G3 Achieves Software Quality Goals With Static Code Analysis Solution

The Challenge

G3’s exceptionally high software quality standards require a static code analyzer tool capable of thoroughly and efficiently analyzing code. With an expanding development team and growing code bases—one codebase exceeding 11 million lines of code—G3 required an automated, scalable static analysis tool capable of helping them find and fix defects at the earliest possible stage.

Static analysis is an important part of G3’s software quality policy because it enables the company to catch defects as early in the development lifecycle as possible and prevent downstream costs associated with late-stage bug detection. Static analysis eases the burden on testers because it enables developers to find and fix defects before they hit QA. More importantly, a high-caliber static analysis tool prevents bugs from entering the production pipeline. This helps G3 avoid costly patch releases, which can damage the business’s reputation and load development and testing teams with the additional work of verifying the patch.

The Approach

G3 was looking for a new static analysis solution. Their previous static analysis vendor appeared to be more interested in narrowing their focus away from overall software quality and toward a hyperfocus on cybersecurity. G3 wanted a static analysis partner open to working with them on implementing enhancements to help G3 achieve their software quality goals, and the prior partner seemed reluctant to work with G3 on improving the quality aspects of their tool. After evaluating several commercial static analysis vendors, G3 chose Parasoft.

The Results

A High Standard of Quality at G3

G3’s exceptionally high software quality standards require a static analysis tool capable of thoroughly and efficiently analyzing code. With an expanding development team and growing code bases (one codebase exceeding 11 million lines of code), G3 required an automated, scalable static analysis tool capable of helping them find and fix defects at the earliest possible stage. G3’s proactive approach to catching as many bugs as possible early on enables the company to quickly deliver the high-quality software their customers have come to expect.

Because G3 writes much of its software in C++, finding a static analysis tool that could properly analyze its code was even more daunting. C++ enables developers to achieve the highest levels of performance compared to other high-level languages. The trade-off, however, is that more rigorous code analysis and meticulous attention to design are needed to avoid stability- and security-related bugs.

Parasoft’s C/C++test stood out due to its ability to analyze their complex C++ code. After deploying static analysis tools from Parasoft, G3 immediately noticed an uptick in the software stability of several of their software applications. The number of software crashes during the development phase, for instance, were greatly reduced, indicating that Parasoft was helping G3 eliminate lengthy debugging efforts. As a result, G3 could continue delivering high-quality software while meeting their schedules.

Within the first 6 months of deploying Parasoft static analysis tools, G3 addressed approximately 50,000 violations, some of which were critical bugs like type conversion issues, unused variables, and null pointer dereferences.

Andrew Park, VP Engineering at G3, understood that the costs associated with availability defects slipping into production could be extremely damaging to the company’s reputation for delivering near bug-free software releases. In Park’s words,

“Developing, testing, and deploying patches to operational systems usually involves much higher costs than doing it right the first time… Parasoft is one of our key partners in ensuring we do it right the first time. We are employing 1083 Parasoft rules within our Continuous Integration processes and don’t allow software to hit production systems until all Parasoft defects are addressed.”

Customizing Static Analysis Rules

G3 also needed the ability to customize static analysis rules in order to meet their specific needs. Rather than following a single out-of the-box coding standard, G3 uses a range of standards and custom checkers to implement their coding policy. Many of the solutions on the market are narrowly focused on specific aspects of the code, such as cybersecurity, but G3 was looking for a static analysis solution with the ability to focus on security and overall software quality. Parasoft enabled G3 to easily map static analysis rules to their internal coding standards, resulting in a very thorough static analysis solution specific to G3’s code.

A Collaborative Technology Partner

Finally, G3 was looking for more than just a vendor — they were looking for a partner that could work with G3 for the foreseeable future. Their previous vendor was unreceptive to working with G3 to improve their static analysis solution. But G3 recognizes that collaborating with a static analysis tool provider on enhancements not only helps G3 more effectively analyze code, it also ensures that the vendor is available to help G3 deliver high-quality product long into the future.

A collaborative culture and commitment to helping G3 achieve its software quality goals was one of their must-haves, and G3 found both of these characteristics with Parasoft. As Park,
explained:

“Although Parasoft is clearly top-tier, their staff displayed a genuine hunger to hear from us how they could improve upon their product. Their company culture was exactly what I was looking for in a partner.”

Parasoft’s thorough documentation is meanwhile raising the overall acumen of the development team at G3. Their ability to view the static analysis violations within a single view has helped improve the coding abilities of even experienced staff.

With Parasoft, G3 is able to find and fix difficult-to-find defects early in the development lifecycle, reduce the number of crashes in production to zero, and improve the overall coding style of their development team.