It’s almost summertime, and I’ve been watching the neighbors put all sorts of chemicals on their lawns. I recommend an organic approach that includes corn gluten meal (CGM) instead. CGM is a natural preemergence herbicide and fertilizer (9-0-0) that is a natural weed suppressant. It is better for the lawn, the environment, and your pocketbook.
CGM prevents weeds by stopping the germination of the weed seeds, so you need to start using it at the beginning of the spring. Using it too late in the season will let the weeds sprout. As a fertilizer, CGM also delivers a healthier, more robust lawn.
A DIFFERENT KIND OF BUG
I ran into similar concerns about the use of development tools at the spring Embedded Systems Conference in San Jose. This came up in a discussion on safety that turned to the Motor Industry Software Reliability Association (MISRA) and the latest MISRA-C:2004 document.
MISRA-C is a set of 141 simple rules (121 “required” and 20 “advisory”) for C compiler static analysis divided into 21 topical categories, from “Environment” to “Pointers and Arrays,” designed to stop bugs before they sprout into major problems during testing and deployment. Use these rules from the beginning of the development process, and they can reduce the number of bugs and improve the robustness of the application.
C remains the most widely used embedded programming language around, but only some developers take advantage of MISRA-C. Many developers don’t know about it, while others may not have the support within their toolset. Still others argue that if they want to shoot themselves in the foot with bad programming practices, they should be able to do so.
Take one of the many simple rules as an example. Rule 15.3 requires every switch to end with a default clause. Sounds reasonable. It’s simple. One argument against it is when switch statements are used with enum and all possible options are listed in the statement. The problem, especially when considering safety-related issues, is that a variable associated with the statement may be corrupted so the value is outside the range of the enum and hence not checked by the statement.
MISRA-C is just one of the many static analysis tools available to developers. Lint is probably a more commonly used tool primarily because of availability. In fact, this is one downside to MISRA-C availability since there is no standard for its implementation, leaving quite a bit of leeway for compiler implementers. If we’re going to raise the level of C code quality using static analysis tools like MISRA-C, then it is going to require more general and consistent availablility.
Likewise, most static analysis tools allow checking and enforcement to occur selectively. This is especially important when you’re dealing with legacy code, though it can help find and correct issues in existing applications. It additionally can be key to adoption within an organization where some of the stricter or more obscure limits might be an issue with the development group.
THE RIGHT TOOLS
The first place to look for static checking tools is your compiler. Vendors such as Green Hills Software and Altium include the option in their compiler suites. Open-source tools like gcc provide a more limited set of features with options such as -wall that enable a range of static checks, though not on the order of MISRA-C.
Another useful open-source tool based on Lint is Splint, or Secure Programming Lint. Sometimes noted as SPecifications Lint, it is customizable and can perform strong type checking. It also can be used to check for security vulnerabilities in addition to doing syntactic and semantic checks.
Splint and some other static analysis tools can use annotated comments within the code to provide additional semantic information to be employed in checking code. This approach is commonly used for embedded documentation comments, so it is familiar to a wide range of programmers.
Commercial versions of Lint are available from a host of software vendors. Keil has a version available for its C tool suite, while Gimpel Software has a C/C++ version called PClint for C/C++. There is also Cleanscape’s LintPlus for C and C++lint. Klocwork’s Insight adds features such as architectural visualization tools.
If you’re going to take better care of your lawn or your C application, keep it simple. Make the right choices up front. It can save time in the long run and result in a better product. For more information on MISRA-C, go to MISRA’s Web site or try your favorite C compiler. For more on CGM, check out WHYY’s You Bet Your Garden with Mike McGrath. Also, get yourself a mulching mower if you don’t have one. It’s another time saver that is good for your lawn.
ALTIUM • www.altium.com
CLEANSCAPE • www.cleanscape.net
GIMPEL SOFTWARE • www.gimpel.com
GREEN HILLS SOFTWARE • www.ghs.com
KEIL • www.keil.com
KLOCWORK • www.klocwork.com
MISRA • www.misra.org.uk
SPLINT • lclint.cs.virginia.edu
YOU BET YOUR GARDEN • www.whyy.org/91FM/ybyg/