A Reviewer's Guide to Code Integrity

Background Information

MKS Code Integrity 1.3: Understanding your source code investment

Why Source Code Analysis?

Many organizations today have a significant, yet poorly understood investment in software solutions. Code is written to solve problems, but too often there is little sense of how those solutions will transfer into the future or to new platforms, or how they will affect existing IT structures or implementations.

In his book, "Decline & Fall of the American Programmer," Edward Yourdon cites a study by AT&T Bell Labs that states "that nearly 40 per cent of the errors in a large group of C programs were module interface errors." Yourdon points out that discoveries like these highlight the need for better training, better tools, better languages or other improvements in the software development environment. It is also commonly recognized in the software industry that between 70 and 80 percent of software development costs are devoted to maintenance (Bertrand Meyer, 1990)

Another strong issue pointing to the need for source code analysis and the need for portability tools is the area of 16 to 32 to 64 bit environments. As time has shown us, the bit size and architecture of new technology remains unpredictable. Developers of current and future software solutions need to take this unpredictability into account, through attention to portability of code and by understanding the architecture and system dependencies inherent to the software solutions they develop.

MKS Code Integrity 1.3

MKS Code Integrity is a C source code analysis tool that dramatically reduces your development cycle by helping you to create effective, portable and standardized code. It cuts across all levels in the development process, providing useful, practical information to developers, development managers and quality assurance professionals.

MKS Code Integrity addresses the tedious aspects of software development (debugging, verifying, troubleshooting) and transfers these tasks into an automated tool, so that developers can concentrate their efforts on the creative side of code development. In addition, MKS Code Integrity provides the critical information organizations need to understand portability issues and your source code's system and IT architecture dependencies.

Implementing quality assurance programs (such as ISO 9000) means that organizations need a clear understanding of their software development process. For instance, a company may have a key programmer leave. If that programmer has written non-conforming code, the company then must spend a great deal of time and effort unraveling this individual's work. If the programmer used MKS Code Integrity to assist in developing code, the process behind that person's development would be clearly understood, easily maintained, and easily passed on to a new developer.

How is MKS Code Integrity Being Used?

MKS Code Integrity is used by a broad range of organizations in the software development community including:

ISVs
Fortune 1000 companies
Government Agencies
Operating System Manufacturers

The product is quickly demonstrating its value to end users. ISVs and OEMs use it to assess porting efforts and as an ambassador to encourage ports to new platforms. Government agencies and other companies use Code Integrity as a tool to help companies ensure the correct use of international standards (i.e. POSIX, XPG4, Single UNIX Specification). And MKS Code Integrity is helping Fortune 1000s follow established coding policy, effectively propagate creative coding solutions, and understand the implications of code dependencies on specific systems and IT architectures.

MKS Integrity Family

MKS Code Integrity is the second product in MKS's Integrity product line. The cornerstone of this line is MKS Source Integrity a comprehensive software project and configuration management tool. Together, MKS Code Integrity and MKS Source Integrity provide application developers and managers with a cross-platform, comprehensive solution for software development management.

Code Integrity 1.3: Summary of Features

Out of the Box Standards

MKS Code Integrity gives you easy access to leading international open systems standards such as ANSI C, POSIX.2, XPG4, Spec 1170, Motif...and more.

Code Analysis Engine

The Code Integrity analysis engine is the heart of the product. It examines source code files according to the rules specified in the API database.

API Database

MKS Code Integrity has an extensive and extensible API Database of all the standard API descriptions and a custom database that will hold any user-defined descriptions. (Approximately 42,000 elements are contained in this database).

Graphical User Interface

MKS Code Integrity's graphical user interface makes the product easy to learn and use. Within an hour you can be actively using the tool. Information is organized into four main windows. These are:

Summary Report Window - displays summary of problems and warnings; lets you view graphs on API usage, file statistics and metrics.
Event Browser - lists problems identified by MKS Code Integrity; displays expanded text for the selected problem and an editing field for detailed code examination
API Info Tool - allows you to look up information on API use in the analyzed source. If the selection is part of a standard, the reference to the appropriate standard is listed. If selection is locally defined in the source code, the file in which the API definition occurred is displayed.
Help Tool - displays information about MKS Code Integrity. The Help file can be extended to include information on your own APIs. Contains interface to UNIX man command.

Reporting/Graphing Capabilities and Filtering Mechanism

Developers can use MKS Code Integrity's filtering mechanism to filter out recurring coding problems or minor "irritations" so that they can concentrate on the larger, harder to fix problems. Managers can use MKS Code Integrity's reporting features to gain a birds-eye view of the development effort, looking at software metrics, overall API and standards use, line count and length.

Target Users for MKS Code Integrity

ISVs

Independent software vendors will find MKS Code Integrity a valuable tool for assessing a port to new platforms, or ensuring that software can be carried forward to future incarnations of platforms with minimal difficulty. ISVs may also use MKS Code Integrity to define a common portability layer useful in integrating source code from different suppliers, development teams or geographic locations.

MIS Professionals

Information technology professionals will find MKS Code Integrity a key tool for adhering to standards and following established company coding guidelines or policy. IT developers can use the product to develop an SDK unique to their specific architecture and to understand transparency issues, such as system or architecture model dependencies. Organizations seeking to comply with standards such as XPG4 or ISO 9000, will find Code Integrity's source code management capabilities extremely useful.

Integrators and Government Agencies

MKS Code Integrity is a valuable tool for government agencies and integrators seeking to conform to open systems standards. Currently, government agencies have no tools available to verify an application's conformance to such open systems standards as POSIX.2, XPG4 and Spec 1170. Equally, integrators who have a requirement to meet contracts citing open systems standards will find that by using MKS Code Integrity, they can gain a better understanding of the portability (or non-portability) of subcontractor's code by establishing a common portability layer for subcontractors.

Original Equipment Manufacturers

Operating system OEMs can use MKS Code Integrity as a value add to their open system platforms, providing developers on these platforms with tools to effectively use open systems and standards-based functionality. MKS Code Integrity can also be a "platform ambassador." The tool can see if an ISV application makes correct use of the target system's APIs and can provide valuable reports and information to both the ISV prospect and the OEM on the porting effort required and any missing API functionality.

How Does MKS Code Integrity Fit Into Your Development Environment?

What individual tools would you need to do what MKS Code Integrity will do for you?

Type of Tools/Expertise Approximate Cost to MKS Code Integrity Purchase/Replace Metrics Tools (McCabe, $8,500 - $21,000 Includes basic metrics Halstead) information such as line counts; pure code vs. comments Lint Tools unsupported freeware - Includes lint-like $1,000 checking with enhanced type checking, sophisticated filters and GUI front end Static Analysis Browser $4,500 - $7,995 Does static analysis (Softbench) checking Standards Information programmer's time to track Contains the knowledge down APIs, locate and embodied in ANSI C; understand many industry POSIX.1, POSIX.2, XPG3, standards (each 1000s of XPG4, Spec1170, graphical pages). specifications such as Motif 1.2, plus can be extended to include user's custom APIs and will include specific operating system profiles Programmer Portability Programmer with knowlege Includes database of Expertise base covering 42,000 APIs, 42,000 APIs to begin, and complete understanding of detailed information architecture portability about those APIs and your own coding policy... Total cost based upon a Total cost based upon a single user: $17,000 plus single user: $1,500-1,995 expertise, time

Competitive Analysis of Code Integrity vs. Abraxas CodeCheck

Feature Comparison

Feature MKS Code Integrity Abraxas CodeCheck API Databases YES NO Extended Type Checking YES NO Checks for 32 - 64 bit YES NO portability issues GUI Interface YES NO Filtering of problems YES NO found Check for program YES Somewhat compliance to Industry defined standards (POSIX, XPG4, Spec1170) Works with make files YES NO Allows for creation of YES Somewhat custom API specifications Works with K&R C, ANSI C YES YES C++ Support YES Metrics Information YES YES Generates Graphs YES NO Standard "Lint" Checks YES NO API Information look-up YES NO Tech Support, Available for Available for Implementation & additional fee. additional fee. Training Pricing MKS Code Integrity Abraxas CodeCheck $1,995 $2,000

MKS Code Integrity Questions and Answers

Q. Can I create my own API specification with Code Integrity?

A: Yes, you can create your own custom API specifications. MKS Code Integrity allows you to codify your own APIs in a representation allowing companies to verify the correct use of their defined specification.

Q: How can Code Integrity make the porting of applications easier?

A: Code Integrity can help automate the porting process by identifying possible problems that may hinder a successful port of an application. Code Integrity can identify problems with APIs required by applications that do not exist on the target platform, incorrect use of APIs, dependencies on 32-bit architectures, ASCII language set dependencies, pointer issues and many other issues that affect portability and maintainability of applications.

Q: You currently support the C language. Is other language support planned?

A: MKS is investigating customer requirements for SQL and C++ support. These will be incorporated into Code Integrity based upon market demand.

Q: What API databases are included with the product?

A: Currently, MKS Code Integrity includes full API databases for the following: ANSI C, K&R C, POSIX.1, POSIX.2, SVID 3, XPG3, XPG4, Single UNIX , X11 Libraries, BSD Extensions, OSF AES Revision A, OSF Motif 1.1, Motif 1.2, ISO MSE 9899:1990, Athena Widget Set and more.

Q: Can Code Integrity be customized and integrated into my application development environment?

A: Yes. MKS Code Integrity is flexible stand alone development tool that will complement any C development environment.

Q: Can I process my own data files?

A: Yes. Code Integrity generates information files on the analyzed applications and provides access to these files if you want to process them on your own. However, for most people the information provided through the code Integrity GUI should be more than adequate.

Product Availability

MKS Code Integrity is now commercially available through QualSoft for following UNIX platforms:

HP-UX, SunOS, Solaris (SPARC and Intel) and AIX.

Additional Readings

AN 90 - X3J11 Technical Committee (1990) American National Standard for the Programming Language C. American National Standards Institute. ISO/IEC 9899:1990 (E)

FM95 - Funkenhauser, M (1995) "Single UNIX Specification" UNIX Review Magazine, June, 1995. Miller Freeman.

HS91- Harbison, SP and Steele, GL (1991) C: A Reference Manual, 3rd Edition. Prentice-Hall.

JC91 - Jones, C (1991) Applied Software Measurement, Assuring Productivity and Quality. McGraw-Hill.

JH94 - Jesperson, Hall (1994) Your Guide to POSIX. UniForum

KR88 - Kernighan, BW and Ritchie, DM (1988) The C Programming Language, 2nd Edition. Prentice Hall.

MRH90 - Horton, MR (1990) Portable C Software. Prentice Hall

OL86 - Lecarme, O and Gart, ML (1986) Software Portability. McGraw-Hill

POSIX.1 - IEEE Technical Committee on Operating Systems (1990) Information Technology -- Portable Operating System Interface -- Part 1: System Application Program Interface (API) [C Language]. ISO/IEC 9945-1; IEEE Std 1003.1-1990. Institute of Electrical and Electronic Engineers.

POSIX.2 - IEEE Technical Committee on Operating Systems (1992) Information Technology -- Portable Operating System Interface -- Part 2: Shell and Utilities; IEEE STD 1003.2-1992. Institute of Electrical and Electronic Engineers.

RJ88- Jaeschke, R (1988) Portability and the C Language. Hayden Books.

TP89 - Plum, T (1984) C Programming Guidelines, 2nd Edition. Prentice Hall

X95 - X/Open Company Limited (1995) Go Solo. How to Implement and Go Solo with the Single UNIX Specification. Prentice Hall.

YE92 - Yourdon, E (1992) Decline & Fall of the American Programmer. Yourdon Press. Prentice Hall.

ZF91 - Zlotnick, F (1991) The POSIX.1 Standard, A Programmer's Guide. The Benjamin/Cummings Publishing Company, Inc.