Designers can take advantage of a host of new static and dynamic code analysis tools from different vendors.
Coverity has a range of static and dynamic analysis tools, but its Coverity Build Analysis addresses an aspect that is key to the development process but often overlooked—the build process. It helps Coverity stand out from the pack in addition to helping prevent bugs in the build process by identifying issues such as using the wrong object file during a build.
LDRA Software Technology recently released the v8.0 LDRA Tool Suite. This end-to-end development suite integrates with third-party requirement management tools. It includes TBvision, which checks for security vulnerabilities, bugs, and programming standards such as MISRA C and C++ and the CERT C secure coding standard.
Klocwork Solo from Klocwork brings Java static analysis to individual developers. It complements Klocwork’s enterprise solutions that are comparable to other vendors. Solo addresses a range of security vulnerabilities in addition to other types of bugs.
Polyspace Release 2009a is part of an array of product announcements from the Mathworks that includes Matlab and Simulink. Polyspace looks for runtime errors in C, C++, and Ada code. It can prove the absence of problems such as overflow and divide-by-zero.
The GrammaTech CodeSonar 3.4 static analysis tool adds a range of new checkers including Power of 10 based on a set of rules developed by Gerald Holzmann, director of NASA/JPL’s Laboratory for Reliable Software. It can also be integrated with bug tracking systems like Bugzilla.
Of course, there’s a range of open-source projects such as PMD, a static analysis tool that works on Java applications. It checks for bugs and addresses issues such as dead and duplicate code.
So check out some analysis tools if they aren’t in your toolkit. They will save you time in the long run.