Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Basics of software standards compliance (Part 4)

Posted: 24 Feb 2016 ?? ?Print Version ?Bookmark and Share

Keywords:security assessment? safety-critical software? IEC 61508? Risk Reduction Factor? Safety Integrity Levels?

While it is possible to enforce coding standards via manual inspection, this process is not only slow and inefficient, but it is also not consistent or rigorous enough to uncover the variety of defects that can result in a safety or security vulnerability. In practice, coding standards are never fully implemented unless they are automated. The larger and more complex the software applications, the more impossible manual inspection becomes. As a result, coding standards are best enforced by the use of static analysis tools, which help to identify both known and unknown vulnerabilities while also eliminating latent errors in code (figure 1). Additionally, the use of these tools helps to ensure that even novice secure software developers can benefit from the experience and knowledge encapsulated within the standards.

Figure 1: An automated check via software is the only way to efficiently and reliably check the compliance of code to a particular programming standard. LDRA TBvision displays the results of code checked for MISRA compliance using static analysis. (Source: LDRA) Click on image to enlarge.

Static code analysis tools parse through the code under development and help to identify sections of code that do not comply with the programming standard. The more advanced static analysis tools go beyond the simple semantic parsing of the code and consider the code in context, helping to introduce new programming standard concepts. For instance, advanced static analysis tools, such as those pictured in figure 2, can be used to help identify the following issues that can compromise code quality, and should be considered for inclusion by any organisation seeking to adopt a coding standard: Areas of excess code complexity, Unreachable code and Unintentional data coupling.

Notably, programming standards don't make code testing redundant. Defects can stem from higher-level process issues, such as requirements misinterpretation, just as much from coding errors.

Figure 2: Overly complex code is harder to debug, maintain, and port. Advanced static analysis tools, such as LDRA tool suite, not only can apply programming standards, but provide code complexity metrics that help development teams deliver better quality code that is less likely to break. (Source: LDRA) Click on image to enlarge.

In the next articles in this series, we'll reach beyond the code to look at how to build processes that are also bullet proof.

About the author
Jay Thomas, a Technical Development Manager for LDRA Technology, has worked on embedded controls simulation, processor?simulation, mission- and safety-critical flight software, and communications?applications in the aerospace industry. His focus on embedded verification?implementation ensures that LDRA clients in aerospace, medical, and industrial sectors are well grounded in safety-, mission-, and?security-critical processes.

?First Page?Previous Page 1???2

Article Comments - Basics of software standards complia...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top