Taking code analysis to the next level
For the more than 20 years that embedded designers have depended mainly on the C language’s concise semantics and deterministic capabilities to write code for space and resource constrained 8- and 16-bit microcontrollers.
But now things are changing and the challenges of developing that code are increasing. First, many if not most of the market segments those designs – industrial, automotive, medical, and of course, military/aerospace have stringent safety specifications that must be met. Even consumer applications aimed at deploying many more embedded devices into the home are getting more stringent.
Second, because many, if not most, embedded applications are wired or wirelessly connected, security concerns making it necessary to write code that is not only less buggy, but less hackable.
Third, now there are 32 bit MCUs, with greater memory sizes, more complex instruction sets. Where developers of apps for 8 and 16 bit MCUs had to worry about debugging code sizes of a few hundreds to several thousands of lines of code, now LOC sizes are in the 10,000 to 1,000,000 million range.
Finally, complicating things even further is the move in many high end MCU designs to multicore SoCs, which, even when the developer resists shifting to a more parallelizable language, means that C code must be written in a much more rigorous multitasking and multithreaded environment.
Fortunately, embedded developers have a wide range of proprietary and open source tools, including static analyzers, at hand to help them face these challenges. Jack Ganssle reviewed and evaluated some of these tools in his blog on “Static analysis tools finds tough problems fast.” But, in the face of the new challenges, Jack in “The problem with static analyzers,” has some advice on how such tools can be improved.
In this week’s Tech Focus newsletter are included a number of design articles and blogs aimed at helping developers use such tools to accomplish their tasks in a much more demanding environment. Of these, my Editor’s Top Picks are:
“Static vs. dynamic analysis for secure code development,” a two part series by David Kleidermacher on the strengths and weaknesses of static and dynamic code analysis, especially in the development of secure C or C++ code.
“Using static code analysis for Agile software development,” in which Andrew Yang describes how these two powerful methodologies can be used to insure greater code quality and security in today’s demanding MCU development environment.
“Using formal methods for sophisticated static code analysis,” in which Jay Abraham outlines how to combine formal methods techniques and algorithms with static code analysis to ensure high quality and verifiable embedded software.
Based on my recent search of conference papers and journal articles, academic and corporate researchers have a number of new tools and methodologies that will help developers in this increasingly (reliable) code-challenged environment. Some of the articles I found informative include:
A memory model for static analysis of C programs
Maintenance of embedded systems using dynamic analysis
Static analysis of synchronous programs in multi-clocked embedded systems
Static analysis for software assurance using Abstract Interpretation
Embedded.com Site Editor Bernard Cole is also editor of the twice-a-week Embedded.com newsletters as well as a partner in the TechRite Associates editorial services consultancy. He welcomes your feedback. Send an email to firstname.lastname@example.org, or call 928-525-9087.