where incorrect ranges of signals in the interface cause a run-time error. The detailed data flow and control flow information helps you to identify and trace the defect back either to the handwritten code or to the model.
Polyspace Bug Finder also supports tracing results to dSPACE® TargetLink® blocks and IBM Rational Rhapsody models.
You can use Polyspace Bug Finder and Polyspace Code Prover with IEC Certification Kit
(for ISO 26262 and IEC 61508) and DO Qualification Kit (for DO-178B) in the certification process for projects based on these industry standards.
Reports and artifacts show the final quality of the code, highlight sections that have been reviewed, generate code metrics, and document the application of coding rules and run-time error status. You can create these reports in formats such as PDF, HTML, RTF, and others.