Article

Static analysis tool helps software engineers find bugs during builds

Jennette Mullaney, Associate Editor

When Mentor Graphics Inc. decided to switch to an agile methodology, the company needed a source code analysis tool that fit its development methodology and its complex code base. Klocwork Insight, a static analysis

    Requires Free Membership to View

tool, provided the right services and conformed to agile principles.

Klocwork [Insight's] static analysis takes the runtime burden away from engineering and QA. It identifies potential software quality issues before [the code] gets built and propagated.
Kevin Pendleton
Director of quality and support systemsMentor Graphics Inc.

The tool handles Mentor Graphic's extensive amount of source code, including older legacy code and newer acquired code, said Kevin Pendleton, director of quality and support systems for Mentor Graphics. Integrating Klocwork at the engineering desktop level prevents bugs from getting into builds or the QA environment, he explained.

"Klocwork [Insight's] static analysis takes the runtime burden away from engineering and QA," Pendleton said. "It identifies potential software quality issues before [the code] gets built and propagated."

Engineers discover and correct bugs themselves
Mentor Graphics uses the database that Insight creates at each build "to refactor legacy code and to analyze acquired technology details of code, relationships, third-party components, and forward architecture," Pendleton said. Engineers are able to view their own code and correct mistakes on the spot, while the information is still fresh in their minds. According to Klocwork, this process "empowers" engineers.

Pendleton agrees with that claim. "Let's just say our first step was to integrate Klocwork builds at our mainline system build level -- that is after engineering makes their changes and we build a system or set of products," he said.

In that scenario, Klocwork captures the impact of changes, particularly how many of a certain class of defect was introduced.

"We can correct those," Pendleton said, "but it's already a little late." However, if engineers are able to see and fix their own code, they are able to preclude that defect from ever being seen by QA or customers.

More information on the benefits of static analysis
How static analysis can improve software security

Static Analysis as Part of the Code Review Process -- Chapter 3, Secure Programming with Static Analysis

Web application security testing basics

Before choosing Insight, Mentor Graphics had been using dynamic analysis "sporadically," Pendleton said. He found dynamic analysis "more intensive" to complete.

"Typically, it requires a different caliber of an engineer who can run through all aspects of a design flow exorcising code to get all the bugs," Pendleton said. "With static analysis, you don't have to do it at the runtime -- you do it at the build level. It's easier to adopt."

Transitioning to agile
Easy adoption was crucial in light of the fact that Mentor Graphics was switching to an agile methodology. Pendleton is impressed with Klocwork Insight's integration into an agile environment.

"From my perspective, it fits very well with an agile model," he said. "Part of an agile approach is to find errors early, thereby reducing downstream costs."

Mentor Graphics decided to employ the Scrum model, Pendleton said. "We don't just flip a switch," he said of the transition. "We have a mixed environment as we look to deploy Scrum across our enterprise."

Pendleton has "high hopes" for standardizing Klocwork Insight as part of an agile implementation. "I think it makes sense based on results we've seen -- it's absolutely in line with agile principles," he said.

The tool is easy to use and has increased the productivity of Mentor Graphic's engineers and the quality of their code, according to Pendleton.

"As we move forward with our agile implementation, I'm looking forward to seeing Klocwork be a required element of that process," he said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: