LDRA and PRQA both had news at ESC last week. As a reminder, LDRA focuses on the traceability and certification of software, especially software targeted for safety-critical and secure applications. PRQA, on the other hand, prides itself in its deep, detailed code analysis, looking for potential bugs or other problems.
LDRA announced the ability to provide traceability from requirements all the way to object code. It’s that last mile to object code that’s new. The idea is to be able to document that all of the executable code can be traced to a requirement; that is, there’s no bonus flight simulator buried in your medical app for the nurses to play with. It’s also nice to go the other direction: show that every requirement has been met.
They also announced implementation of the Homeland Security secure programming guidelines.
Meanwhile, PRQA announced data flow analysis using a satisfiability modulo theorem solver (“sat solver”) from SRI that apparently won an annual sat solver competition two years ago (apparently, in declaring victory, they sat out last year’s bout). While the use of sat solvers in software analysis is by no means new, PRQA claims that it’s never been used for the kind of deep analysis they do. Others tend to try to abstract elements of the program so the entire program can be analyzed as a whole; such analysis would miss much of the detail PRQA finds. Conversely, PRQA, in rooting out the low-level details, might miss some higher-level issues; that’s not their focus.