In a rush to meet in-house or contract deadlines and lacking any mid-process analysis procedure, many software developers test applications for defects before they go to production, when 90 percent of the code is written.
IBM Rational Software Analyzer, which officially debuted in the summer but has been available to IBM customers since 2006, scans software code for quality and defects before the application is built. The company claims the product can reduce bugs by as much as 20 percent.
Initially used internally to identify software defects earlier than the quality-assurance and testing phases, the solution then was integrated into IBM Rational Application Developer and IBM Rational Software Architect as the static quality-analysis component. When customers demanded improved quality analysis for the IBM solutions they were purchasing, the company broke out Rational Software Analyzer as its own product for the commercial market.
Developers in the auto, airline, financial, insurance and government sectors use the product. Some check for specific issues unique to their programming environment.
“IBM Rational Software Analyzer was created in response to several drivers,” said Scott Nordstrom, senior product manager for IBM. “Externally, we saw clients struggling with the adoption of tooling/process for code-level quality assurance and program understanding. Internally, development teams in IBM were handcrafting custom static analysis solutions.”
These efforts overlapped in functionality enough that in 2004, concentrated cross-departmental development seemed to be in order.
IBM Rational Software Analyzer provides a common platform for code-level analysis. Adopters can create custom rules or rely on out-of-the-box analyses, including 638 Java and 163 C/CPP rules, as well as rules for code quality, best practices, metrics and architectural discovery.
Similar to how an editor works to ensure news stories are understandable and cohesive, IBM Rational Software Analyzer automatically scans each line of code up to 700 times — essentially “grammar-checking” it before it goes into production, Nordstrom said.
“Your typical programmer devotes 20 percent of his time to code conceptualization and implementation, while devoting the remaining 80 percent to debugging,” he explained.
Given the salary levels of experienced programmers, employers can hardly tolerate such inefficiency — especially in today’s economy.
But the alternative — a homegrown or purchased analysis tool that is comprehensive enough to anticipate potential coding flaws — is not a feasible option. For IBM, it has required significant research and in-depth evaluation of code bases.
Rational Software Analyzer’s developers continue to keep an eye and ear on the market, though, watching for new code bases and languages, and listening to calls for greater universal functionality.
“Given the incredible diversity of programming environments and domain-specific application concerns in the industry today, it is not reasonable to expect an analysis tool to come ready out-of-the-box to find every potential flaw,” Nordstrom said.
For this reason, Rational Software Analyzer enables rule authorship and an extensible framework. New rules can be created via templates in the tool or through the Rational Software Analyzer API. The open architecture of the platform also allows customers with complex needs to add new types of analysis or support for a new language.
Kelly Shermach is a freelance writer based in Chicago, who frequently writes about technology and data security. She can be reached at editor (at) certmag (dot) com.