What is our primary use case?
We use it for all projects where we write our own code. So, it could be vertical control, cluster infotainment, or competitor systems; we use it everywhere.
We use it for smaller models and for Simulink models. However, it crashes when we have too many files/functions. When we use Code Prover on large applications, it sometimes crashes.
I work with Simulink models, where Prover is fully integrated.
How has it helped my organization?
What is most valuable?
Prover enhanced our code verification process. That's why we use this type of tool. We need a static code analysis tool.
When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences. So, we have numerous checks that improve our code.
We leverage many features that are effective for identifying bugs because they all complement each other. Just using one wouldn't be enough for quality purposes. We need the whole set.
What needs improvement?
There are two main areas of improvement.
- False negatives and false positives.
- The speed of the validation itself.
Another area I see for improvement is scalability, particularly when dealing with large software systems. While Polyspace is effective for individual components and smaller applications, its performance can be impacted when analyzing entire systems all at once.
There are limitations with handling large-scale applications.
For how long have I used the solution?
I started using Code Prover recently since it became integrated into MATLAB just six months ago in my company. It works well.
Which solution did I use previously and why did I switch?
We need to compare it to similar tools Fortify, Checkmarx, etc.
They often detect more quality issues, especially related to code flow, and they're generally faster.
However, there is a trade-off in these tools: speed versus quality. It's not ideal to sacrifice one for the other entirely. But, some other tools have a better balance.
What was our ROI?
While finding bugs is good, it's hard to quantify the exact impact.
We understand it's more expensive, but we lack concrete data to prove using it definitively gives us a clear benefit.
What's my experience with pricing, setup cost, and licensing?
What other advice do I have?
If you're using Simulink and Stateflow models within MATLAB, integrating with Polyspace Code Prover is very convenient because they're fully supported. There's a link between the code in the Simulink blockset, which makes verification efficient and practical.
Overall, I would rate the solution a six out of ten. It is not a bad tool, it is just not the best tool.
Disclosure: I am a real user, and this review is based on my own experience and opinions.