WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

Similar documents
Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

Intro to Proving Absence of Errors in C/C++ Code

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

Verification and Validation of High-Integrity Systems

Verification and Test with Model-Based Design

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

Automating Best Practices to Improve Design Quality

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

From Design to Production

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

Utilisation des Méthodes Formelles Sur le code et sur les modèles

Jay Abraham 1 MathWorks, Natick, MA, 01760

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

Standardkonforme Absicherung mit Model-Based Design

Automating Best Practices to Improve Design Quality

Static Analysis in C/C++ code with Polyspace

Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

A Model-Based Reference Workflow for the Development of Safety-Related Software

Simulink Verification and Validation

2015 The MathWorks, Inc. 1

Testing, Validating, and Verifying with Model-Based Design Phil Rottier

Formal Verification of Models and Code Prashant Mathapati Application Engineer Polyspace & Model Verification

Using Model-Based Design in conformance with safety standards

Certification Authorities Software Team (CAST) Position Paper CAST-25

Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

Oracle Developer Studio Code Analyzer

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

CERT C++ COMPLIANCE ENFORCEMENT

Increasing Design Confidence Model and Code Verification

Automated Requirements-Based Testing

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

IDE for medical device software development. Hyun-Do Lee, Field Application Engineer

Applications of Program analysis in Model-Based Design

Coding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya

StackAnalyzer Proving the Absence of Stack Overflows

Coding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya

Part 5. Verification and Validation

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

What s New with the MATLAB and Simulink Product Families. Marta Wilczkowiak & Coorous Mohtadi Application Engineering Group

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Automatic Qualification of Abstract Interpretation-based Static Analysis Tools. Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013

Verification and Validation Introducing Simulink Design Verifier

CERTIFIED. Faster & Cheaper Testing. Develop standards compliant C & C++ faster and cheaper, with Cantata automated unit & integration testing.

Leveraging Formal Verification Throughout the Entire Design Cycle

Seven Roadblocks to 100% Structural Coverage (and how to avoid them)

Verification, Validation and Test in Model Based Design Manohar Reddy

Considerations in automotive embedded development Global Automotive Director Kiyo Uemura

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

Verification, Validation, and Test with Model-Based Design

Structural Coverage Analysis for Safety-Critical Code - Who Cares? 2015 LDRA Ltd 1

Simulink 를이용한 효율적인레거시코드 검증방안

Examination Questions Time allowed: 1 hour 15 minutes

Static Analysis of C++ Projects with CodeSonar

Using Code Coverage to Improve the Reliability of Embedded Software. Whitepaper V

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Verification and Validation

Testing and Validation of Simulink Models with Reactis

Model-Based Design for Safety Critical Automotive Applications

Changing the way the world does software

Verifying source code

Generating Industry Standards Production C Code Using Embedded Coder

Verification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process

Topics in Software Testing

Compatible Qualification Metrics for Formal Property Checking

ACCELERATING DO-254 VERIFICATION

Architecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL

Manuel Oriol, CHCRC-C, Software Testing ABB

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

Darshan Institute of Engineering & Technology for Diploma Studies

ISO Compliant Automatic Requirements-Based Testing for TargetLink

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Better than Hand Generating Highly Optimized Code using Simulink and Embedded Coder

Sample Exam Syllabus

Verification and Validation

Verification and Validation

Software Quality. Chapter What is Quality?

Error Detection by Code Coverage Analysis without Instrumenting the Code

Why testing and analysis. Software Testing. A framework for software testing. Outline. Software Qualities. Dependability Properties

Formal Verification for safety critical requirements From Unit-Test to HIL

Aerospace Software Engineering

Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)

MONIKA HEINER.

AVS: A Test Suite for Automatically Generated Code

Static Analysis Techniques

IBM Rational Rhapsody

INTRODUCTION TO SOFTWARE ENGINEERING

Collaborative Programming: Pair Programming and Reviews CSE 403

ISO compliant verification of functional requirements in the model-based software development process

AstréeA From Research To Industry

Ingegneria del Software Corso di Laurea in Informatica per il Management

System Requirements & Platform Availability by Product for R2016b

Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

Transcription:

WHITE PAPER 10 Reasons to Use Static Analysis for Embedded Software Development

Overview Software is in everything. And in many embedded systems like flight control, medical devices, and powertrains, quality and reliability are critical. But developers sometimes have to make tradeoffs in how much verification to do on a tight deadline. This paper presents a unique way to solve this problem. It introduces static analysis using formal methods to more thoroughly verify software quality, reliability, and security. Edsger Dijkstra, a pioneer in computer science, once stated, Program testing can be used to show the presence of bugs, but never to show their absence! And yet, many projects interpret the absence of test failures as proof of quality. Using static analysis with Polyspace products, you can prove the absence of run-time errors. You can identify potential bugs in source code, even at the component level, without having to integrate with the system and test it on hardware, or execute any code. There are 10 good reasons to use static analysis with Polyspace to verify software: 1. Polyspace provides immediate feedback to the developer, with detailed insights such as run-time variable range information. 2. Polyspace reduces and guides unit testing efforts, by proving the absence of defects across all possible inputs. 3. Polyspace finds dead code and provides code metrics important for an effective code review. 4. Polyspace detects complex defects, like proving the absence of race conditions in a multi-threaded application and tracing defects to the source. 5. Polyspace helps enforce coding guidelines such as MISRA both decidable and undecidable rules and directives. 6. Polyspace helps you identify and avoid security vulnerabilities and comply with security standards such as CERT C, ISO 17961, and CWE. 7. Polyspace provides detailed control and data flow information with exhaustive and sound semantic analysis. 8. Polyspace provides a framework to manage code quality to achieve software quality objectives. 9. Polyspace provides artifacts to meet certification standards ISO 26262, IEC 61598, IEC 62304, and DO-178B/C. 10. Polyspace is part of the toolchain for Model-Based Design with traceability to and from a Simulink model. WHITE PAPER 2

A Quick Example Before we get into the details of the top 10, consider the following example function with two inputs: How would you manually review this short piece of code, especially if you want to ensure the absence of defects? If you consider testing, you would only need two test cases for full modified condition/ decision coverage (MCDC). Is that sufficient to ensure robustness? An exhaustive analysis would consider all possible values for each of the inputs. Static Code Analysis This is where static analysis comes in. Static code analysis refers to any technique to analyze source code without executing the software. Without the overhead of writing and running test cases or instrumenting your code, static code analysis automates manual verification tasks. WHITE PAPER 3

There are multiple forms of static analysis, and some of them are built into compilers and IDEs, or provided in well-known tools such as lint: Style checkers that can enforce certain coding standards and best practices such as style guides Tools that can enforce coding guidelines such as MISRA Tools that can help detect defects based on heuristics Polyspace static analysis products include these, and also adds a unique approach by using formal methods to prove the absence of errors and verify run-time behavior. It goes beyond the use of heuristics to find bugs or implement coding guidelines. Polyspace uses proof-based techniques such as abstract interpretation to prove that the software is safe under all run-time conditions. This provides a complete verification approach for software developers. 10 Reasons to Use Static Analysis with Polyspace Products Polyspace helps software development teams and quality and test teams in a number of ways. 1. Polyspace provides immediate feedback to the developer with detailed insights such as runtime variable range information. A significant number of defects are introduced during the coding stage. They propagate downstream, detected at different stages and need to be fixed later causing rework and delays. Polyspace lets you see and fix issues while coding, before they propagate any further. Polyspace enables you to write better quality code with integration into your development environment. WHITE PAPER 4

Dynamic testing merely allowed us to detect the symptoms of the errors. Polyspace code verification pinpoints their root cause, saving us significant debugging efforts. Frédéric Retailleau, Delphi Diesel Systems 2. Polyspace reduces and guides unit testing efforts by proving the absence of defects across all possible inputs. Unit tests are used to verify the robustness of components. This requires writing test cases that can highlight run-time errors. Writing unit tests manually can be challenging because of the guesswork and assumptions. Polyspace proves that code is safe from run-time failures, eliminating the need for robustness tests and identifying the specific unproven operations that need further analysis or tests. Run-time error attributes are color-coded. 3. Polyspace identifies dead code and provides code metrics valuable insights for an effective code review. Unreachable or dead code leads to unknown gaps in coverage. More test cases to increase coverage fail and lead to redundancies. Alternatively, you discover in a code review that an implementation is too complex and needs to be refactored. Code metrics such as cyclomatic complexity and function coupling in Polyspace help assess the design and implementation architecture. Polyspace identifies dead code at the time of implementation to avoid inefficiencies. WHITE PAPER 5

Polyspace Code Prover identified dead code in our generated code as well as issues in our handwritten code. It also identified code that was free from errors, and code that needed our close attention. The results enabled us to perform a targeted evaluation of the code during our formal inspection process. Dr. Karen Gundy-Burlet, NASA Ames Research Center 4. Polyspace detects complex defects such as proving the absence of race conditions in your multi-threaded applications. Complex defects such as static memory issues, concurrency issues, and subtle run-time errors are hard to detect, and may slip into production. They require the right test cases and are difficult to reproduce. Polyspace can help detect these defects before you check code into your source code repository, thereby avoiding test and debug of hidden bugs. With an event trace to step through in the debugging process, Polyspace reduces debugging effort for complex defects. Polyspace products not only find which operations can experience run-time errors, they also identify those that will never have one, no matter the operating conditions. Furthermore, they can do so during coding, thus before unit testing. This is of tremendous value to our suppliers. Mitsuhiko Kikuchi, Nissan 5. Polyspace helps enforce coding guidelines such as MISRA both decidable and undecidable rules and directives. Coding guidelines help avoid unsafe constructs for safety-critical applications. But manual checking for compliance to coding rules is laborious. Delegating this to the quality assurance team downstream creates late stage feedback to modify and reverify the code. Polyspace automates the enforcement of standards MISRA C 2004, MISRA AC AGC, MISRA C 2012, or custom internal coding guidelines such as naming conventions. This helps your development team write code that is consistent, readable, and maintainable. As we seek premarket approval status from the FDA, Polyspace Code Prover is central to our efforts to demonstrate that we have done our utmost to prove code correctness and ensure code quality. Lars Schiemanck, Miracor Medical Systems WHITE PAPER 6

6. Polyspace helps you identify and avoid security vulnerabilities and comply with security standards such as CERT C, ISO 17961, and CWE. With increasing connectivity of embedded systems such as ADAS, security is a growing concern, especially when it affects safety. A holistic approach to security spans the entire development cycle and therefore requires additional V&V. Polyspace can help avoid security vulnerabilities by detecting violations of secure coding rules like CERT C, ISO 17961, CWE. 7. Polyspace provides detailed control and data flow information with exhaustive and sound semantic analysis. Control and data flow information is very useful while designing and debugging your code. But a manual approach can be daunting. Polyspace provides this information as function call trees, a global data dictionary, and variable data ranges that help in debugging complex run-time edge cases. The Polyspace solution is unique it detects run-time errors without execution and has the advantage of being exhaustive. EADS Launch Vehicles 8. Polyspace provides a framework to manage code quality and achieve software quality objectives. Although teams may measure and document various quality metrics, the metrics are seldom help to guide the development process. Polyspace provides a framework to use a combination of standard metrics to determine the software quality level and track it through the development cycle. You can define a centralized quality model to track run-time errors, code complexity, and coding rules violations, and track your progress toward predefined software quality objectives. WHITE PAPER 7

9. Polyspace provides artifacts to meet certification objectives of standards credits for ISO 26262, IEC 61598, DO-178B/C, and IEC 62304. Certification activities have very specific V&V objectives. Using Polyspace, you can automate and produce artifacts to meet certification requirements. Alenia Aermacchi used Polyspace static analysis tools to check the code for run-time errors, ensure compliance with MISRA C coding standards, and create artifacts for certification credit. They qualified Polyspace code verifiers and Simulink Verification and Validation using DO Qualification Kit for DO-178. 10. Polyspace is part of the toolchain for Model-Based Design with traceability to and from a Simulink model. You can run static analysis on generated code either from Simulink models or dspace TargetLink blocks. You can launch the analysis from within Simulink and trace the results back to the model. On average, Polyspace can help software developers and quality engineers reduce development time by 12%. WHITE PAPER 8

ROI of Static Analysis with Polyspace Products The ROI is strong for using Polyspace static analysis in your software development process. Users routinely report that Polyspace is a game changer. 40% time savings in manual code reviews Reduces the engineering time spent on manual code reviews by providing artifacts that capture detailed control and data flow analysis 20% reduction in testing efforts especially in robustness testing Reduces the cost of debugging and fixing late stage defects and the related project delays by identifying defects early 300:1 Average engineering hours saved by fixing a bug before it escapes into the field Avoids failure in the field from missed run-time errors by exhaustively proving run-time behavior without false negatives. Polyspace static analysis provides an efficient, cost-effective solution that lets you deliver reliable embedded systems, especially those that must operate at the highest levels of quality, safety, and security. Polyspace Static Analysis Products Polyspace static analysis products include Polyspace Bug Finder and Polyspace Code Prover. Polyspace Bug Finder identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software. Using static analysis, including semantic analysis, Polyspace Bug Finder analyzes software control, data flow, and interprocedural behavior. By highlighting defects as soon as they are detected, it lets you triage and fix bugs early in the development process. Polyspace Code Prover is a sound static analysis tool that proves the absence of overflow, divide-byzero, out-of-bounds array access, and certain other run-time errors in C and C++ source code. It produces results without requiring program execution, code instrumentation, or test cases. Polyspace Code Prover uses semantic analysis and abstract interpretation based on formal methods to verify software interprocedural, control, and data flow behavior. You can use it on handwritten code, generated code, or a combination of the two. Each operation is color-coded to indicate whether it is free of run-time errors, proven to fail, unreachable, or unproven. WHITE PAPER 9

Learn More Solar Impulse Uses Polyspace Static Analysis for Solar Airplane Using Polyspace products to find and eliminate problems earlier and faster helped Solar Impulse save 1 2 engineer-years of development time and satisfy objectives to ensure DO-178 compliance. Debunking Misconceptions About Static Analysis Debunk misconceptions about static analysis. These include statements like, I don t need it because I do sufficient testing, or, Static analysis is only necessary if you re meeting certification. Reduce Testing and Debugging Time Using Polyspace Static Analysis Learn how to decrease test, debug, and fix cycles by finding bugs early in the development process. Request a Trial Speak to an Expert 2017 The MathWorks, Inc. MATLAB and Simulink are registered trademarks of The MathWorks, Inc. See mathworks.com/trademarks for a list of additional trademarks. Other product or brand names may be trademarks or registered trademarks of their respective holders. WHITE PAPER 10 93127v00 05/17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback