DoubleCheck Integrated Static Analyzer

Coping with complexity

Code complexity has become the most significant challenge
to meeting time-to-market and reliability demands for soft-
ware. When it comes to ensuring quality, reliability, safety,
and security in today’s sophisticated code bases, traditional
debugging and testing methods simply fall short.
Automated tools such as static source code analyzers are
more effective in finding a class of defects—such as those
that could result in buffer overflows, resource leaks, and
other security and reliability problems—not detected by
compilers during standard builds and often undetected
during run-time testing or typical field operation.

An integrated code analyzer

While other source code analyzers run as separate tools,
DoubleCheck™ is an integrated static analyzer, built into
the Green Hills C/C++ compiler. DoubleCheck leverages
accurate and efficient analysis algorithms that have been
tuned and field-proven in 30+ years of producing embedded
development tools. DoubleCheck can be used as a single Simply set an option and DoubleCheck reviews source code
integrated tool to perform compilation and defect analysis each time it’s compiled. DoubleCheck runs much faster
than traditional static analysis tools, so developers can have
in the same pass.
it on all the time.
A typical compiler issues warnings and errors for some basic
potential code problems, such as violations of the language The analyzer understands the behavior of many stan-
standard or use of implementation-defined constructs. In dard runtime library functions. For example it knows that
contrast, DoubleCheck performs a full program analysis, subroutines like free should be passed pointers to memory
finding bugs caused by complex interactions between pieces allocated by subroutines like malloc. The analyzer uses this
of code that may not even be in the same source file. information to detect errors in code that calls or uses the
result of a call to these functions.
DoubleCheck determines potential execution paths through
code, including paths into and across subroutine calls, and
how the values of program objects (such as standalone
Automating code standards
variables or fields within aggregates) could change across Many software development organizations employ an
these paths. internal coding standard which governs programming prac-
tices to help ensure quality, maintainability, and reliability.
DoubleCheck looks for many types of flaws, including:
DoubleCheck can automate the enforcement of these coding
▲▲ Potential NULL pointer dereferences standards.
▲▲ Access beyond an allocated area (also known as buffer For example, DoubleCheck has a Green Hills Mode that
overflow) adds a number of sensible quality controls to its bug-finding
▲▲ Potential writes to read-only memory mission, including a number of MISRA compliance checks,
enforcement of optional but important language standards,
▲▲ Reads of potentially uninitialized objects and more.
▲▲ Resource leaks (e.g. memory leaks and file descriptor
Metric computations and enforcement of other coding rules
leaks)
do not incur significant overhead since DoubleCheck is
▲▲ Use of memory that has already been deallocated already traversing the code tree to find bugs. DoubleCheck
▲▲ Out of scope memory usage (e.g. returning the address of can be configured to generate a build error that highlights
an automatic variable from a subroutine) problem code to keep developers from accidentally submit-
ting software that violates the coding rule. Using
▲▲ Failure to set a return value from a subroutine DoubleCheck as an automated software quality control
▲▲ Buffer and array underflows saves the time and frustration typically associated with
peer reviews.
DoubleCheck Static Analysis Tool
Analysis output
DoubleCheck is capable of emitting errors as part of the
build process as well as generating an intuitive set of web
pages, powered by an integrated web server. Users can
browse high level summaries of the different flaws found
by the analyzer and then click on hyperlinks to investigate
specific problems. Within a specific problem display,
DoubleCheck highlights the errors with the surrounding
code, making it easy to understand. Function names and
other objects are hyperlinked for convenient browsing of the
source code. Since the web pages are running under a web
server, the results can easily be shared and browsed by any
member of the development team.

Higher-performance code analysis

Unlike other analyzers used sporadically as testing tools,
DoubleCheck is fast enough to be used by all developers, all
the time. DoubleCheck executes five times faster than other
commercial analyzers. This advantage increases to a factor
of 20 or more when DoubleCheck’s distributed build engine
is used to automatically parallelize the analysis across avail-
able workstation resources on the developers’ network.
DoubleCheck lowers development costs by identifying
Additionally, DoubleCheck uses sophisticated subroutine- problems in your code even before you run it on your hard-
level dependency checking. With other analyzers, a simple ware or simulator.
change to a single source file results in a lengthy re-analysis.
With DoubleCheck, analysis time is limited to parts of the aerospace projects to cost $33 per line of commercial Linux
code base affected by the edit, enusing that DoubleCheck code. Other studies that estimate how development time
can be used throughout the development cycle. is spent concur that more than half of software develop-
ment time is spent debugging—identifying and correcting
Resolve problems sooner software defects.
DoubleCheck reduces development cost by enabling Most development teams would agree that the cost of
engineers to detect and resolve problems more efficiently identifying and correcting defects grows dramatically as the
and earlier in the development cycle. By reducing develop- development cycle progresses. Some studies have shown
ment time, products reach market faster and stay in market that the time to fix a bug grows from an average of 2-3
longer, translating into higher sales and profits. By increas- hours during the coding phase to 16-18 hours to uncover
ing product quality, DoubleCheck reduces post-sales costs defects during post-integration quality assurance testing.
such as product failures, recalls, and in-field maintenance.
Furthermore, increased quality improves market positioning When a defect is identified using static analysis, the most
and reputation, enabling organizations to command higher expensive part of defect resolution– tracking down the bug–
prices which filter directly to the bottom line. is reduced to a negligible amount: the tool automatically
locates defects and elucidates the offending code sequence
Many studies have attempted to estimate the cost to leading to the failure. As software grows in complexity,
produce and deliver software to market. The findings have integrated static analyzers represent a powerful and cost
ranged from from $1000 per line of code for government effective tool to help manage and control that complexity.

30 West Sola Street s Santa Barbara, CA 93101 s ph. 805.965.6044 s www.ghs.com s [email protected]
Green Hills, the Green Hills logo, MULTI, and DoubleCheck are trademarks or registered trademarks of Green Hills Software in the US and/or internationally.
All other trademarks (registered or otherwise) are the property of their respective companies. © 2015 Green Hills Software. v0915