Embedded.com Tech Focus Newsletter (2-8-10): Static Analysis - Embedded.com

Embedded.com Tech Focus Newsletter (2-8-10): Static Analysis


02-08-2010
The Embedded Newsletter is delivered to you free of charge from the staff of Embedded.com. To view the Embedded.com site , visit: http://www.embedded.com

TECH FOCUS – IS STATIC ANALYSIS UP TO THE CHALLENGE?
It is still not clear whether the safety problems in the recent auto recall by Toyota are software or hardware related. But despite that, the crisis has led some engineers to re-evaluate the use of embedded software in automobiles .

In The Lawyers are coming ! columnist Michael Barr points out that because embedded designs impact almost every aspect of our lives, source code reliability is likely to be at the core of many future safety-related court cases. In another recent article by Barr , he suggests strict adherence to a set of standards such as MISRA C/C++ to eliminate such problems.

Source code reliability is an ongoing topic of discussion on Embedded.com, of course, with numerous design articles on the static analysis techniques and tools to detect code errors. They include: resolving statically detected defects, static analysis pitfalls, diagnosing and preventing failures in safety-critical designs, evaluating software in medical devices, using static analysis to detect security invulnerabilities, and bulletproofing C++ code.

There have also been numerous articles on alternatives or enhancements to static analysis including the use of assertions ,   semantic analysis, mutation-based code coverage, using debuggers to prevent errors, software verification techniques in non-safety critical apps, use of coding rules, pattern-based code analysis and flow analysis, software DNA mapping, and Boolean satisfiability.

However, according to Paul Anderson and Thomas Reps inWhen good compilers go bad, or What you see is not what you execute ,” all such tools and techniques have a key weakness: computers don't execute source code; they execute machine-code programs generated from source code. In their article in ESD Magazine this month, Anderson and Reps evaluate some of the techniques for getting around this problem and review the research into either resolving the mismatch between the source code and machine code or developing tools to analyze machine code.

The article by Anderson and Reps is a must-read by every embedded systems developer. I look forward to your comments on line in the Embedded.com Forum. Good reading! (Embedded.com Editor Bernard Cole, bccole@acm.org )

  ESD MAGAZINE: On line Exclusive
When good compilers go bad, or What you see is not what you execute
Getting rid of the mismatch between source code and compiled machine code may mean having to debug the machine code. Here's some of the latest research on finding a tool to combat the problem.
  USING STATIC ANALYSIS
Using software verification techniques in non-safety critical embedded software designs
According to LDRA's Paul Humphrys, even if your application isn't safety critical you can still benefit from the use of software verification.
Static analysis tip: How to resolve statically detected defects
Because statically detected defects rarely have an external advocate (like a customer) demanding that they be fixed, the management of a development organization needs to make the adoption of a static tool a priority in order to reap the benefits.
Static analysis tip: How to Effectively Apply a Static Analysis Tool
Matthew Hayward of Coverity takes up the topic of how to use static analysis tools to “inspect every defect and fix all defects.”
The Truth Behind Static Analysis Pitfalls
Matthew Hayward gives you the lowdown behind one of the most frequency misunderstood aspects of static analysis: that it is distinctly different from other bug finding techniques.
Applying Static Analysis To Medical Device Software
David Kleidermacher describes in more detail how static analysis tools can be used to improve the software reliability and safety of many medical devices and systems.
Using static analysis to diagnose & prevent failures in safety-critical device designs
David Kleidermacher reviews static analysis tools and their usefulness in safety-critical embedded apps such as medical devices and systems, and provides insight into using them effectively and assesses what remains to be done to address future challenges.
Using static analysis to evaluate software in medical devices
Researchers at the FDA's Office of Science and Engineering Laboratories investigating new techniques for analyzing software in medical devices are using static analysis tools to uncover potential flaws in a device under review.
Hackers bite the (static analysis) dust: Part 1
In the first in a two part series, Nikola Valerjev describes common embedded system security vulnerabilities and how static analyzers, traditionally used to check code for bugs, can also be used to detect and prevent some, but not all, common hacker tricks.
Bulletproofing C++ Code
Sergei examines techniques that improve the stability and reduce the risks of errors for programming.
Static Analysis of Popular Open Source Internet Communication Applications
Using some open source Internet software, David Kleidermacher of GHS illustrates the benefits of static code analysis and how to use such techniques to test and debug your embedded software
Tutorial: How to statically ensure software reliability
The programming specialists from PolySpace provide a brief tutorial on the basics of semantic analysis, and how it can be used to eliminate a variety of software errors.
  ALTERNATIVES AND ENHANCEMENTS
Improve functional verification quality with mutation-based code coverage
Extending the use of code coverage with mutation-based testing techniques to measure and drive improvement in all aspects of functional verification quality for simulation-based environments.
How to use a debugger as a bug preventive tool
Nathan Fields describes using a debugger as a preventive tool before you know you have a bug to track down and reviews some of the basic requirements a debugger must have to apply this technique.
PRODUCT HOW-TO: Automating Compliance to MISRA C/C++ Standards
While C and C++ has the features a software development team need to write well laid out, structured, and expressive code, in the wrong hands this flexibility can lead to perverse and extremely hard to understand code.
Combining error-detection techniques to find bugs in embedded C software
This paper explains how automated techniques such as pattern-based static code analysis, runtime memory monitoring, unit testing, and flow analysis can be used together to find bugs in an embedded C application.
Finding defects using Holzmann's “Power of 10” rules for writing safety critical code
Techniques for reducing the risk of bugs in software for safety-critical systems can work to reduce bugs in non-safety-critical systems. Advanced static-analysis tools can help by finding real errors automatically and reducing testing costs.
Improve static code analysis with Software DNA maps
Growing complexity and distributed development teams means software is becoming larger and more complex to produce, manage and debug. Here's how software DNA maps will make static code analysis more effective
Can't get no Boolean satisfaction?
Boolean satisfiability and path simulation make a perfect match for the next generation of static analysis.
  EDITOR'S NOTE: Continuing Your Education
ESC Silicon Valley is increasingly the place to get hands-on training. In the past, we told you how to develop your system, then you went back to your lab to make it work. Now, we're bringing that lab to you, giving you the hardware and software you need to design, develop, and debug your system. Find out more here. Note: Early-bird registration expires February 19th.

Finally, as the deployments of 3G Long Term Evolution (LTE) networks accelerate, engineers have their hands full developing and testing handsets to meet the extreme performance requirements these networks demand. Our online course, the Fundamentals of LTE Physical Layer and Test Requirements will take you through the LTE standard and show you how to set up to test user equipment using the latest test systems and techniques.

  Career Center
Now Hiring 02-05-2010

  1. L-3 seeking I.A. Sales Engineer in Annapolis Junction, MD
  2. Ascension Health seeking Solutions Development Lead in St. Louis, MO
  3. Gentex Corporation seeking Software Test Engineer in Zeeland, MI
  4. Covance seeking Manager of QA in Greenfield, IN
  5. NAVTEQ, Inc seeking Data Warehouse Architect in Chicago, IL

For more great jobs, career-related news, features and services, please visit: EETimesCareers. www.EETimesCareers.com


Around the Network Events

View Our Full List of Newsletters Here
Webinar Services: Upcoming online broadcasts
Upcoming Conferences & Events
Electronics Event Listings
EE Times Vendor Sponsored Product Information

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.