Accelerating the pace of engineering and science

Polyspace Bug Finder

Key Features

  • Detection of run-time errors,concurrency issues, security vulnerabilities, and other defects
  • Fast analysis of large code bases, with defects highlighted as soon as detected
  • Compliance checking for MISRA-C:2004, MISRA-C++:2008, MISRA C:2012, JSF++, and custom naming conventions
  • Cyclomatic complexity and other code metrics
  • Eclipse™ integration
  • Traceability of code verification results to Simulink® models
  • Bug detection with low false-positive results
Static analysis results displayed by Polyspace Bug Finder.
Static analysis results displayed by Polyspace Bug Finder.

Identifying Software Defects and Security Vulnerabilities with
Static Analysis

Polyspace Bug Finder supports critical activities in a software development workflow, including:

With Polyspace Bug Finder, you can set up a project and perform static code analysis:

  • Set up a project to mimic your embedded target and compiler
  • Find various categories of defects such data flow, memory, and concurrency issues, and find security vulnerabilities such as tainted data
  • Check code for compliance with MISRA-C:2004, MISRA AC AGC, MISRA-C++:2008, MISRA C:2012, JSF++ (Joint Strike Fighter Air Vehicle C++) standards, or custom naming conventions
  • Produce reports or visualize static code analysis and code compliance results
  • Review cause of defects to determine how to triage and fix identified defects
  • Trace code defects to Simulink blocks or IBM® Rational® Rhapsody® models
  • Upload static analysis results to a web dashboard to monitor software quality trends
Identify defects and check compliance to MISRA or JSF++.
Configuring a project in Polyspace to identify defects and check compliance to MISRA or JSF++.

Polyspace Bug Finder works with Polyspace Code Prover™ to prove the absence of safety-critical run-time errors, such as divide-by-zero or security-critical buffer overflow, in your source code. These products together offer an end-to-end static analysis capability for early-stage development use, which spans bug-finding, code rules checking, and proof. This capability ensures the reliability of embedded software while optimizing cost and shortening the duration of testing.

Verifying Compliance with Coding Standards (MISRA, JSF, Naming Conventions)

Polyspace Bug Finder uses semantic analysis to precisely detect MISRA-C:2004, MISRA-C++:2008, MISRA C:2012, MISRA AC AGC, and JSF++ violations. You can also use Polyspace Bug Finder to enforce the custom naming coding rule to improve the readability and maintainability of your code. Furthermore, you can detect security violations in order to comply with security guidelines such as CERT C or CWE.

You can configure Polyspace Bug Finder to focus on all the rules of the standard, or only the rules required by the standard. You can also individually select the rules you want to enforce. In addition, you can define your own configuration to ensure that the same coding rules are enforced within your team.

You can fix rule violations by tracing them to your source code editor, or you can justify the coding rule violations for the purpose of documentation or code comments. The Polyspace Bug Finder interface lets you focus on differences from the previous analysis to avoid reviewing the same violation twice. To track results over time, you can export coding rules analysis results to a web dashboard.

Reducing Test Cycles by Fixing Bugs Early

Polyspace Bug Finder detects a variety of defects such as numerical, static memory, dynamic memory, concurrency, and security vulnerabilities. You can identify defects without the cost of writing test cases. In one single analysis, you can identify most of the defects in your code. This is particularly important for defects, such as concurrency issues, that are extremely difficult to catch with test cases because of the undeterminstic nature of such issues.

Defects are highlighted in the source code, with traceback information to help you identify the cause and source of the defect. This further reduces the cost of tracking down defects during the debugging and fixing phases of your test cycle.

The straightforward workflow enables developers and quality engineers to classify and triage defects. For each defect detected, Polyspace Bug Finder provides detailed information on what caused the defect. For example, in situations where an integer overflow occurs, Polyspace Bug Finder traces all line numbers in the code that lead to the overflow condition. Software developers can use this information to determine how best to fix the code. Quality engineers can use this information to classify the defect for further action. For example, a quality engineer can mark a defect for further investigation or indicate that the defect is low priority.

An overflow condition identified in Polyspace Bug Finder.
An overflow condition identified in Polyspace Bug Finder.

Verifying Compliance with Coding Standards (MISRA, JSF,
Naming Conventions)

Polyspace Bug Finder supports the detection of MISRA-C:2004, MISRA-C++:2008, MISRA C:2012, MISRA AC AGC, JSF++, and custom naming coding-rule violations. You can use Polyspace Bug Finder to enforce coding rules to improve the readability and quality of your code. You can configure Polyspace Bug Finder to focus on all the rules of the standard, or only the rules required by the standard. You can also individually select the rules you want to enforce. In addition, you can define your own configuration to ensure that the same coding rules are enforced within your team.

You can fix rule violations by tracing them to your source code editor, or you can justify the coding rule violations for the purpose of documentation or code comments. The Polyspace Bug Finder interface lets you focus on differences from the previous analysis to avoid reviewing the same violation twice. To track results over time, you can export coding rules analysis results to a web dashboard.

Checking MISRA Code Rule Compliance with Polyspace Products
Check code for compliance to MISRA C® rules, identify and fix violations, and generate a report for documentation.

Identifying a MISRA violation.
Identifying a MISRA violation.

Producing Code Metrics and Monitoring Software Quality

Polyspace Bug Finder generates project-level, file-level, and function-level metrics to evaluate the complexity of code. Polyspace Bug Finder supports the generation of Hersteller Initiative Software (HIS) metrics, which can be exported to a web dashboard. Code complexity metrics include:

You can define a centralized quality model to track defects, code complexity, and coding rules violations. Using these metrics, you can track your progress toward predefined software quality objectives as your code evolves. By measuring the rate of improvement in code quality, Polyspace Bug Finder enables developers, testers, and project managers to target and deliver high-quality code.

Software quality metrics displayed via web browser.
Software quality metrics displayed via a web browser.

Tracing Code Analysis Results to Simulink Models

You can use Polyspace Bug Finder to analyze generated code or mixed code, which contains both generated and handwritten code. Code-level defect results in the automatically generated code can be traced back to the model in Simulink. You can identify which parts of the model are reliable, and then correct design problems that cause errors in the code. You can also identify potential integration problems between generated and handwritten code. For example, the mixing of handwritten, low-level code with generated code might result in a problem where incorrect ranges of signals in the interface cause a run-time error. The detailed data flow and control flow information helps you to identify and trace the defect back either to the handwritten code or to the model.

Polyspace Bug Finder also supports tracing results to dSPACE® TargetLink® blocks and IBM Rational Rhapsody models.

Tracing MISRA violations to the Simulink model.
Tracing MISRA violations to the Simulink model.

Creating Certification Artifacts

You can use Polyspace Bug Finder and Polyspace Code Prover with IEC Certification Kit
(for ISO 26262 and IEC 61508)
and DO Qualification Kit (for DO-178B) in the certification process for projects based on these industry standards.

Reports and artifacts show the final quality of the code, highlight sections that have been reviewed, generate code metrics, and document the application of coding rules and run-time error status. You can create these reports in formats such as PDF, HTML, RTF, and others.

DO Qualification Kit contents.
Certification and qualification kits are available.

Il Model-Based Design per DO-178 con i Tool Qualification Kits

View webinar