Are You Using More Than One Software Analysis Tool?

June 11, 2009
Actually, a better question for many embedded developers is whether they’re using even one code analysis tool. In many cases, the number of static or dynamic analysis tools used by a programmer is zero. At the same time, the goal that se

Actually, a better question for many embedded developers is whether they’re using even one code analysis tool. In many cases, the number of static or dynamic analysis tools used by a programmer is zero. At the same time, the goal that seems to be on top of everyone’s list is getting bug-free software done on time. Unfortunately, this can be a challenge when you aren’t using these tools.

Most developers know that finding and fixing bugs early is less costly by orders of magnitude as code moves progressively away from its creator. The cost in time and money of fixing a bug found only a week later is significantly higher than one found the same day that the code was written or modified. The cost gets progressively higher as it moves through Q&A and out into the field. In many cases, especially for embedded devices, the cost of fixing deployed products isn’t even considered unless liability concerns mandate a fix.

Still, getting programmers and managers to utilize static and dynamic analysis tools is a challenge. I ran into a similar problem almost 20 years ago working at NuMega Technologies on a tool called BoundsChecker. It is now part of Compuware’s DevPartner for Visual C++ Bounds- Checker, but it started as a tool to check the parameters passed to the Windows operating system.

Even then, Windows had a massive number of interfaces associated with it, and there was little error checking on the operating-system side. Passing a negative number where a pointer was required could often result in a system crash, so it pays to pass parameters that are expected. Unfortunately, you run into an array of myths while selling a tool like BoundsChecker, from “I don’t make those kinds of mistakes” to “It generates false positives.”

These myths persist today even though the tools are more robust and varied. In fact, those in the know often use more than one tool, and analysis tool suites frequently include a range of static and dynamic analysis tools (see “The Latest Static And Dynamic Code Analysis Tools”).

Part of the issue is understanding what each tool does and how it works. These tools typically check hundreds or thousands of cases and conditions. The goal is the same bug-free code. Unfortunately, this means finding or preventing bugs. Many designers miss this distinction.

That’s why tools like LDRA Software Technology’s TBvision may provide recommendations as in this case with MISRA C++, an automotive coding standard (see the figure). But MISRA C/C++ is just the tip of the iceberg. Other static analysis tools, including TBvision, can identify errors statically in addition to handling coding standards.

The kinds of errors found by static or dynamic analysis by different tools sometimes overlaps, but often they address different areas. This is why using more than one tool can be more helpful. Of course, using one to start with is a good first step.

LDRA SOFTWARE TECHNOLOGYwww.ldra.com
About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form. 

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below. 

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.  

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence. 

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!