Continuous Code Inspection and Analysis - IAR …...• Continuous Integration (CI) environments –...
Transcript of Continuous Code Inspection and Analysis - IAR …...• Continuous Integration (CI) environments –...
Agenda Code Inspection Static Code Analysis C-STAT DemonstrationDynamic Code AnalysisC-RUN Demonstration Summary
Why use C for embedded?
• Widespread knowledge of the language– Data type conversion, pointer accesses etc.
• Widespread tool support for the language– Many different compilers for virtually any target– Many middleware options– Many static analysis tools
• Fairly close to hardware– You can abstract to a higher level of interaction with the hardware– You can get all the way down to writing bits to ports
Why care about code analysis?
• C is not safe– Many languages are very similar to C
• All software contains bugs
• The later you find a bug, the more expensive it gets
Cost
Development cycle$
$$$$$$
$$$
System test product recall
Code inspections
3 approaches to code inspections– Code reviews– Pair programming– Automated inspections
Cartoon licensed under CC-BY-3.0 http://geek-and-poke.com/
Code inspections
• Code reviews– Activity, where the code gets viewed & read by one or several humans– At least one of the humans must not be the author of the code– Can be done as interruption of the implementation or after the implementation– Possible process: Fagan inspection
Code inspections
Code review goals– Improve code quality– Find possible defects– Knowledge transfer– Highlight possible better solutions– QA guideline compliance
Cartoon licensed under CC-BY-3.0 http://geek-and-poke.com/
Code inspections
Pair programming– Two programmers work together at one workstation– One (the driver) writes the code, while the other
(the observer) reviews the code, while it is typed in
Cartoon licensed under CC-BY-3.0 http://geek-and-poke.com/
Code inspections
• Pair programming advantages– Better code with less defects– Improved problem / project oriented focus– Knowledge transfer, reduced bus factor
• Pair programming challenges– Building successful / productive teams
Code inspections
• Automated inspections– Offload the code reviews to a machine– No limitations in the frequency of the code reviews– High repeatability of the results– Can be included into CI flow
Cartoon licensed under CC-BY-3.0 http://geek-and-poke.com/
What is Static code analysis
• A way to statically analyze software (as opposed to dynamically)
• In this context it means analyzing C/C++ source code without compiling or executing the program
• Intended to identify potential errors, vulnerabilities, portability issues, coding standards compliance etc.
• Highly recommended for any embedded development, mandatory for certification
• IAR Systems provides C-STAT
What is MISRA-C
• Motor Industry Software Reliability Association– A consortium that promotes standards to improve the safety and reliability of
embedded code– MISRA-C is:
o A language subset, that takes out the undefined behavior that is part of the C standard
o A basis for a coding standard
Static code analysis
• IAR Systems provides C-STAT– Fully integrated into the IAR Embedded Workbench– Flexible rule selection + export / import of rule-sets– Detailed documentation of checks and messages– C-STAT supports:
o ~250 checks based on issues addressed by CWE and CERTo MISRA-C 2004o MISRA-C 2012o MISRA-C++ 2008
Classic C mistakes
• Array out-of-bounds• Null pointer dereferencing• Using variable before initialization• Order of evaluation of operands• Integer overflow
• Casting issues• Assignment where check for equality was
intended• Illegal printf/scanf format strings• Forgetting to handle a case in switch
statement• Passing macro arguments with side
effects
Representation of results
• Text fileSave-to-file in C-STAT Messages window
• Automatically generated .db file– Can be opened with sql browser and– Exported as csv file
Exclude code from being checked
• Suppression via #pragma:#pragma cstat_suppress="INT-use-signed-as-unsigned"<my code>
• Suppression with comments:<my code> //cstat !MISRAC2004-6.3
//cstat –MISRAC2012*
<my code>
//cstat +MISRAC2012*
• Suppressed messages documented in html report
Continuous Integration
• Continuous Integration (CI) environments– automate the build and test of code, every time a team member commits changes to
the version control system– should be agnostic to the underlying tools– should offer the option to call tools from the command line
C-STAT and CI
• C-STAT from the command line– Perform static code analysis from the command line– Useful when you want to automate repetitive analysis– Results will be reported in the console window and in a database file– Syntax: icstat.exe [options] <command> [--<extra>]
C-STAT and CI
• C-STAT through iarbuild.exe– Build your complete project based on the project settings file *.ewp withiarbuild.exe
– Static code analysis via C-STAT can be invoked – Syntax: iarbuild.exe project.ewp [ -clean | -build | -make | -cstat_analyze | -cstat_clean] configuration [log options][parallel][custom argument variables]
Summary (1)• Automated inspections are a good
approach to improve code quality• Static code analysis helps you to identify
possible issues in an efficient way• C-STAT is available for daily use inside
IAR Embedded Workbench as well as from the command line
Run-time analysis – C-RUN
• Detection of data manipulation issues during runtime
• Addresses arithmetic, bound and heap checking
• Very efficient instrumentation of compiled code
• Fully integrated in IAR Embedded Workbench for: ARM ≥ v7.20
C-RUN run-time analysis
Individual checks can be turned on/off• Overhead depends on:
– Performed checks– Application profile
• Can be configured on module basis
Summary
Total fault coverage with Compiler/Linker, C-STAT and C-RUN
Runtim
e analysis
Static analysis
Com
pile
r/Lin
ker