Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Finding defects in safety-critical code

Posted: 31 Mar 2009 ?? ?Print Version ?Bookmark and Share

Keywords:code safety critical? static analysis? testing rigorous?

In safety-critical applications, bugs in software are not just costly distractionsthey can put lives at risk. Consequently, safety-critical software developers go to great lengths to detect and fix bugs before they can make it into fielded systems. Although there are some well-known cases where software defects have caused disastrous failures, the record is mostly fairly goodif the software controlling medical devices or flight-control systems was as buggy as most software, the headlines would be truly dreadful.

The methods that safety-critical developers use are undeniably effective at reducing risk, so there are lessons to be learned for developers who do not write safety-critical code. Two techniques stand out as being most responsible: advanced static analysis and rigorous testing.

Static analysis tools have been used for decades. Their appeal is clear: they can find problems in software without actually executing it. This contrasts with dynamic analysis techniques (i.e. traditional testing), which usually rely on running the code against a large set of test cases. The first generation of static-analysis tools, of which lint is the most widely-known example, were quite limited in capability and suffered from serious usability problems.

However, recently a new generation of advanced static-analysis tools has emerged. These are capable of finding serious software errors such as buffer overruns, race conditions, null pointer dereferences and resource leaks. They can also find subtle inconsistencies such as redundant conditions, useless assignments and unreachable code. These correlate well with real bugs as they often indicate that the programmer misunderstood some important aspect of the code.

The tenth rule
Using advanced static analysis tools is quickly becoming best practice: rule ten of Holzmann's "Ten Rules for Writing Safety Critical Code" specifies that advanced static analysis tools should be used aggressively all through the development process.

The other important technique is systematic testing. The importance of highly rigorous testing has been recognized by some regulatory agencies. For flight-control software, the Federal Aviation Authority is very specific about the level of testing required. The developer must demonstrate that they have test cases that achieve full coverage of the code. Developing such test cases can be very expensive. Advanced static-analysis tools can help reduce this cost by pointing out parts of the code that make it difficult or even impossible to achieve full coverage.

This article describes how advanced static-analysis tools work and how you can use them to reduce the cost of testing.

1???2???3???4?Next Page?Last Page

Article Comments - Finding defects in safety-critical c...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top