Solutions - FDA Software Validation

Software Verification
Software testing is one of many verification activities intended to confirm that software development output meets its input requirements. Other verification activities include various static and dynamic analyses, code and document inspections, walkthroughs and other techniques.

Klocwork Insight is a leading static code analysis solution that provides development teams with:

• Detection of critical bugs and security vulnerabilities
• Software metrics analysis and trending

Defect Prevention
Software quality assurance needs to focus on preventing the introduction of defects into the software development process rather than trying to "test quality into" the software code after it is written. Software testing is limited in its ability to surface all latent defects in code. Software testing by itself is not sufficient to establish confidence that the software is fit for its intended use.

Static source code analysis technology allows development teams to find a wide range of defects prior to QA. Uniquely, Klocwork's Continuous Desktop Analysis enables developers to find bugs at their desktop, prior to code check-in. This enables "in-phase bug containment", which ensures:

• bugs are not introduced into the code stream
• cleaner system builds
• fewer bugs are passed to QA

Software Validation after a Change
Due to the complexity of software, a seemingly small local change may have a significant global system impact. Whenever software is changed, a validation analysis should be conducted not just for validation of the individual change, but also to determine the extent and impact of that change on the entire software system.

• Developers can run Klocwork analysis locally, from within their IDE anytime they make a change.
• The analysis will be run inter-procedurally in the context of the entire software system to ensure that any changes made locally are validated for global system impact.

Independence of Review
Self-validation is extremely difficult. When possible, an independent evaluation is always better, especially for higher risk applications.

• All reported bugs can be tracked each build through team reporting features, enabling prioritization of critical bugs for peer review.
• Klocwork Insight also offers a flowchart-based code review module to support peer review activities.

Construction or Coding

• Source code should be evaluated to verify its compliance with specified coding guidelines. Such guidelines should include coding conventions regarding clarity, style, complexity management, and commenting.
• Source code evaluations are often implemented as code inspections and code walkthroughs. Such static analyses provide a very effective means to detect errors before execution of the code.

Klocwork Insight is used primarily during the coding or construction phase of the software lifecycle:

• Klocwork provides support for a wide variety of coding style issues, including: out-of-the-box checks, usage of Klocwork Extensibility (KAST), and Klocwork's software metrics analysis for McCabe Cyclomatic Complexity, Coupling, and 100+ other metrics.
• Klocwork Insight also offers a flowchart-based code review module to support code inspection activities.

Testing by the Software Developer
Code-based testing is also known as structural testing or "white-box" testing. Structural testing can identify "dead" code that is never executed when the program is run.

Klocwork Insight is designed to be used by the developer, at their desktop and supports the identification of multiple forms of dead code including unused code and unreachable code.