Embedded.com Tech Focus Newsletter (3-28-11): Static analysis - Embedded.com

Embedded.com Tech Focus Newsletter (3-28-11): Static analysis

Embedded Newsletter for 03-28-11

» Click here to view online I » Forward to a friend I » Sign up for an EE Times Newsletter

Share this Newsletter:

facebook linkedin twitter digg

March 28, 2011

Tech Focus: Code analysis and test


Static analysis vs. dynamic testing – No competition!

Think static analysis cures all ills? Think again.

Editor Note

Bernard Cole Engineers and software developers sometimes fall into an either/or mindset, as we all do from time to time, in which there are only two possible outcomes: your solution or the other person’s – and the other person’s is the wrong one. But in the diverse domain of software code analysis and test, the answer to the
question of the right approach to ensuring code quality may be a multiple choice one, not just a choice between static analysis and dynamic testing.

My Editor’s Top Picks for this week’s Tech Focus newsletter illuminate this issue:

Static analysis vs. dynamic testing, by GrammaTech’s Paul Anderson
Think static analysis cures all ills? Think again, by LDRA’s Mark Pitchford.

My view is that their apparent disagreement is not the no-win either/or dichotomy, but is more about differences in point of view and emphasis. But in addition to a number of different ways to do static code analysis and software testing, there are also at least a half a dozen alternative methods to ensure the quality of your code, including: the use of assertions, semantic analysis, mutation-based code coverage, pattern-based code and flow analysis, software DNA mapping, and Boolean satisfiability.

If after you have evaluated these various methods you still can’t determine the best approach for your particular application, be sure to register and attend the 2011 Spring ESC, May 2-5. Several class tracks offer possible answers: Best Practices, Debugging and optimizing, Design and test, Multicore debug, Languages and techniques and Software processes and tools.

Bernard Cole
Site Editor, Embedded.com

(928) 525-9087

Design How Tos

Using static code analysis for Agile software development

Since the goal of Agile development is to have working software early, source code analysis enables developers to analyze the quality and security of code from day one of coding ” one of the earliest points in the software development process

Defense in depth: Reducing embedded software bugs using static analysis and coding rules

Coding rules and static analysis tools are most effective when they work together, automating much of the work of checking compliance with rules, freeing up time to focus on higher-level concerns such as algorithm design.

The Truth Behind Static Analysis Pitfalls

Matthew Hayward gives you the lowdown behind one of the most frequency misunderstood aspects of static analysis: that it is distinctly different from other bug finding techniques.

Using static analysis to evaluate software in medical devices

Researchers at the FDA's Office of Science and Engineering Laboratories investigating new techniques for analyzing software in medical devices are using static analysis tools to uncover potential flaws in a device under review.

Making source code analysis part of the software development process

Source code analysis consultant Andrew Yang outlines some of the hard lessons learned by working with a number of companies instituting SCA tools, the problems encountered and how to avoid them.

The basics of embedded software testing: Part 1

This two part article covers the basics of testing and test case development and points out details unique to embedded systems work along the way. Part1: Basics of embedded software testing.

Using software verification techniques in non-safety critical embedded software designs

According to LDRA's Paul Humphrys, even if your application isn't safety critical you can still benefit from the use of software verification.

Improve functional verification quality with mutation-based code coverage

Extending the use of code coverage with mutation-based testing techniques to measure and drive improvement in all aspects of functional verification quality for simulation-based environments.

Tutorial: How to statically ensure software reliability

The programming specialists from PolySpace provide a brief tutorial on the basics of semantic analysis, and how it can be used to eliminate a variety of software errors.

Finding defects using Holzmann's “Power of 10” rules for writing safety critical code

Techniques for reducing the risk of bugs in software for safety-critical systems can work to reduce bugs in non-safety-critical systems. Advanced static-analysis tools can help by finding real errors automatically and reducing testing costs.

Can't get no Boolean satisfaction?

Boolean satisfiability and path simulation make a perfect match for the next generation of static analysis.

ESC Silicon Valley 2011 Class Tracks

Architecture design
Best practices
Challenges & solutions in embedded designs
Connectivity and security
Debugging and optimizing
Design and test
DSP, communications & control design
HMI and multimedia
HW and platform design
Linux/Android/open source
Managing and process
MCUs in embedded designs
Memory in embedded systems
Multicore debug
Powering embedded designs
Programming for storage, I/O & networking
Programming languages and techniques
Programmable logic in embedded designs
Quality design & intellectual property
Reliability, security and performance
Remote monitoring and wireless networking
RTOS and real-time software
Safety design
Software Processes and Tools
Software Design
Systems architecture
Windows for embedded


ESC – Green Hills integrates DoubleCheck static code analyzer with MULTI IDE

Green Hills Software, Inc., is now providing its user-based static code analyzer, DoubleCheck as a standard feature with its MULTI Professional tool suite for multicore development and debugger solutions. The integration is intended to increase developer productivity and code quality while enabling better management and control of code complexity and the overall coding process.

Static analysis tool maps code's 'DNA'

Coverity Inc. says the new release of its Prevent static code-analysis software embodies a new approach to “software mapping” that finds more bugs in embedded and enterprise software than previous technologies. The Prevent Software Quality System (SQS) also includes new defect- tracking capabilities and Java support.

Automating static timing analysis process

EMA Design Automation announced TimingDesigner 9.25 with enhanced Automerge functionality, which the company claims, dramatically decreases the time required for performing interface timing analysis.

ESC NEWS: GrammaTech offers CodeSonar Enterprise with Web-based Defect-Management System

New web-based tool analyzes C/C++ code to find complex programming bugs.

LDRA tool suite delivers ISO 26262 compliance for automakers

LDRA tool suite now supports the current implementation of ISO/DIS 26262, a functional safety standard for road vehicles.

News & Analysis

Code base growth drives static analysis market

Embedded software engineers using a static analysis tool are working on projects with significantly larger average numbers of in-house developed lines of software code than developers not using a static analysis tools according to research by VDC Research.

Static analysis findsInternet apps' flaws

Static source code analyzers attempt to find code sequences that, when executed, could result in buffer overflows, resource leaks or many other security and reliability problems. Source code analyzers are effective at locating a class of flaws that are not detected by compilers during standard builds and that often go undetected during run-time testing as well. Recently, Green Hills Software's source code analyzer was used to find flaws in several open-source applications that are widely used in Internet communications.

SOFTWARE TOOLS: Parallel C/C++ static code analyzer for OpenMP released

VivaMP from 000 Program Verification Systems identifies errors in C/C++ programs that use OpenMP technology

SOFTWARE TOOLS – SAFE releases Ver. 4.0 of CodeSuite analysis tools

CodeSuite 4.0 Adds CodeCLOC for Measuring Source Code Changes Over Time

SOFTWARE TOOLS – LDRA/Netrino partnership extends LDRA's support of C coding standards

LDRA and Netrino have partnered to implement the Embedded C Coding Standard for the LDRA tool suite. Support of the Netrino Embedded C Coding standard extends LDRA's already comprehensive list of C/C++ language standards such as MISRA-C:1998 and MISRA-C:2004, CERT C, SEC C

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.