Reducing Risks in Embedded Software with Static Code Analysis

We use static code analysis as part of our development process

This is part-two of a three-part series on building reliable embedded systems.

At Angaza, we use Continuous Integration (CI) and regression tests as part of the development process. Every time new code is written, “it must be accompanied by new tests, and the entire codebase must pass the testing suite. [The] embedded system code is no exception. These tests are automatically executed against our codebase by special CI servers whenever a code change is made on any active branch.” While they play a critical role, there’s more to ensuring system reliability than unit tests.

Static Analysis, a set of techniques used to detect potential unintended behaviors in functionally working code, plays an important role in risk reduction for embedded software. We use static code analysis as part of our development process to increase the reliability of the pay-as-you-go (PAYG) platform embedded inside Angaza-enabled Pay-As-You-Go products.

Even if a pay-as-you-go product ‘works fine’ in hands-on functional tests, it’s possible (likely, even) that undetected bugs are hiding below the surface. Static code analysis tools help to dig up these sorts of bugs, typically undetected by a compiler, that cause the device to fail under unanticipated conditions. An example might be an out-of-bounds array access. Another example might be a pointer to NULL, which gets dereferenced in a rare circumstance that doesn’t occur in functional testing. If these errors escape out of the lab and into customers’ hands, the product (and end users) are subject to hard-to-reproduce issues that could vary in importance from ‘mildly inconvenient’ to ‘safety hazard.’ Adding static code analysis to our toolkit helps to ensure potential issues are discovered by our IoT team, rather than end-users.  

Learn more about static code analysis at Angaza, with real world examples and technical notes, in the original article.

In the final piece of this series, we’ll be taking a look at how Angaza develops unit tests for the PAYG embedded systems code unit testing embedded systems code, an easy-to-use framework for setting up unit tests in C.

Full Story: Reliable Bottom of Pyramid Systems: Static Analysis
Published September 25, 2017 on Medium by Joshua Milburn.