A Giant in Mission-critical Systems for Utility and Industrial Customers
ABB’s operations are organized into five global divisions, each comprised of specific business units focused on particular industries and product categories: power products, power systems, discrete automation and motion, low voltage products and process automation.
All of these divisions share a common element to one degree or another: Their products require software. And, they all face the same challenges and demands from their customers: security and reliability. A field failure can translate into lost productivity or revenue, or could have adverse effects for a great number of people. Faulty code could also be exploited by a third party, either for financial gain or to support an act of terrorism.
Klocwork Helps ABB…
-
Detect Important Coding Issues Earlier
-
Improve Code Quality
-
Get Accurate Results (With Fewer False Positives)
Why Static Code Analysis Was Necessary
Under certain conditions, errors in software could cause significant problems for any customers. ABB is sensitive to these facts. In 2008, they undertook a global review of all their software tools, training and practices, and found there was room to improve.
This review led to the formation of the Software Development Improvement Program (SDIP), which serves all five divisions and reportsdirectly to ABB’s chief technology officer.
“Our internal customers are basically the entire ABB software community,” says John Hudepohl, who co-leads SDIP. “Our function is to develop and deploy best practices, tools and training for all of the business units that make products that contain software.”
Part of the challenge faced by ABB is that its growth has been due in part to acquisitions. “You end up with a lot of different practices and a lot of different tools at various levels of maturity,” says Hudepohl. SDIP’s objective was to move everyone to higher, common level of practice and standardize on best-in-class tools.
Efforts to establish a standard toolset across the ABB software community included selecting a single static code analysis tool of choice. In 2009, Klocwork Insight was already part of the mix of products in use, from other commercial static code analysis tools to the built-in utility that comes with Microsoft TFS, as well as other shareware downloaded by individuals themselves.
Why Klocwork was the Ideal Static Code Analysis
The review concluded that some of these products just weren’t able to meet ABB’s evolving requirements. Features were lacking, there wasn’t any formalized support for them, there was no subject matter expert on static code analysis within the company’s software community, or other issues.
SDIP made a shortlist of leading static code analysis tools, including Klocwork Insight, and ran these through a side-by-side comparison with input from the internal software developer community. Key considerations were how well each tool integrated into ABB’s software development environment, ease of installation and maintenance, and the rate of false positives.
Too many false-positive alerts about potential errors in the code invariably lead developers to throw up their hands and walk away. Beyond the technical requirements of ABB’s software development community, there were broader ramifications that had to be considered as part of the static code analysis selection process. This included corporate and legal requirements, such as liability and compliance.
ABB’s software community is spread across business units within its five divisions, and all expenditures need to make sense from a cost-benefit point of view for each business unit. Equally important given this dispersed user community, consistently high levels of global product support and training were also critical considerations.
The Benefits of Using Klocwork
Klocwork’s ability to integrate easily with ABB’s development environment, its extensive and accurate analysis features, and its competitive price point made it the best choice as the company’s default static code analysis tool.
ABB now has a static code analysis and Klocwork subject matter expert for its community of developers, and it has integrated Klocwork training materials, including videos, within its own learning management system. It also has a power-user community set up so developers can help each other learn and improve the security and reliability of their code.
Hudepohl cites Klocwork Insight’s on-the-fly analysis capabilities as particularly compelling as well as the ability for developers to set up specific alerts.
“The ability to find and fix issues as the code is being written, before it leaves developers’ desktops, is very powerful. I’m really pleased with the amount of real defects that are being found, and the ratio of warnings to defects is good,” says Hudepohl.