A Simple Polyspace Workflow to Detect Software Issues Early
By Ram Cherukuri
Organizations and teams adopt various models (i.e., V and Agile) for their software development processes. Within each model, there are differences variations, depending on the requirements of the application, the industry, and the maturity of the workflow. There are additional variations depending on the different steps in the software development workflow. For example, some organizations include a formal code review as part of their development process, given its benefits in improving the defect detection rates. Others rely solely or heavily on testing activities. Given these wide variations, there are at least a couple of best practices applicable to most modern embedded software development workflows.
The Coding Stage
A significant portion of software defects are introduced during the coding process. If left unchecked, these errors propagate and can end up being detected as late as the integration stage. For example, a write operation on an array that leads to a buffer overflow that goes undetected can cause intermittent crashes during development or while testing on the target hardware.
A good practice is to run a quick analysis at the same time that you check whether your code has compiled. This enables you to catch a significant number of the defects before the code is taken into a code review or is checked into the source code management system. The coding phase is also the best time to enforce any coding guidelines, such as MISRA, adopted by your company or the industry. You can use Polyspace Bug Finder™ for such analysis. In the following two videos, you can see how Polyspace Bug Finder can be used as part of your IDE to detect bugs during coding, and how it helps in enforcing MISRA coding rules.
Another important milestone in the software development process is the unit testing phase, where you can spend a lot of time creating and executing test cases. As these tests uncover defects, you spend valuable time and effort debugging and fixing the issues.
This is an ideal step to leverage automation provided by formal semantic analysis to exhaustively verify all possible run time scenarios without the overhead of manual testing. Using Polyspace Code Prover™ as a precursor to the unit testing process enables you to identify code that is proven safe. Therefore, you can focus on analyzing unproven code to identify the subtle run-time errors. These errors are a result of a particular path through the code for certain values of inputs and parameters. The run-time information of the control flow, data flow, and the variable range help you diagnose the root cause.
In fact, if you have used Polyspace Bug Finder during the coding stage, you can reuse that project for code proving, avoiding the need to set up a separate project. Learn more about the complementary workflow between Polyspace Bug Finder and Polyspace Code Prover.
Ask the Expert
Puneet Lal Polyspace Static Analysis Notes Contact Expert