guarantee code quality and stay secure · caring about code quality •high quality code has fewer...
TRANSCRIPT
Guarantee Code Quality and Stay
Secure
Agenda
• Why should I care about code quality?
• How to quickly and easily improve code quality
• Graphical modeling with IAR Visual State
• How to benefit from functional safety requirements
• How to easily implement security in your application
Why should I care about
code quality?
Caring about code quality
• High quality code has fewer defects,
so faster time-to-market
• It also is easier to maintain or extend,
so faster follow-on projects
• Much easier to get safety certifications
• Lower “technical debt”
Quickly and easily improve
code quality
Fast ways to better code
• Perhaps the fastest way to improve code quality
is to employ code analysis tools
– Quickly finds common sources of bugs in your code
– Helps you to find problems that don’t normally occur
to developers
• Code analysis tools are required if you are
seeking functional safety certification
CWE (the Common Weakness Enumeration): http://cwe.mitre.org/
CERT (Computer Emergency Response Team): http://www.cert.org/
Complete static analysis tool fully integrated in IAR Embedded Workbench
C-STAT static analysis
Intuitive and easy-to-use settings
with flexible rule selection
Extensive and detailed
documentation
Checks compliance with MISRA
C:2004, MISRA C++:2008 and
MISRA C:2012
Includes ~250 checks mapping to
hundreds of issues covered by
CWE and CERT C/C++
C-RUN runtime analysis
Find actual errors at runtime
Bounds checking to ensure accesses to arrays
and other objects are within boundaries
Arithmetic checking
Heap and memory leaks checking
Complete runtime analysis tool fully integrated in
IAR Embedded Workbench for Arm and RX
Intuitive and easy-to-use settings with flexible rule selection
Code correlation and graphical feedback in editor
Comprehensive and detailed feedback
Very efficient instrumentation of compiled code
Code analysis tools
Run
tim
e a
naly
sis
Static analysis
Total fault coverage
9
Let C-RUN analyze your project
Requirements Design Implementation Verification Maintenance
Build and debug the application
Take full control of your developmentImplement your design in code
Investigate
runtime
errors
Review
potential
issues
Let C-STAT analyze your code
Graphical modeling with
IAR Visual State
IAR Visual State
• As complexity increases, how do I ensure
that I capture the complete design in code?
• How do I restructure the code if I discover
omissions or errors in the
designs?
• How can I verify that there is
no risk for deadlocks or
ambivalence in my design?
IAR Visual State
• Tool for design and code generation
• Used to graphically design state machines
and generate C/C++ source code– The graphical language used is based on UML
• Automated documentation
State machines in IAR Visual State
• Map events in the environment, like device driver input or interrupts, to state machine events
• Capture the discrete system logic in states, events, transitions and actions using UML diagrams
• Map actions to functions or device drivers interacting with the environment
How to benefit from functional safety
requirements
What is functional safety?
Definitions from IEC (http://www.iec.ch/functionalsafety/explained/)
• SafetyFreedom from unacceptable risk of physical injury or of damage to the health of people,
either directly, or indirectly as a result of damage to property or to the environment
• Functional safetyThe detection of a potentially dangerous condition resulting in the activation of a
protective or corrective device or mechanism to prevent hazardous events arising or
providing mitigation to reduce the consequence of the hazardous event
Various FS Standards
• IEC 61508
Functional Safety of Electrical/Electronic/Programmable Electronic
Safety-related Systems
• IEC 62304
Medical device software – Software life cycle processes
• EN 50128
Railway applications - Communication, signaling and processing
systems - Software for railway control and protection systems
• ISO 26262
Road vehicles – Functional safety
• (DO178C)
Software Considerations in Airborne Systems and Equipment
Certification
How these standards affect you
All these Functional Safety standards pose requirements on
the development process!
Requirements gathering, implementation, testing, verification and validation of
relevant safety functionality, programming language selection, etc, etc, etc…
All these Functional Safety standards, independent from the
Safety Integrity Level pose requirements on how to select
development tools!
• Reduce liability risks associated with your
application
• Reduce risk of product recall
• Reduce number of firmware updates
• Ensure compliance with international standards and
requirements
• Protects your company’s reputation
Benefits of following standards
Functional Safety and Code Analysis
• Developers tend to make the same mistakes…
• IEC61508 v2 requires static analysis for SIL 2-4
– Section C.4.2 lays out the need for analysis
– Without static analysis, the standard does not recommend using
C
• Section B.6.5 strongly recommends dynamic analysis
IEC 61508 Automatic common error detection C-STAT, C-RUN
Easy-to-understand designs
• ISO26262 requires that designs be easy to understand
– Must do design walk-thorough and inspections
– Must be able to simulate designs
• Also requires that control-flow analysis be performed
ISO 26262 Ease of design analysis IAR Visual State
IEC 61508 Automatic common error detection C-STAT, C-RUN
Testing of designs
• All safety standards have recommendations on testing
designs
• ISO26262 requires:
– Integration testing in a realistic target environment
– Testing to have high level of controllability and observability in
the software under test
ISO 26262 Tight testing integration and visibility C-RUN
ISO 26262 Ease of design analysis IAR Visual State
IEC 61508 Automatic common error detection C-STAT, C-RUN
Confidence in your tools
• All safety standards require that you prove your tools:
– Repeatable and reliable results
– Large user base
– Regular testing of tools
All Confidence in use of software tools EW-FS
ISO 26262 Tight testing integration and visibility C-RUN
ISO 26262 Ease of design analysis IAR Visual State
IEC 61508 Automatic common error detection C-STAT, C-RUN
Thank you for your attention!
www.iar.com