Thales Italia boasts a solid portfolio of products and technologies destined for both civil and military markets. They offer technological solutions that address the security and transportation industries (with expertise in railway signaling and protection/surveillance of critical infrastructures); in the defense division (with expertise in military communications and war electronics); and in the air traffic management field (with expertise in landing, navigation, and surveillance systems).
Thales decided to apply static analysis via Parasoft C/C++test to its Integrated Tramway Management Solutions project— then later deployed it across the entire Automatic Vehicle Location System division. The result: Thales reduced its rate of defective components by 30% and significantly increased application performance.
Static code analysis (or static analysis) is a software testing activity in software development, in which the source code is analyzed for constructs known to be associated with software errors or security vulnerabilities. When a high-risk construct is detected, the static analysis tool reports a violation for the developer to view and remediate.
Running static analysis on the desktop will provide some benefits and may work for small teams or projects; however, in large organizations, static analysis should also be automated as part of nightly builds and continuous integration. When implemented as an integral part of the development process, analyzing your code with static analysis provides a number of benefits, including the following:
Consistently running static analysis from the early stages of the project enables you to find and fix systemic defects when the cost of remediation is at its lowest. The process may initially take more time than rapidly developing the software without running analysis, but the gains in efficiency become exponential over the development lifecycle.
Static analysis helps you find and fix defects early, which can prevent the recurrence of systemic defects downstream. With a policy of early detection, you can more easily implement a policy of defect prevention, which reduces the rate of defects over the development lifecycle.
Automated static analysis is an effective feedback mechanism critical to successful DevOps and CI/CD process. These tools also generate the data that other departments need to access and collaborate effectively under the DevOps model. Especially when used with unit and regression testing, static analysis serves a few roles, including:
As a result, static analysis becomes an agent for continuous, automated process improvement. It provides a way for developers to understand and examine an error detected during release, or for QA to determine if there is a way to harden code and eliminate the possibility of these defects to occur in the future.
Thales was looking for a solution that would simplify configuring, deploying, and managing a standardized rule set across a team or department. Specific requirements included:
Parasoft’s testing tools enabled Thales to efficiently and consistently apply a broad set of complementary defect prevention practices, which greatly improves productivity by helping developers eliminate problems when they are easiest and fastest to fix (and before they lead to additional defects). The architect can easily take the rules and settings designed for one code base and apply them to another code base— with any necessary adjustments and modifications for the new context. This is especially important when the developers work in diverse environments that use different technologies.
Being able to adjust a rule in a matter of seconds then immediately deploy it across all of the developers’ desktop installations allowed them to achieve a huge increase in productivity. Thales also achieved productivity gains by having detailed results reported directly in the developers’ work environment. The ability to click on a reported violation and learn how and why to fix the flagged code helped the team start writing lower-risk code as a matter of habit.
“One of the greatest advantages of Parasoft’s static analysis is that it taught our engineers how to become better developers” remarks Alessandro Orsi, the AVLS Systems Product Manager. “We are finding fewer and fewer defects in the code base because developers are learning how to write better Java code. As the developers grow comfortable with the existing rule set, the architects incrementally extend it to include more rules. As expected, this results in better code. It’s a cyclic process.”
“When we compare defect rates in the component before and after adopting Parasoft’s static
analysis, we find that we are now achieving 30% fewer defects,” Orsi continues. “If other suppliers would provide the type of support that we’ve had from Parasoft, the world would be perfect. The support we have received from Parasoft has been truly remarkable”.
Parasoft’s industry-leading automated software testing tools support the entire software development process, from when the developer writes the first line of code all the way through unit and functional testing, to performance and security testing, leveraging simulated test environments along the way.