This file type includes high resolution graphics and schematics when applicable.
How do you improve the output capability and quality of embedded programmers? One way is to give them better tools such as static analysis and compliance tools. They tend to be mandatory in embedded arenas such as military and avionics, but—according to the latest Barr Group survey—less prevalent in general.
The challenge isn’t just getting the tools into developers’ hands (although battles with the bean counters are ever-present), but also getting developers to use them. While training definitely helps on the latter front, developers often discount the value of these tools.
There are a variety of myths about them as well that are easily debunked. For example, these tools are not just for military and avionics applications.
Another myth is that the tools can be expensive to buy and use. That myth has a few more caveats, because most of these tools are not just simple static analysis tools. They are often part of a coordinated suite of tools that include things like code coverage analysis, coding standards compliance, requirements traceability, code visualization, and more. Some companies sell their tools unbundled, possibly reducing the initial cost if only a few modules are required. Some developers may already have similar tools in their toolbox that could also reduce costs.
The more difficult problems include trying to justify the cost of these tools and to incorporate them into the development process. The latter is easier at the start of a project because bad habits are more easily corrected. Adding the tools to the mix of an existing project often generates many new bugs to be addressed, of which some are false positives. How well a tool addresses these challenges often dictates how successful they are in the long run at helping to improve the overall development process. Even a large number of true positives can be a distraction, though these bugs really do need to be fixed in the long run.
The discussion about these types of tools has been ongoing, so why is it more important now? One reason is the rise of the Internet of Things (IoT). The IoT inherently requires a wider range of coding to occur from embedded devices through the cloud, all of which are prone to errors and security issues. The systems tend to be beyond the scope of a single person to implement and execute, making these types of analysis tools more valuable; they provide a more consistent development environment across the IoT platforms, in addition to detecting bugs.
According to VDC Research, most code for embedded applications is developed in-house (see figure). Still, this code may make use of third-party, open- or closed-source libraries and runtime. Good programmers using good programming practices are useful for the code they generate, but what about third-party code? Most developers have access to the source code, so the standard analysis tools can handle it, but code is sometimes available only in binary form. Grammatech’s CodeSonar supports a mixed-mode analysis that can analyze binary code allowing third party libraries to be checked.
Automated tools like static analysis can pay huge dividends in the long run. They are worth checking out if you are not already using them since they can improve code quality, reduce delivery times, and provide an edge over the competition. The challenge in comparing tools will be the variety of options and variance in features between different vendor products. Features like code coverage and standards compliance tend to be common, but other features may be unique. Products will often integrate nicely with development tools like integrated development environments (IDE), but typically not with each other. Some incorporate their own life-cycle management support while others integrate with third-party tools.
Deciding on what tools will work best with your current development process can take a good bit of time and effort. It is not something to be done in an afternoon discussion while running through a checklist. These tools typically require some training to be used effectively and efficiently.
Looking for parts? Go to SourceESB.
This file type includes high resolution graphics and schematics when applicable.
