Guarantee Code Quality and Stay

Secure

Agenda

• Why should I care about code quality?

• How to quickly and easily improve code quality

• Graphical modeling with IAR Visual State

• How to benefit from functional safety requirements

• How to easily implement security in your application

Why should I care about

code quality?

Caring about code quality

• High quality code has fewer defects,

so faster time-to-market

• It also is easier to maintain or extend,

so faster follow-on projects

• Much easier to get safety certifications

• Lower “technical debt”

Quickly and easily improve

code quality

Fast ways to better code

• Perhaps the fastest way to improve code quality

is to employ code analysis tools

– Quickly finds common sources of bugs in your code

– Helps you to find problems that don’t normally occur

to developers

• Code analysis tools are required if you are

seeking functional safety certification

CWE (the Common Weakness Enumeration): http://cwe.mitre.org/

CERT (Computer Emergency Response Team): http://www.cert.org/

Complete static analysis tool fully integrated in IAR Embedded Workbench

C-STAT static analysis

Intuitive and easy-to-use settings

with flexible rule selection

Extensive and detailed

documentation

Checks compliance with MISRA

C:2004, MISRA C++:2008 and

MISRA C:2012

Includes ~250 checks mapping to

hundreds of issues covered by

CWE and CERT C/C++

C-RUN runtime analysis

Find actual errors at runtime

Bounds checking to ensure accesses to arrays

and other objects are within boundaries

Arithmetic checking

Heap and memory leaks checking

Complete runtime analysis tool fully integrated in

IAR Embedded Workbench for Arm and RX

Intuitive and easy-to-use settings with flexible rule selection

Code correlation and graphical feedback in editor

Comprehensive and detailed feedback

Very efficient instrumentation of compiled code

Code analysis tools

Run

tim

e a

naly

sis

Static analysis

Total fault coverage

9

Let C-RUN analyze your project

Requirements Design Implementation Verification Maintenance

Build and debug the application

Take full control of your developmentImplement your design in code

Investigate

runtime

errors

Review

potential

issues

Let C-STAT analyze your code

Graphical modeling with

IAR Visual State

IAR Visual State

• As complexity increases, how do I ensure

that I capture the complete design in code?

• How do I restructure the code if I discover

omissions or errors in the

designs?

• How can I verify that there is

no risk for deadlocks or

ambivalence in my design?

IAR Visual State

• Tool for design and code generation

• Used to graphically design state machines

and generate C/C++ source code– The graphical language used is based on UML

• Automated documentation

State machines in IAR Visual State

• Map events in the environment, like device driver input or interrupts, to state machine events

• Capture the discrete system logic in states, events, transitions and actions using UML diagrams

• Map actions to functions or device drivers interacting with the environment

How to benefit from functional safety

requirements

What is functional safety?

Definitions from IEC (http://www.iec.ch/functionalsafety/explained/)

• SafetyFreedom from unacceptable risk of physical injury or of damage to the health of people,

either directly, or indirectly as a result of damage to property or to the environment

• Functional safetyThe detection of a potentially dangerous condition resulting in the activation of a

protective or corrective device or mechanism to prevent hazardous events arising or

providing mitigation to reduce the consequence of the hazardous event

Various FS Standards

• IEC 61508

Functional Safety of Electrical/Electronic/Programmable Electronic

Safety-related Systems

• IEC 62304

Medical device software – Software life cycle processes

• EN 50128

Railway applications - Communication, signaling and processing

systems - Software for railway control and protection systems

• ISO 26262

Road vehicles – Functional safety

• (DO178C)

Software Considerations in Airborne Systems and Equipment

Certification

How these standards affect you

All these Functional Safety standards pose requirements on

the development process!

Requirements gathering, implementation, testing, verification and validation of

relevant safety functionality, programming language selection, etc, etc, etc…

All these Functional Safety standards, independent from the

Safety Integrity Level pose requirements on how to select

development tools!

• Reduce liability risks associated with your

application

• Reduce risk of product recall

• Reduce number of firmware updates

• Ensure compliance with international standards and

requirements

• Protects your company’s reputation

Benefits of following standards

Functional Safety and Code Analysis

• Developers tend to make the same mistakes…

• IEC61508 v2 requires static analysis for SIL 2-4

– Section C.4.2 lays out the need for analysis

– Without static analysis, the standard does not recommend using

C

• Section B.6.5 strongly recommends dynamic analysis

IEC 61508 Automatic common error detection C-STAT, C-RUN

Easy-to-understand designs

• ISO26262 requires that designs be easy to understand

– Must do design walk-thorough and inspections

– Must be able to simulate designs

• Also requires that control-flow analysis be performed

ISO 26262 Ease of design analysis IAR Visual State

IEC 61508 Automatic common error detection C-STAT, C-RUN

Testing of designs

• All safety standards have recommendations on testing

designs

• ISO26262 requires:

– Integration testing in a realistic target environment

– Testing to have high level of controllability and observability in

the software under test

ISO 26262 Tight testing integration and visibility C-RUN

ISO 26262 Ease of design analysis IAR Visual State

IEC 61508 Automatic common error detection C-STAT, C-RUN

Confidence in your tools

• All safety standards require that you prove your tools:

– Repeatable and reliable results

– Large user base

– Regular testing of tools

All Confidence in use of software tools EW-FS

ISO 26262 Tight testing integration and visibility C-RUN

ISO 26262 Ease of design analysis IAR Visual State

IEC 61508 Automatic common error detection C-STAT, C-RUN

Thank you for your attention!

www.iar.com