»Click here to view online I »Forward to a friend I »Sign up for an EE Times Newsletter

Share this Newsletter:


March 28, 2011

Tech Focus: Code analysis and test


Static analysis vs. dynamic testing - No competition!

Think static analysis cures all ills? Think again.

Editor Note

Bernard ColeEngineers and software developers sometimes fall into an either/or mindset, as we all do from time to time, in which there are only two possible outcomes: your solution or the other person’s – and the other person’s is the wrong one. But in the diverse domain of software code analysis and test, the answer to the
question of the right approach to ensuring code quality may be a multiple choice one, not just a choice between static analysis and dynamic testing.

My Editor’s Top Picks for this week’s Tech Focus newsletter illuminate this issue:

Static analysis vs. dynamic testing, by GrammaTech’s Paul Anderson
Think static analysis cures all ills? Think again, by LDRA’s Mark Pitchford.

My view is that their apparent disagreement is not the no-win either/or dichotomy, but is more about differences in point of view and emphasis. But in addition to a number of different ways to do static code analysis and software testing, there are also at least a half a dozen alternative methods to ensure the quality of your code, including: the use of assertions, semantic analysis, mutation-based code coverage, pattern-based code and flow analysis, software DNA mapping, and Boolean satisfiability.

If after you have evaluated these various methods you still can’t determine the best approach for your particular application, be sure to register and attend the 2011 Spring ESC, May 2-5. Several class tracks offer possible answers: Best Practices, Debugging and optimizing, Design and test, Multicore debug, Languages and techniques and Software processes and tools.

Bernard Cole
Site Editor, Embedded.com
(928) 525-9087

Design How Tos

Using static code analysis for Agile software development

Since the goal of Agile development is to have working software early, source code analysis enables developers to analyze the quality and security of code from day one of coding " one of the earliest points in the software development process

Defense in depth: Reducing embedded software bugs using static analysis and coding rules

Coding rules and static analysis tools are most effective when they work together, automating much of the work of checking compliance with rules, freeing up time to focus on higher-level concerns such as algorithm design.

The Truth Behind Static Analysis Pitfalls

Matthew Hayward gives you the lowdown behind one of the most frequency misunderstood aspects of static analysis: that it is distinctly different from other bug finding techniques.

Using static analysis to evaluate software in medical devices

Researchers at the FDA's Office of Science and Engineering Laboratories investigating new techniques for analyzing software in medical devices are using static analysis tools to uncover potential flaws in a device under review.

Making source code analysis part of the software development process

Source code analysis consultant Andrew Yang outlines some of the hard lessons learned by working with a number of companies instituting SCA tools, the problems encountered and how to avoid them.

The basics of embedded software testing: Part 1

This two part article covers the basics of testing and test case development and points out details unique to embedded systems work along the way. Part1: Basics of embedded software testing.

Using software verification techniques in non-safety critical embedded software designs

According to LDRA's Paul Humphrys, even if your application isn't safety critical you can still benefit from the use of software verification.

Improve functional verification quality with mutation-based code coverage

Extending the use of code coverage with mutation-based testing techniques to measure and drive improvement in all aspects of functional verification quality for simulation-based environments.

Tutorial: How to statically ensure software reliability

The programming specialists from PolySpace provide a brief tutorial on the basics of semantic analysis, and how it can be used to eliminate a variety of software errors.

Finding defects using Holzmann's "Power of 10" rules for writing safety critical code

Techniques for reducing the risk of bugs in software for safety-critical systems can work to reduce bugs in non-safety-critical systems. Advanced static-analysis tools can help by finding real errors automatically and reducing testing costs.

Can't get no Boolean satisfaction?

Boolean satisfiability and path simulation make a perfect match for the next generation of static analysis.

ESC Silicon Valley 2011 Class Tracks

Architecture design
Best practices
Challenges & solutions in embedded designs
Connectivity and security
Debugging and optimizing
Design and test
DSP, communications & control design
HMI and multimedia
HW and platform design
Linux/Android/open source
Managing and process
MCUs in embedded designs
Memory in embedded systems
Multicore debug
Powering embedded designs
Programming for storage, I/O & networking
Programming languages and techniques
Programmable logic in embedded designs
Quality design & intellectual property
Reliability, security and performance
Remote monitoring and wireless networking
RTOS and real-time software
Safety design
Software Processes and Tools
Software Design
Systems architecture
Windows for embedded


ESC - Green Hills integrates DoubleCheck static code analyzer with MULTI IDE

Green Hills Software, Inc., is now providing its user-based static code analyzer, DoubleCheck as a standard feature with its MULTI Professional tool suite for multicore development and debugger solutions. The integration is intended to increase developer productivity and code quality while enabling better management and control of code complexity and the overall coding process.

Static analysis tool maps code's 'DNA'

Coverity Inc. says the new release of its Prevent static code-analysis software embodies a new approach to "software mapping" that finds more bugs in embedded and enterprise software than previous technologies. The Prevent Software Quality System (SQS) also includes new defect- tracking capabilities and Java support.

Automating static timing analysis process

EMA Design Automation announced TimingDesigner 9.25 with enhanced Automerge functionality, which the company claims, dramatically decreases the time required for performing interface timing analysis.

ESC NEWS: GrammaTech offers CodeSonar Enterprise with Web-based Defect-Management System

New web-based tool analyzes C/C++ code to find complex programming bugs.

LDRA tool suite delivers ISO 26262 compliance for automakers

LDRA tool suite now supports the current implementation of ISO/DIS 26262, a functional safety standard for road vehicles.

News & Analysis

Code base growth drives static analysis market

Embedded software engineers using a static analysis tool are working on projects with significantly larger average numbers of in-house developed lines of software code than developers not using a static analysis tools according to research by VDC Research.

Static analysis findsInternet apps' flaws

Static source code analyzers attempt to find code sequences that, when executed, could result in buffer overflows, resource leaks or many other security and reliability problems. Source code analyzers are effective at locating a class of flaws that are not detected by compilers during standard builds and that often go undetected during run-time testing as well. Recently, Green Hills Software's source code analyzer was used to find flaws in several open-source applications that are widely used in Internet communications.

SOFTWARE TOOLS: Parallel C/C++ static code analyzer for OpenMP released

VivaMP from 000 Program Verification Systems identifies errors in C/C++ programs that use OpenMP technology

SOFTWARE TOOLS - SAFE releases Ver. 4.0 of CodeSuite analysis tools

CodeSuite 4.0 Adds CodeCLOC for Measuring Source Code Changes Over Time

SOFTWARE TOOLS - LDRA/Netrino partnership extends LDRA's support of C coding standards

LDRA and Netrino have partnered to implement the Embedded C Coding Standard for the LDRA tool suite. Support of the Netrino Embedded C Coding standard extends LDRA's already comprehensive list of C/C++ language standards such as MISRA-C:1998 and MISRA-C:2004, CERT C, SEC C and GJB (Chinese Military Standard).


15 bugs away from being ready

Teenagers can learn only from their own mistakes. That seems true for a lot of software types, too.

Unintended acceleration

A window into software Q/A in the automotive industry.

The lawyers are coming!

The quality of a lot of embedded software is abysmal. And lawyers are on to it. If you don't want your source code to show up in court, you better get your act together.

How I test software

Test early and often: Jack describes his testing techniques and other survival lessons from Apollo missions to today.

Sponsored White Papers

Techniques for System Design in Embedded Environments

Techniques and Technologies in Debugging and Optimizing Embedded Applications

Static Source Code Analysis 8 Steps to Success

Peer Code Review: An Agile Process

Source Code Analysis in an Agile World

Search over 4.5 million parts online with Avnet Express!

AvnetExpress.com and its Design Resource Center help customers find and purchase electronic components and development tools with just a few clicks of the mouse. Our extensive online catalogue includes over 1 million parts available in quantities of 1 and same day shipping.
Visit AvnetExpress.com now!

Courses and Webinars

Get agile using scrum methodology in embedded development

ESC SV-300- Peer Code Review Doesn't Have to Suck

ESC SV-528- Guide to Adopting Static Source Analysis

ESC SV-405- Agile Embedded Software Development

Accelerating Device Time-to-Market with Embedded Software Test


Around the Network Events

Medical AC supplies; Analog front ends; Bayesian fault analysis; Using virtual prototypes; and more

Intel-McAfee deal could mean Intel-Specific antivirus software

Researchers show how a car's electronics can be taken over remotely

Motors and Microcontrollers 101

More from Embedded.com

More About

Find articles by topic on Embedded.com and across the Web. Here are collections of articles that Bernard Cole, the Embedded.com site editor, has organized to make it easier for you to track a subject and share information. To suggest a topic or an article for inclusion, contact Bernard Cole at bccole@acm.org.

More about Embedded Security
More about designing with embedded FPGAs
More about designing with Embedded DSPs
More about designing embedded apps with the Cortex-M3 & other ARM cores
More about multicores and multiprocessors

More Tech Focus

Browse tech focus newsletters by content. Clicking a link below either takes you to the HTML version of the newsletter or to a page with a link to a PDF of that newsletter.

(3-20-11) Getting more preemptive about embedded systems
(3-13-11) Keeping a watch (dog) on your system’s reliability
(3-07-11) Intel's Light Peak – Thunderbolt or flash-in-the-pan?
(2-27-11) Getting serious about embedded C++ in your designs
(2-20-11) From C/C++ to silicon--Impossible dream?
(2-13-11) Low-power MCU design strategies
(2-6-11) Build a 21st Century 555 timer design
(1-30-11) Smart power
(4-12-10): The future of test-driven software development
(4-5-10): Multicores and hypervisor virtualization
(3-29-10): Building better software with Agile Methods
(3-22-10): The future of eight-bit MCUs
(3-15-10): Building a better wireless networking infrastructure
(3-08-10): Designing for an energy-efficient environment
(3-01-10): Building smarter mixed signal subsystems
(2-22-10): The care and feeding of compilers
(2-15-10): Opportunities & challenges in medical electronics
(2-8-10): Static analysis
(2-1-10): Designing with SerDes
(1-25-10): Designing with the Blackfin DSP
(1-18-10): C programming
(1-11-10): Embedding databases
(1-4-10): Consumer video

More Words

Book Excerpts

Embedded Books Reading Room
Bernard Cole's favorite links to book excerpts.

Book Reviews

Engineer's Bookshelf
Airport fiction blows. A look at books other engineers are reading and why you should read them, too. Recommend and write a review yourself. E-mail Brian Fuller.

Jack Ganssle's Bookshelf
A list of book reviews by Jack Ganssle, contributing technical editor of Embedded Systems Design and Embedded.com.

Max's Cool Beans
Clive "Max" Maxfield, the editor on Programmable Logic DesignLine, often writes about interesting books.

This email was sent to: @{Email Name}@

To subscribe to UBM Electronics emails or change your email preferences please click here.

Go to EETimes.com
A UBM Electronics Newsletter © 2011. All rights reserved.
Privacy Policy I Advertising Information I Unsubscribe
UBM Electronics, 303 Second Street, Suite 900 South, San Francisco, CA 94107