Case Study: Static Analysis Leads to 30% Fewer Defects
June 10, 2013
4 min read
Increasing Productivity and Quality in Mission-Critical Software
Thales Italia boasts a solid portfolio of products and technologies destined for both civil and military markets. They offer technological solutions that address the security and transportation industries (with expertise in railway signaling and protection/surveillance of critical infrastructures); in the defense division (with expertise in military communications and war electronics); and in the air traffic management field (with expertise in landing, navigation, and surveillance systems).
Thales decided to apply static analysis via Parasoft C/C++test to its Integrated Tramway Management Solutions project— then later deployed it across the entire Automatic Vehicle Location System division. The result: Thales reduced its rate of defective components by 30% and significantly increased application performance.
What is Static Code Analysis?
Static code analysis (or static analysis) is a software testing activity in software development, in which the source code is analyzed for constructs known to be associated with software errors or security vulnerabilities. When a high-risk construct is detected, the static analysis tool reports a violation for the developer to view and remediate.
Running static analysis on the desktop will provide some benefits and may work for small teams or projects; however, in large organizations, static analysis should also be automated as part of nightly builds and continuous integration. When implemented as an integral part of the development process, analyzing your code with static analysis provides a number of benefits, including the following:
Faster Development Cycle
Consistently running static analysis from the early stages of the project enables you to find and fix systemic defects when the cost of remediation is at its lowest. The process may initially take more time than rapidly developing the software without running analysis, but the gains in efficiency become exponential over the development lifecycle.
Lower Defect Rate
Static analysis helps you find and fix defects early, which can prevent the recurrence of systemic defects downstream. With a policy of early detection, you can more easily implement a policy of defect prevention, which reduces the rate of defects over the development lifecycle.
Automated static analysis is an effective feedback mechanism critical to successful DevOps and CI/CD process. These tools also generate the data that other departments need to access and collaborate effectively under the DevOps model. Especially when used with unit and regression testing, static analysis serves a few roles, including:
- Ensuring code quality
- Providing the big data required to improve the development process
- Facilitating the machinations of the DevOps automated feedback loop
As a result, static analysis becomes an agent for continuous, automated process improvement. It provides a way for developers to understand and examine an error detected during release, or for QA to determine if there is a way to harden code and eliminate the possibility of these defects to occur in the future.
Static Analysis Deployment Details
Thales was looking for a solution that would simplify configuring, deploying, and managing a standardized rule set across a team or department. Specific requirements included:
- All-in-one development testing capabilities
- Ability to extend configure their unique coding standards
- Ease of project setup
- Seamless integration into their development/testing environments
- Detection of runtime defects
Parasoft’s testing tools enabled Thales to efficiently and consistently apply a broad set of complementary defect prevention practices, which greatly improves productivity by helping developers eliminate problems when they are easiest and fastest to fix (and before they lead to additional defects). The architect can easily take the rules and settings designed for one code base and apply them to another code base— with any necessary adjustments and modifications for the new context. This is especially important when the developers work in diverse environments that use different technologies.
Being able to adjust a rule in a matter of seconds then immediately deploy it across all of the developers’ desktop installations allowed them to achieve a huge increase in productivity. Thales also achieved productivity gains by having detailed results reported directly in the developers’ work environment. The ability to click on a reported violation and learn how and why to fix the flagged code helped the team start writing lower-risk code as a matter of habit.
Static Analysis Results: 30% Fewer Defects
“One of the greatest advantages of Parasoft’s static analysis is that it taught our engineers how to become better developers” remarks Alessandro Orsi, the AVLS Systems Product Manager. “We are finding fewer and fewer defects in the code base because developers are learning how to write better Java code. As the developers grow comfortable with the existing rule set, the architects incrementally extend it to include more rules. As expected, this results in better code. It’s a cyclic process.”
“When we compare defect rates in the component before and after adopting Parasoft’s static
analysis, we find that we are now achieving 30% fewer defects,” Orsi continues. “If other suppliers would provide the type of support that we’ve had from Parasoft, the world would be perfect. The support we have received from Parasoft has been truly remarkable”.