Embedded.com Weekly Newsletter: Feb. 8 - 12, 2010 - Embedded.com

Embedded.com Weekly Newsletter: Feb. 8 – 12, 2010


02-08-2010
TheEmbedded Newsletter is delivered to youfree of charge from the staff of Embedded.com. To view the Embedded.comsite , visit: http://www.embedded.com

TECHFOCUS – IS STATIC ANALYSIS UP TO THE CHALLENGE?
It is still not clearwhether the safety problems in the recent auto recall by Toyota aresoftware or hardware related. But despite that, the crisis has led someengineers tore-evaluate the use ofembeddedsoftware in automobiles .

In The Lawyers are coming ! columnist Michael Barr points out that because embedded designs impactalmost every aspect of our lives, source code reliability is likely tobe at the core of many future safety-related court cases. In another recentarticle by Barr , he suggests strict adherence to a set ofstandards such as MISRA C/C++ to eliminate suchproblems.

Source code reliability isan ongoing topic of discussion onEmbedded.com, of course, with numerous design articles on the staticanalysis techniques and tools to detect code errors. Theyinclude: resolving staticallydetected defects, static analysis pitfalls, diagnosing andpreventing failures in safety-critical designs, evaluating software in medical devices,using static analysisto detect security invulnerabilities, and bulletproofing C++ code.

There have also beennumerous articles on alternatives orenhancements to staticanalysis including the use of assertions ,  semantic analysis, mutation-based codecoverage, using debuggers to prevent errors,software verificationtechniques in non-safety critical apps, use of coding rules, pattern-based codeanalysis and flow analysis, software DNA mapping, and Boolean satisfiability.

However, according to PaulAnderson and Thomas Reps inWhen good compilersgo bad, or What you see is not what you execute ,” all suchtools and techniques have a key weakness: computers don't executesource code; they execute machine-code programs generated from sourcecode. In their article in ESD Magazine this month, Anderson and Repsevaluate some of the techniques for getting around this problem andreview the research into either resolving the mismatch between thesource code and machine code or developing tools to analyze machinecode.

The articleby Anderson and Reps is a must-read by every embeddedsystems developer. I look forward to your comments on line in the Embedded.com Forum. Goodreading! (Embedded.com Editor BernardCole, bccole@acm.org )

 ESD MAGAZINE: On line Exclusive
When good compilers go bad, or What you see is notwhat you execute
Getting rid of the mismatch between source code and compiled machinecode may mean having to debug the machine code. Here's some of thelatest research on finding a tool to combat the problem.
 USING STATIC ANALYSIS
Using software verification techniques in non-safetycritical embedded software designs
According to LDRA's Paul Humphrys, even if your application isn'tsafety critical you can still benefit from the use of softwareverification.
Static analysis tip: How to resolve staticallydetected defects
Because statically detected defects rarely have an external advocate(like a customer) demanding that they be fixed, the management of adevelopment organization needs to make the adoption of a static tool apriority in order to reap the benefits.
Static analysis tip: How to Effectively Apply aStatic Analysis Tool
Matthew Hayward of Coverity takes up the topic of how to use staticanalysis tools to “inspect every defect and fix all defects.”
The Truth Behind Static Analysis Pitfalls
Matthew Hayward gives you the lowdown behind one of the most frequencymisunderstood aspects of static analysis: that it is distinctlydifferent from other bug finding techniques.
Applying Static Analysis To Medical Device Software
David Kleidermacher describes in more detail how static analysis toolscan be used to improve the software reliability and safety of manymedical devices and systems.
Using static analysis to diagnose & preventfailures in safety-critical device designs
David Kleidermacher reviews static analysis tools and their usefulnessin safety-critical embedded apps such as medical devices and systems,and provides insight into using them effectively and assesses whatremains to be done to address future challenges.
Using static analysis to evaluate software in medicaldevices
Researchers at the FDA's Office of Science and Engineering Laboratoriesinvestigating new techniques for analyzing software in medical devicesare using static analysis tools to uncover potential flaws in a deviceunder review.
Hackers bite the (static analysis) dust: Part 1
In the first in a two part series, Nikola Valerjev describes commonembedded system security vulnerabilities and how static analyzers,traditionally used to check code for bugs, can also be used to detectand prevent some, but not all, common hacker tricks.
Bulletproofing C++ Code
Sergei examines techniques that improve the stability and reduce therisks of errors for programming.
Static Analysis of Popular Open Source InternetCommunication Applications
Using some open source Internet software, David Kleidermacher of GHSillustrates the benefits of static code analysis and how to use suchtechniques to test and debug your embedded software
Tutorial: How to statically ensure softwarereliability
The programming specialists from PolySpace provide a brief tutorial onthe basics of semantic analysis, and how it can be used to eliminate avariety of software errors.
 ALTERNATIVES AND ENHANCEMENTS
Improve functional verification quality withmutation-based code coverage
Extending the use of code coverage with mutation-based testingtechniques to measure and drive improvement in all aspects offunctional verification quality for simulation-based environments.
How to use a debugger as a bug preventive tool
Nathan Fields describes using a debugger as a preventive tool beforeyou know you have a bug to track down and reviews some of the basicrequirements a debugger must have to apply this technique.
PRODUCT HOW-TO: Automating Compliance to MISRA C/C++Standards
While C and C++ has the features a software development team need towrite well laid out, structured, and expressive code, in the wronghands this flexibility can lead to perverse and extremely hard tounderstand code.
Combining error-detection techniques to find bugs inembedded C software
This paper explains how automated techniques such as pattern-basedstatic code analysis, runtime memory monitoring, unit testing, and flowanalysis can be used together to find bugs in an embedded C application.
Finding defects using Holzmann's “Power of 10” rulesfor writing safety critical code
Techniques for reducing the risk of bugs in software forsafety-critical systems can work to reduce bugs in non-safety-criticalsystems. Advanced static-analysis tools can help by finding real errorsautomatically and reducing testing costs.
Improve static code analysis with Software DNA maps
Growing complexity and distributed development teams means software isbecoming larger and more complex to produce, manage and debug. Here'show software DNA maps will make static code analysis more effective
Can't get no Boolean satisfaction?
Boolean satisfiability and path simulation make a perfect match for thenext generation of static analysis.
 EDITOR'S NOTE: Continuing Your Education
ESC Silicon Valley isincreasingly the place to get hands-on training. In the past,we told you how to develop your system, then you went back to your labto make it work. Now, we're bringing that lab to you, giving you thehardware and software you need to design, develop, and debug yoursystem. Find out more here. Note:Early-bird registration expires February 19th.

Finally, as thedeployments of 3G Long Term Evolution (LTE) networks accelerate,engineers have their hands full developing and testing handsets to meetthe extreme performance requirements these networks demand. Our onlinecourse, the Fundamentalsof LTE Physical Layer and Test Requirements will take you throughthe LTE standard and show you how to set up to test user equipmentusing the latest test systems and techniques.

 Career Center
Now Hiring 02-05-2010

  1. L-3seeking I.A. Sales Engineer in Annapolis Junction, MD
  2. AscensionHealth seeking Solutions Development Lead in St. Louis, MO
  3. GentexCorporation seeking Software Test Engineer in Zeeland, MI
  4. Covanceseeking Manager of QA in Greenfield, IN
  5. NAVTEQ,Inc seeking Data Warehouse Architect in Chicago, IL

For more great jobs, career-related news, features and services, pleasevisit: EETimesCareers. www.EETimesCareers.com


Around the Network Events

ViewOur Full List of Newsletters Here
WebinarServices: Upcoming online broadcasts
Upcoming Conferences& Events
Electronics EventListings
EETimes Vendor Sponsored Product Information

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.