Polyspace Static Analysis Notes

Read through the latest posts to learn more about Polyspace® products.

MISRA Is Now Better and Easier to Implement with Polyspace Tools

By Ram Cherukuri, Gary Ryu

The most recent version of the MISRA standard coding rules is MISRA C:2012, which succeeds MISRA C:2004 that has been widely adopted in the software community across industries for embedded systems.

Read more

Leverage Semantic Analysis of Polyspace Tools to Automatically Justify MISRA Violations

By Ram Cherukuri, Stefan David

MISRA standard is a widely adopted coding standard across industries. It has become a commonplace best practice among embedded software development and quality assurance groups. A lot of these groups have a strict adherence policy to at least a subset of applicable rules—if not all of the coding rules. Such a compliance policy would require a review process to address the violations of the coding rules, and this process can often be resource intensive.

Read more

How Many Tools Does It Take to Verify Your Software?

By Ram Cherukuri

This reminds me of the joke asking, “How many engineers does it take to change a light bulb?“

Many of our customers, especially those in the automotive industry, have used more than one static analysis tool as part of their software development and verification process.

One reason for the use of multiple tools is that, traditionally, the adoption of static analysis was fragmented into different activities such as coding rule compliance, bug finding, and so on. The development organization may have adopted a lint tool to perform local bug finding and a rule-checking tool to verify compliance to standards such as MISRA, while the quality assurance department may have adopted tools for code metrics such as code coverage, comment density, and cyclomatic complexity.

Read more

Robustness and Contextual Code Verification: Part 2

By Anirban Gangopadhyay and Ram Cherukuri

In part one of this two part series, we discussed robustness code verification, a method in which you verify your unit of code in isolation from the rest of the code base. We outlined a few examples, and we discussed the pros and cons of using this approach.

In this post, we will discuss contextual code verification, in which you verify your unit of code in context of the code base where the unit will be integrated. This post will walk you through the concepts behind contextual code verification using the same examples as in the last post, and it will then outline the best practices for using both types of code verification (robustness and contextual).

Read more

Robustness and Contextual Code Verification: Part 1

By Anirban Gangopadhyay and Ram Cherukuri

This is part one of a two part series outlining code verification methods.

We begin with a question: At what stage of software development should I verify my code?

The answer is simple. You should verify it right after you have compiled it, when the code is fresh on your mind. Once you are shown potential errors, reviewing and fixing those errors can be almost trivial. Fixing errors never gets easier after that stage in the workflow.

Read more

Misconception: Static Analysis Is Only About Finding Bugs

By Ram Cherukuri, Jeff Chapple, Stefan David, and Jay Abraham

Faster time-to-market trends could possibly be driving the misconception that static analysis is only about finding bugs. Software developers must eliminate as many bugs as possible and will use a quick bug finding tool, though it is likely that some bugs will remain. This practice may be sufficient for non safety-critical applications such as smartphone apps, but it may be insufficient for safety-critical applications. Safety-critical applications, therefore, require more rigorous methods to verify safety and robustness, which is where the other benefits of static analysis come in. In this article we will bust the misconception that static analysis is only about finding bugs, and prove that it can help verify compliance to coding standards, produce metrics about code quality, and be used at any stage of software development.

Read more

Detecting the Apple Goto Fail Vulnerability

By Jay Abraham, Ram Cherukuri, and Christian Bard

In February 2014, technology blogs and news outlets were abuzz about a newly discovered vulnerability in Apple’s iOS iPhone, iPod, iPad, and Mac OS X devices. There was a problem in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) code that could be exploited by what is known as Man in the Middle attack (MitM). The vulnerability was dubbed Goto Fail, and Apple quickly patched the defect with iOS 7.0.6 for its mobile platform and OS X 10.9.2 for the desktop platform.

Read more

Ask the Expert

Ram Cherukuri
Polyspace Static Analysis Notes Contact Expert

Email Ram
Ram Cherukuri