15 June 2016
Development TestingDevelopment Testing enables to find defects earlier in the process when it is much faster and less expensive to fix them. It reduces the risk of costly software failures, security problems and accelerates time to market as well as enhances customer satisfaction. Development testing consists of static code analysis, unit testing and code coverage.
The early testing complements traditional testing and transforms software testing into a proactive process.
According to Gerald Holzmann´s Power of Ten rules, static analysis tools should be used proactively throughout the development process. Static analysis and dynamic testing complement each other. However dynamic testing is only as good as the test cases. Because of this a great deal of effort must go into writing or generating test cases.
Save Time and Costs
Static analysis examines all paths, considers conditions and program states without writing test cases and so reduces substantially the cost of testing. Another strength of the static code analysis is that it can be deployed as soon as the code compiles. Hereby the analysis can find flaws before the program is even complete. Employing static analysis during the early development phase is less expensive and more efficient than writing a test case or debugging a crash.
The included software visualization features show the structural properties of the inspected software at a number of levels of detail. Hereby CodeSonar increases the efficiency of traditional testing.
The usage of CodeSonar´s advanced static analysis engine enables a deeper analysis than what can be achieved with dynamic testing alone, which can only use real inputs and concrete values.
As opposed to this CodeSonar uses symbolic inputs and abstract values. Since each abstract value represents a wide range of possible concrete values, CodeSonar can take into account many possible program states simultaneously.
Adopting advanced static analysis with CodeSonar allows to find serious bugs such as race conditions, buffer overruns, resource leaks and null pointer dereferences. The tool also highlights contradictions or inconsistencies in the code, such as unreachable code, useless assignments, and redundant conditions which often correlate well with bugs.
Protect Your Product and Reputation
A deeper analysis increases your confidence, reduces risks, prevents software failures and protects your products and reputation. Simultaneously increases the efficiency of your engineers´, the finding bugs and vulnerabilities early in the development process.
CodeSonar 4 for Embedded Systems
CodeSonar for C/C++ (PDF, 1.5 MB)
CodeSonar for Java (PDF, 1.1 MB)
Automate the Verification of Your Code
CodeSonar for Java
Compliant to standards
CWE- and BSI-regulations
"Power of Ten" and JPL-regulations
How Static Code Analysis works