Static code analysis in practice: The early bird catches the bug

November 14, 2019 //By Richard Bellairs, Perforce Software
Static code analysis in practice: The early bird catches the bug
It is one of the nightmare scenarios of digitisation: cybercriminals discover a security vulnerability in an autonomous vehicle and manipulate the accelerator or the brakes. As vehicles become ever more software-based, the risks associated with security loopholes also increase. Comprehensive analysis and compliance with coding standards have therefore long since become indispensable. Static code analysis can provide help in this regard, as the code quality can be improved significantly if it is used properly.

In terms of functional safety in vehicles, there is no getting around ISO standard 26262. The majority of a vehicle's components must be certified accordingly, including all potential software components. For the latter, ISO 26262 recommends the use of a coding standard: this summarises the key rules, which form the basis for a high level of source code quality. The most established coding standard in the automotive sector is the MISRA standard. ISO certification is extremely difficult to achieve without strict application of this standard, but given the complexity of today's software this is a tough undertaking without the use of an automated tool.

This issue, in particular, has put static code analysis ever more in focus in the automotive industry in recent years. Appropriate tools help developers comply with the relevant standards by checking the software code for use of the correct rules during the coding process and immediately displaying deviations. Coding errors are also identified at the same time. As this analysis is performed on the source code, i.e. without the need for an executable program to be created as a first step, errors can be detected and fixed at an early stage and well before the actual test phase, which in turn saves time and money spent on quality assurance.

Taking the earliest opportunity

This means that the best time to introduce static code analysis in a process is as early as possible. Ideally, a suitable tool should be deployed before the actual coding process is started. In practice, however, software development projects in the automotive sector rarely begin as a blank slate. Instead, development is carried out based on existing code parts, for example from open source origins, third-party developers or previous projects. In such cases, the earliest possible opportunity should be used to retroactively introduce the corresponding tool, and it should then be used continuously throughout the development process. This makes it possible to ensure that at least future code adheres to the compliance requirements of the industry right from the very start.

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.