Static code analysis is a method to verify all possible paths within a software program without actually executing the program. A static code analysis tool can efficiently locate defects such as out of bound array accesses, memory allocation errors, arithmetic over and under flows, and inconsistent code fragments that go unnoticed during dynamic tests or peer reviews. Static code analysis can be applied early in the software development process, it can be applied on incomplete and incorrect code bases and when no test-cases have to be developed.

For embedded software development, the SCA tool needs to be aware about specific issues such as: the existence of special function registers, the use of in-line assembly language, C-language extensions such as pointer and memory space qualifiers to address multiple address spaces, and DSP specific data types such as circular buffers, and fixed point data types. General purpose SCA tools do not support these specific features to the same extend as SCA tools that are integrated within the embedded compiler.

Various embedded compiler vendors have integrated SCA with their compiler and they have many good reasons to do so. SCA algorithms are based on abstract syntax trees, structural analysis, data flow analysis, inter procedural control flow analysis and heuristics. These techniques fit well within a compiler front-end, can be executed fast, can be made aware of compiler specific embedded C language extensions, and can take the compiler's ISO-C implementation defined behaviors into account. As a beneficial side effect the gathered information about a program is also available to the compiler's optimizers, enabling further reductions in code size or providing opportunities to increase run-time performance.

Furthermore the output of the SCA can be intermixed within the compilers error and warning messages. This tight integration of SCA in the compiler eases the inclusion of SCA in an existing software development flow. SCA can be applied during the normal edit-compile-debug cycle. No modifications to tools, build scripts and procedures, work flows, or organizational structure are required. This prevents the "hidden cost" that occur when dedicated stand-alone SCA tools applied in an organization.

Standardization Efforts

National governments as well as industry consortia have recognized the importance of software security, safety and reliability and have driven research and development of standards that enforce secure, safe and reliable coding practices. The "CERT C/C++ Secure Coding Standard" and the "MISRA-C/C++ Guidelines for the use of the C/C++ language in critical systems" are today's most well known and thorough standards that deal with the use of the C/C++ programming language in networked embedded environments.

CERT

CERT, the Computer Emergency Readiness Team was founded by the US government to address internet security risks and potential threats. CERT researches internet security vulnerability, identifies common programming errors that lead to software vulnerabilities, establishes standard secure coding standards, and educates software developers to advance the state of the practice in secure coding. CERT has observed, through an analysis of thousands of reports, that most vulnerabilities stem from a relatively small number of common programming errors. By identifying insecure coding practices and developing secure alternatives, CERT provides software developers with practical steps to reduce or eliminate vulnerabilities before deployment. These guidelines are collected into "The CERT C/C++ Secure Coding Standards".

In 2009 Altium integrated CERT C secure code analysis into its embedded TASKING compilers, starting a new trend and reconfirming its technical leadership on the compiler market and its drive for innovations.

MISRA C

Altium was also the first company to fully integrate MISRA C support into C compilers for embedded development purposes, which was then followed by many other compiler vendors that reinforced Altium's innovative vision. MISRA C guides programmers in writing more robust C-code by defining selectable C-usage restriction rules. Through a system of strict error checking, the use of error-prone C-constructs can be prevented. The latest step in this innovation is configurability of the compliancy checking. The MISRA rules, which the application's source code should be compliant with, can be set as 'required' or 'advisory' and the diagnostic level of the generated messages by the compiler can be defined as either 'warning' or 'error'. This allows you to configure the individual rules of the MISRA C compliancy validation according to the quality standards set by your company. The TASKING VX-toolsets supports the new MISRA-C:2004 standard as well as the original MISRA-C:1998 guidelines.

Read more on MISRA C support in the TASKING toolsets.

Availability

MISRA C enhanced code checking is available in all TASKING VX-toolsets, as well as in many of the traditional TASKING toolsets. The code analysis checker for CERT C is available in the VX-toolset for C166 (v2.4r1+), TriCore (v3.4r1+) and Cortex-M (v3.1r1+).