Accelerating Goanna Static Analysis in an Agile World
November 10, 2010 – Dr. Ralf Huuck, Red Lizard Software
For any agile software development environment where there can be a large number of product builds per day, it is extremely important to have scalable tools for fast and deep source code analysis to find bugs, security vulnerabilities and code deficiencies as soon as possible.
This article highlight some of the key motivations and decisions taken by Red Lizard Software to deliver true grid-computing performance for its flagship static analysis product Goanna Studio by integrating it tightly with Xoreax’s IncrediBuild solution. In particular, we describe the implementation process and the increased value from Xoreax’s solution.
- The Challenge
- The Alternatives
- The Solution
- About Red Lizard Software
- About the Author
As the software development landscape is shifting towards agile development and continuous integration, often involving many product builds per day, application lifecycle tools have to change as well to keep up with the rapid development cycles and deliver maximum value to the user.
One of the core application lifecycle tools for software developers is static source code analysis. Static analysis as provided by Red Lizard Software in their Goanna Studio and Goanna Central products scan C/C++ source code automatically at compile-time for often hard to find and serious bugs such as buffer overruns, memory leaks and potential crashes.
While Goanna Studio is one of the fastest and most precise static analysis tools in the market today it can still require some time for analyzing millions of lines of code in one go. Time that is often scarce in an agile development environment. That is why Red Lizard Software set itself three goals when evaluating IncrediBuild:
- Deliver optimal value to customers by minimizing C/C++ source code analysis time
- Tightly integrate into Visual Studio to minimize process changes and enable easy adoption
- Use current Goanna Studio features and functionality while delivering superior performance
There are a number for alternatives for speeding up source code analysis. The obvious one is to reduce the depth and precision of the analysis, which however is contrary to the goals Red Lizard Software set itself in the first place.
Another alternative is to require customers to invest in high-performance equipment such as many-core severs. But this also contradicts our goals and current achievements of on the one hand running virtually on any piece of hardware that is commonly used by software developers and on the other hand requiring little changes to existing setups.
The third alternative would have been to develop some grid-computing functionality ourselves. While the team had the technical capabilities to do so, it did not make sense from a commercial viewpoint and would have significantly delayed other more pressing tasks.
We investigated a number of distributed build environments and came up with IncrediBuild as our first choice, because of their track record, their immediate availability and the ease of extensibility. The download, manuals and installation procedure was smooth and required little learning.
Technical Challenge and Implementation
The technical challenges to address our primary goals was to keep the existing usage and processes of Goanna Studio and making the integration as seamless as possible. This required to “spawn” the Goanna Studio backend analysis engine on different instances across the network and at the same time keep our own internal analysis database consistent across the network instances.
To address the first issue we used IncrediBuild’s XGE Interfaces Extension Package. This enabled us to run our own analysis engine piggybacking on IncrediBuild’s infrastructure. The implementation was straightforward and a prototype was ready in a few days.
The second issue of having a consistent and updated internal database across the different network instances for each analysis run has been more challenging. The key idea has been to create local data bases that get passed on and updated on every network instance for the parallel analysis and then having a post-analysis step merging and synchronizing the local databases back into the main internal data base. This creates little overhead at the end of every run and the resulting solution outperforms any sequential analysis by miles.
The resulting implementation fully integrates the IncrediBuild technology with our Goanna static analysis product. It works with a wide variety of different hardware including serves, notebooks and even virtual machines making it easy to scale in a heterogeneous environment.
We discovered an almost linear speed-up with the number of IncrediBuild clients and observed only marginal overheads from network latencies and our database post-run synchronization. A typical runtime speed-up is shown in the included chart.
The seamless integration of IncrediBuild into Goanna Studio enables us to deliver maximum value to our customers. In fact, for existing IncrediBuild customers Goanna Studio is a double-click installation, delivering our full product features plus enabling grid-computing support with a simple mouse click.
IncrediBuild’s open and transparent interface helped us to leverage on grid-computing power without the overhead to develop a proprietary solution. Instead it opened up a much more cost-effective and proven route.
By working with Xoreax and including an IncrediBuild option in our product portfolio we were able to meet customer demands to full satisfaction keeping Goanna Studio at the forefront of professional C/C++ software analysis in agile development houses.
About Red Lizard Software
Red Lizard Software is the leading provider of integrated C/C++ source code analysis tools for mission-critical industries. Being the first company to combine the automated technologies of static analysis and model checking Red Lizard Software’s goal is to bring higher quality software to market faster.
Red Lizard Software’s flagship products Goanna Studio and Goanna Central detect software bugs automatically, save software development and debugging time, and prevent the potential waste of millions of dollars during product development.
Red Lizard Software originated at NICTA, Australia’s ICT Research Centre of Excellence. For more information, please visit redlizards.com.
About the Author
Dr Ralf Huuck is the CTO and co-founder of Red Lizard Software. Prior to his current position Dr Huuck has been leading the R&D efforts underpinning the Goanna technology at NICTA, Australia.
With a background in scientific research he build a reputation for tackling real-life problems for more than 15 years. Dr Huuck has been working in several leading positions in Germany, France, Australia, Japan and Hong Kong. He is a published author in more than 30 scientific proceedings and has been a speaker at dozens of international conferences.