The pervasive connectivity that embedded systems developers must now integrate into their designs is making software development and debug increasingly complex. It is not only the size and sophistication of the code residing on local applications but in the interplay between that software and code on other connected devices. As noted in this week's Tech Focus Newsletter, this is complicating the software debug tasks embedded developers face in several unanticipated ways.
First, while sensor and machine-to-machine networks over wireless connections have long a part of embedded designs for the home, commercial buildings, and in industry, the scale as well as the degree of network connectivity of the emerging Internet of Things is unprecedented.
Second, with that connectivity, embedded designs are no longer islands unto themselves. They now must interact with a diversity of platforms, programming languages, and disparate software code bases written in not only C or C++, but in XML, HTML, Java and a variety of Web scripting languages. The coding and security challenges this represents is stretching the capabilities of traditional debug methodologies such as static code analysis to their limits. One example is their use for taint analysis of incoming software (the Internet equivalent of parents asking children to wipe their feet at the door to avoid tracking in the mud, and then following the mud on the floor to find out who disobeyed ).
Third, much of that software is increasingly open source, with its great variability in code quality and how secure it is from hacking or spying. Recent examples of that are the recent HeartBleed security flaw found in the secure sockets layer commonly used on the Internet and the number of security flaws found in such open source programs as the Apache open source HTTP server and SendMail.
So far, when used correctly and extensively, static code analysis tools seem to be up to the job of protecting from such flaws. Beyond embedded applications, they are used widely used widely on the Internet to debug software in a variety of languages – C, C++, Java, XML, and several web scripting languages – that are co-resident on M2M and WSN nodes . The tools are also used for debugging open source Android applications for smartphones, automobiles, and medical appliances.
Some recent articles and technical papers on the variety of ways static analyzers can be used to address the challenges ahead are included in this week's Tech Focus Newsletter. My Editor's Top Picks include:
Despite the continuing improvements in flexibility and multi-language capabilities of static analysis tools, I am daunted by the challenges this new connected environment brings. And I’m just the technical editor who reads and reports on such developments. I am relieved I am only writing about them and am not actually involved in doing the hard job of software debug. But I will be here to congratulate you on a job well done when you succeed!
Embedded.com Site Editor Bernard Cole is also editor of the twice-a-week Embedded.com newsletters as well as a partner in the TechRite Associates editorial services consultancy. He welcomes your feedback. Send an email to , or call 928-525-9087.