SharpChecker

SharpChecker is the platform of static analysis of programs in the C# language, in March, 2017 it is included in the unified register of domestic software. It is created for search of errors in a program code and has high efficiency in comparison with the existing analogs.

To err is human, - the director of ISP RAS Arutyun Avetisyan notes, - and the program code is written by living people. Most often it is high-class specialists, but also they can make mistakes. SharpChecker is that means which can compensate this property of human nature partly. The tool contains both a code analyzer, and ready components for implementation in a production cycle of software development. It allows to use technology and to programmers for error correction in the developed project, and to their heads as one more dynamic metrics which is well characterizing product quality".

Basic researches on technologies of static analysis are conducted in ISP RAS since 2002. In one and a half decades in this direction success is achieved, in particular, the Svace analyzer is developed. This tool allows to find errors and potential vulnerabilities in the source code of programs in languages of Si/Si ++. Among its features: ease of use, a broad set of the supported types of warnings, scalability to programs in millions of code lines and acceptable quality of the analysis - 30-80% of true warnings. This product is actively used by Samsung corporation as a fixed asset of statistical analysis - for search of errors in the source code of operating systems Android, proprietary applications of Samsung and the Tizen operating system.

SharpChecker became the next step in this direction. The platform developed by ISP RAS more than is competitive today among the analogs presented at the world market – Coverity from the American company Synopsys, Klocwork released the American Rogue Wave, Fortify from Hewlett Packard, the Israeli Checkmarx. In 2015 SharpChecker was implemented in Samsung company as a part of the Svace tool. However, this static analyzer can be used and independently.

"Today use of tools of the analysis of the code is obligatory when developing the safe software, - Valery Ignatyev, the senior research associate of ISP RAS says. - Impracticablly to check software consisting of millions of code lines manually for existence of errors – resource leaks and memory, dereferencings of null, misuse of attributes, the errors connected with parallelism of execution and so forth. Therefore the tool capable to analyze similar information volumes is not simply useful, but is necessary. Quality improvement and code safeties becomes more and more important task every year. Certainly, SharpChecker is not a panacea against errors in the code, it does not replace, and supplements other methods of software testing and search of errors, but it allows to correct errors at the earliest stages, significantly reducing the total cost of development, and does it effectively".