Polyspace Products for Desktops and Servers
Polyspace Bug Finder
Polyspace® Bug Finder™ identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software. Using static analysis, including semantic analysis, Polyspace Bug Finder analyzes software control, data flow, and interprocedural behavior. By highlighting defects as soon as they are detected, it lets you triage and fix bugs early in the development process.
Polyspace Bug Finder checks compliance with coding rule standards such as MISRA C™, MISRA C++, JSF++, CERT® C, CERT C++, and custom naming conventions. It generates reports consisting of bugs found, code-rule violations, and code quality metrics, including cyclomatic complexity. Polyspace Bug Finder can be used with the Eclipse™ IDE to analyze code on your desktop.
For automatically generated code, Polyspace results can be traced back to Simulink® models and dSPACE® TargetLink® blocks.
Support for industry standards is available through IEC Certification Kit (for ISO 26262 and IEC 61508) and DO Qualification Kit (for DO-178).
For desktop-specific workflows, see:
Install Polyspace Products on Desktop (Polyspace Bug Finder)
Set Up Bug Finder Analysis on Desktop (Polyspace Bug Finder)
Review Polyspace Bug Finder Results in Polyspace User Interface (Polyspace Bug Finder)
See also Differences Between Polyspace Bug Finder and Polyspace Code Prover.
Polyspace Code Prover
Polyspace Code Prover™ is a sound static analysis tool that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and other run-time errors in C and C++ source code. It produces results without requiring program execution, code instrumentation, or test cases. Polyspace Code Prover uses semantic analysis and abstract interpretation based on formal methods to verify software interprocedural, control, and data flow behavior. You can use it to verify handwritten code, generated code, or a combination of the two. Each code statement is color-coded to indicate whether it is free of run-time errors, proven to fail, unreachable, or unproven.
Polyspace Code Prover displays range information for variables and function return values, and can prove which variables exceed specified range limits. Code verification results can be used to track quality metrics and check conformance with your software quality objectives. Polyspace Code Prover can be used with the Eclipse IDE to verify code on your desktop.
Support for industry standards is available through IEC Certification Kit (for IEC 61508 and ISO 26262) and DO Qualification Kit (for DO-178).
For desktop-specific workflows, see:
Install Code Prover on Desktop (Polyspace Code Prover)
Set Up Code Prover Analysis on Desktop (Polyspace Code Prover)
Review Polyspace Code Prover Results in Polyspace User Interface (Polyspace Code Prover)
See also Differences Between Polyspace Bug Finder and Polyspace Code Prover.
Polyspace Bug Finder Server
Polyspace Bug Finder Server™ is a static analysis engine that identifies common classes of bugs in C and C++, including run-time errors, concurrency issues, and other coding defects. Polyspace Bug Finder Server also checks source code for adherence to coding rules (MISRA C, MISRA C++, JSF++), security rules (CWE, CERT-C, CERT-C++, ISO/IEC 17961), and custom rules.
With Polyspace Bug Finder Server you can monitor code metrics including cyclomatic complexity and HIS metrics at the project, file, and function levels. You can configure the server for use with various compilers, target processors, and RTOS environments, and automate execution with continuous integration systems using tools such as Jenkins. Code analysis results can be published to Polyspace Bug Finder Access™ for triage and resolution.
Support for industry standards is available through IEC Certification Kit IEC Certification Kit (for IEC 61508 and ISO 26262) and DO Qualification Kit (for DO-178).
For server-specific workflows, see:
Install Polyspace Bug Finder Server (Polyspace Bug Finder)
Set Up Bug Finder Analysis on Servers During Continuous Integration (Polyspace Bug Finder)
Polyspace Code Prover Server
Polyspace Code Prover Server is a sound static analysis engine that proves the absence of overflow, divide-by-zero, out-of-bounds, array access, and certain other run-time errors in C and C++ code. It performs interprocedural analysis of all possible control and data flows, including multi-threaded code, to identify each operation as always safe, always faulty, unreachable, or vulnerable. Polyspace Code Prover Server identifies code segments that are free of run-time errors, proven to fail, unreachable, or unproven.
Polyspace Code Prover Server can run on a server-class machine and can be integrated into build and continuous integration systems for automated verification using tools such as Jenkins. The analysis results can be published to Polyspace Code Prover Access for triage and resolution.
Support for industry standards is available through IEC Certification Kit (for IEC 61508 and ISO 26262) and DO Qualification Kit (for DO-178).
For server-specific workflows, see:
Install Polyspace Code Prover Server (Polyspace Code Prover)
Set Up Code Prover Analysis on Servers During Continuous Integration (Polyspace Code Prover)
Polyspace Access
Polyspace Access enables software engineering teams to check their code quality throughout the software development life cycle. It includes Polyspace as You Code, an IDE plugin that lets developers detect code compliance deviation, software defects, and security vulnerabilities before submitting the code for integration. It also provides access to a web interface for reviewing static code analysis results of integrated source code, produced by Polyspace Bug Finder Server and Polyspace Code Prover Server.
Polyspace as You Code detects critical defects and security vulnerabilities and checks for code compliance with coding rule standards such as MISRA C, MISRA™ C++, AUTOSAR C++14, CERT C, CERT C++, as well as custom naming conventions. Integrated as a plugin into the developer's IDE such as Visual Studio®, Visual Studio Code, or Eclipse, it reports the findings within the source code view. And when connected to the Polyspace Access central repository, it can highlight only new issues added by the developer compared to the development baseline.
The web interface lets developers and QEs collaborate across projects on static code analysis results. From project dashboard to finding details, team members can monitor quality trends and analyze, review, and assign software vulnerabilities, code metrics, critical run-time errors, and adherence to coding standards. The integration with project management tools such as JIRA enables team-based collaboration on code quality. Polyspace Access includes a central repository, hosted on-premises or cloud-based, that integrates with authentication systems such as LDAP to control access to project data.
For web-browser-specific workflows, see:
Install Polyspace Access for Web Reviews (Polyspace Bug Finder) or Install Polyspace Access for Web Reviews (Polyspace Code Prover)
Review Polyspace Bug Finder Results in Web Browser (Polyspace Bug Finder) or Review Polyspace Code Prover Results in Web Browser (Polyspace Code Prover)
For IDE-specific workflows, see:
Install Polyspace Products in IDEs (Polyspace Bug Finder)
Set Up Polyspace Analysis in IDEs (Polyspace Bug Finder)
Review Polyspace as You Code Results in IDEs (Polyspace Bug Finder)