You use Helix QAC (formerly QAC/QAC++) to find coding errors and comply with standards faster. But have you heard about the compliance, performance, and productivity enhancements we’ve made over the last few releases? For example… Our latest release — Helix QAC 2019.1 — includes support for multithreading. Expanded compliance coverage. And an improved desktop server integration. So, join us to learn about: -New features in Helix QAC 2019.1 (including multithreading support). -Recent features from our 2018 releases (including a new CWE C++ compliance module). -How to get started with the latest version. To download the latest version of Helix QAC, contact support. Once you do, you'll receive an email from our team with download instructions.

1. What’s New in Helix QAC?
2019.1 RELEASE | MAY 2019

2. perforce.com
Presenter
Richard Bellairs
Product Marketing Manager
Richard has 20+ years of experience across a wide range of industries. He
held electronics and software engineering positions in the manufacturing,
defense, and test and measurement industries in the nineties and early
noughties before moving to product management and product marketing.
He now champions Perforce’s market-leading code quality management
solution.

3. perforce.com
Here’s What We’ll Cover Today
1
2
3
New Features in Helix QAC 2019.1
Recent Features From Our 2018 Releases
How to Get Started With the Latest Version

4. perforce.com
2016 - 2017 2018 - 20191995 - 2015
Perforce was
Founded as a
Version Control
System.
New
Management
and Investor
Team Join
Perforce.
Acquisition:
Seapine
Software
Acquisition:
Deveo
and
Hansoft
Clearlake
Invests in
Perforce.
Acquisition:
PRQA
Acquisition:
Perfecto
Acquisition:
Rogue Wave
Version Control Only New Management Team / Expansion into Agile Planning Mobile, Web and More
The Perforce Family

5. perforce.com
Perforce Product Categories
Agile Planning
• Visual planning and
collaboration software.
• Enterprise agile project
planning.
• Mixed-mode project
management.
• Requirements and test
case management.
• Integrated issue
management.
Software Assurance
• Ensure safe, secure,
reliable code.
• Identify code defects or
rule violations against
custom and industry
standards.
• Compliance modules.
• Supports most compilers.
• Static, continuous, and
mobile availability.
• Tools to build, deploy,
secure, optimize, and
extend enterprise
applications.
• Open Source Support that
provides expertise on
technology stacks.
• API development,
governance, security, and
management.
Operations
Tools
• Provide scalable,
enterprise developer
components.
• Large dataset and
complex visualization.
• Platform independent
code building blocks.
• Robust statistical analysis.
Embedded
Components
Code
Management &
Collaboration
• Git and File Based
Versioning.
• Versioning for code,
design files, and artwork.
• Distributed
options/proxies.
• Supports multi-repository
build for CI/CD.
• Tool that improves
developer productivity in
executing Java code
changes.

6. perforce.com
Helix QAC Versions and Naming
May 2018 October 2018 May 2019 Fall 2019
QA Framework 2.3 QA Framework 2.4 Helix QAC 2019.1
Helix QAC 2019.2
QAC 9.4.1 QAC 9.5 QAC 9.6
QAC++ 4.2.1 QAC++ 4.3 QAC++ 4.4
QA Verify 2.2.2 QA Verify 2.3 QAC
Dashboard
2.4

7. perforce.com
Helix QAC Product Strategy
•Widest and deepest coverage for supported coding standards.
•Comprehensive coverage of ISO-specified language features.
•Tool certification and qualification for functional safety standards.
Compliance
•Analysis speed, accuracy, and precision.Performance
•User experience.
•Tool integrations.
•Ease of setup and configuration.
Productivity

8. perforce.com
Strategic Theme QA Framework 2.4 (October 2018) Helix QAC 2019.1 (May 2019)
Compliance
Improved breadth and depth for CERT, MISRA, and AUTOSAR
Concurrency and multithreading defect detection
New CWE C++ Compliance Module Updated AUTOSAR (2018.10) support
Support for C11 Complete C++14 support
Dataflow enhancements for secure coding
Performance
Improved accuracy and precision — reduced false positives/negatives
Faster CLI report generation
Faster Cross Module Analysis
(in memory processing)
Reduced disk storage
Faster desktop to server project transfer
(typical 50% improvement)
Productivity
Framework GUI improvements
Desktop/Dashboard rule synchronization
Named macro suppressions
Searchable help
Recent Key Feature Additions

9. perforce.com
Improved Breadth and Depth for CERT, MISRA, and AUTOSAR COMPLIANCE
Coding Standard
Helix QAC 2019.1
Enforceable Rule Coverage
MISRA C 100%
MISRA C++ 97%
CERT C 87%
CERT C++ 68%
AUTOSAR 84%

10. perforce.com
Concurrency and Multithreading Defect Detection
• Intra-thread checks include:
• Incorrect use of mutexes/critical
sections.
• Race condition when using fork
and file descriptors.
• Call to non-re-entrant function
outside critical section.
• Inter-thread checks include:
• Deadlock.
• Violation of lock hierarchy.
• Data race (shared object and
adjacent shared object).
Supported threading APIs
• POSIX
• Windows
• C++
COMPLIANCE

11. perforce.com
pthread_mutex_t m1 = PTHREAD_MUTEX_INITIALIZER;
pthread_mutex_t m2 = PTHREAD_MUTEX_INITIALIZER;
int x;
void * thread1 (void * arg)
{
pthread_mutex_lock(&m1);
pthread_mutex_lock(&m2);
++x;
pthread_mutex_unlock(&m2);
pthread_mutex_unlock(&m1);
}
void * thread2 (void * arg)
{
pthread_mutex_lock(&m2);
pthread_mutex_lock(&m1);
++x;
pthread_mutex_unlock(&m1);
pthread_mutex_unlock(&m2);
}
thread1
thread2
m1 m2
Example Deadlock Detection
• Deadlock (T25809)
COMPLIANCE

12. perforce.com
• Deadlock (T25809)
Example Deadlock Detection COMPLIANCE

13. perforce.com
• Data race for the same shared object (T25278):
Example Data Race Detection
• 1765 Definite: data race for object.
• 1766 Apparent: data race for object.
• 1770 Definite: data race for a volatile object.
• 1771 Definite: data race for a mutable object.
COMPLIANCE

14. perforce.com
• New product option.
• CWE = “Common Weakness Enumeration”.
• Important to remember: CWE is not a coding standard.
• CWE is a community developed list of security weaknesses.
• Maps QAC++ diagnostic messages to CWE list entries.
• Even though our Compliance Module is focused on “Weaknesses in Software Written in C++”, it
does cover some weaknesses that also apply to other languages.
CWE C++ Compliance Module COMPLIANCE

15. perforce.com
• AUTOSAR Compliance Module supports AUTOSAR Coding Guidelines 18-10.
• Market leading breadth and depth of coverage.
• 297/353 Enforceable Rules.
• MISRA C++ and AUTOSAR will be integrated in the future.
Updated AUTOSAR Support COMPLIANCE

16. perforce.com
• C:
•C11 Support
•Compiler Extensions
Support for C11 and C++14
• C++:
•Modern C++ Features:
• constexpr
• __has_include
• thread_local
• designated initializers
(as proposed for C++ ‘2x)
COMPLIANCE

17. perforce.com
Example Tainted Data Check:
• Tainted object used as a format string (T25167):
• 4916 Definite: Using a tainted variable as format string.
• 4917 Apparent: Using a tainted variable as format string.
• 4918 Suspicious: Using a tainted variable as format string.
• 4919 Possible: Using a tainted variable as format string.
• CERT C FIO30 (Exclude user input from format strings) is now
reported due to implementing this check.
Dataflow Enhancements for Secure Coding COMPLIANCE

18. perforce.com
• Continual improvements in accuracy (defects found/defects present) and precision
(true positives/defects found).
• Improved analysis speed and incremental Cross Module Analysis.
• Unified project transfer speed optimization – typical 50% improvement (project dependent).
Performance Improvements
Spring ’18
(PRQA Framework 2.3)
Spring ’19
(Helix QAC 2019.1)
Analysis time 5:40 3:17
(2nd run with 1 changed file: 0:26)
Example large test project (c. 2k C files):
COMPLIANCE

19. perforce.com
Framework GUI Improvements
• The severity filter now functions without an apply button.
• Improved responsiveness of file tree.
• File tree displays the correct folder structure for header files.
• Option to hide source and header files with zero diagnostics.
• Optional sorting order (same as Dashboard).

20. perforce.com
• Changes to the rule configuration can be made in the Framework GUI
(no need to use ‘ConfigGUI’ utility).
• Baseline configuration is included in Unify project information.
Desktop to Dashboard Synchronization

21. perforce.com
• Suppress instances of messages generated against code expanded from a macro.
• Justification comment can be added.
• Syntax is identical to existing comment annotations with “MS NAME” instead of “S”.
Named Macro Suppressions

22. perforce.com
Searchable Help
Support for Boolean search
operators – similar to
search engine.

23. perforce.com
Helix QAC Roadmap
C a t e g o r y S p r i n g 2 0 1 9 F a l l 2 0 1 9 2 0 2 0
C Language Features Complete ISO C11 Language Features
C Compliance Modules
MISRA C Coverage Accuracy Enhancements MISRA C11 Compliance Module Complete CERT C Coverage
MISRA C90/C99 switch
CERT C Coverage Enhancements
C++ Language Features Complete ISO C++11/14 Language Features ISO C++17 Language Feature Coverage Complete ISO C++17 Language Features
C++ Compliance Modules AUTOSAR Update to 18.10 AUTOSAR Coverage Enhancements Complete AUTOSAR Coverage
Productivity
Desktop/Centralized Sync. (‘Unified’) Eclipse v4.12 Support API access to analysis data
Searchable Help Visual Studio ‘19 Support
Performance
Cross Module Analysis Speed Improvement Improved Analysis and Reporting Speed
QA Verify Upload Speed Improvement Reduced Disk Usage
Note: This information outlines some of our current product plans. It does not represent a
binding commitment. The development, release, and timing of any products, features or
functionality remain at the discretion of Perforce, and are subject to change.

24. perforce.com
Upgrade to the Latest Version
Check Out the What’s New Page
https://www.perforce.com/products/helix-qac/whats-new-helix-qac
Request Support
https://www.perforce.com/support/request-support

25. Questions?