The analysis output from our parsing engine tools is high resolution and high-fidelity. This is evidenced by the high quantity of individual coding checks we perform, resulting in over 1,500 specific granular messages each for QA·C and QA·C++.
Many people think that testing to find bugs is the only way to ensure quality code. That’s simply not true. Our tools are designed for continuous code inspection, to be deployed on the developers’ desktops and to be used at the earliest possible stage in the development process – when the code is being created. There is compelling evidence that the cost of fixing issues increases rapidly in the later stages of the development / product lifecycle.
This attention to detail is crucial, providing precise information to developers enables them to more quickly identify the root cause of an issue and implement a solution. We have also invested heavily in providing an extensive help facility, and our customers frequently comment that this help text is like having an expert on the developer’s shoulder.
Noise, or the number of false positives, is one of the critical considerations in relation to static analysis tools. Identifying and eliminating false positives costs developers time and money. And perhaps more significantly, the credibility of the overall tool can be severely eroded if developers perceive themselves to be chasing false positives and pedantic irrelevancies rather focusing on genuine issues.
The converse of false positives – false negatives, or the failure to generate messages for genuine conditions – is equally dangerous and potentially damaging.
Behind the scale and precision of our parsing engines and analysis capabilities, is our expertise and deep understanding of coding languages and coding standards. We have contributed our own standards to the development community, and we are prominent members of the MISRA C and C++ working groups, co-authors of MISRA C and MISRA C++ standards and voting members of ISO C++ working group. We have also published our own coding standard HIC++, which is used on more projects than MISRA C++ and JSF AV C++ combined (see VDC research).
It comes as no surprise that our tools perform so well – they are created by the same experts who understand the deep intricacies of coding languages and create coding standards.