Return Home

The Problem

Software bugs are expensive. Today, there are over 4 million professional software developers who, at conservative estimate, spend 25% of their time testing and debugging programs. If we consider that the average loaded cost of a developer is about US$ 100,000, it makes software bugs a US$ 100 billion problem. And this does not even factor in delays, liabilities and recall costs.

The later bugs are detected in the software development process the more expensive they are and the more they delay the product launch. Embedded systems software suffers the most in this respect because it has to be developed in time with hardware, code has to be developed from scratch to meet the latest hardware (restricting the time available for testing), and should a bug get through it often entails a recall of the product.

The Solution

The Goanna project is working on developing a fast, scalable and precise software solution that detects bugs and vulnerabilities automatically at development time.

Goanna combines the technologies of static analysis and model checking creating a unique solution. It analyses source code by identifying causal dependencies between program constructs, estimating all the program's behaviors, and provides up to 100% coverage. Goanna targets programming flaws such as memory corruption, buffer overruns, and memory leaks, which lead to potential system crashes or security intrusions.

Analysis Time

For most programs the analysis takes just seconds and even for larger code bases it is typically done in minutes. This is in stark contrast to traditional testing, which requires execution of the code, setup of test cases, and manual inspection of the test results against the specification. Goanna can be applied as soon as code compiles, well before the traditional testing phase (and without the requirement for test harnesses and stub code) which creates an enormous saving potential.

Goanna's key features

• Integration with existing development environments

  Unlike other testing tools, Goanna can run directly within the embedded software developer's world (IDE). It can display results including trace navigation and the filtering and suppression of bugs, thereby taking much of the hassle out of running tests.

• User-defined checks

  As well as using standard, out-of-the-box checks, the high-level check description language used by Goanna allows users to easily add their own. This ensures analysis time is focused on high-value checks as well as allowing the tool can be adapted to a project's specific requirements.

• Multithreading analysis

  Goanna uses patented model-checking technology to analyse every possible execution combination, including programs running in parallel. It is the only tool yet developed that does not rely on sequential heuristics. Instead it analyses race conditions, deadlocks and resource corruption automatically and within their concurrent context.

• Embedded assembly checker

  Goanna is the only tool of its type that can deal with embedded assembly code. This is achieved using a three-step process: Examining C/assembly interface information for the entire program to ensure precise results; checking the assembly code against the interface description; and checking the assembly code itself. The result is no more black spots within the code.

• Software metric dashboard

  Goanna's unique software metrics dashboard extracts data from the analysis and displays it in an easy-to-understand graphical form. Users can click on the graphic to drill down for more detailed information as required. The dashboard supports analysis of modules by bug type as well as comparative analysis across a release history and between modules within a release.

Interested?

If you are interested in Goanna, or better, if you could envision to become an alpha-partner, please contact us at goanna@nicta.com.au.