Polyspace Static Analysis

Run-Time Errors

Run-time errors most often refer to issues that appear during the execution of a program. Run-time errors can occur in software or hardware, causing it to malfunction. They’re important to detect, as they may cause critical safety, security, or business operation concerns. Software run-time errors include logic errors such as arithmetic exceptions. They can also include control and data flow related defects such as non-initialized variables or pointers, memory related defects such as buffer overflows, or concurrency defects such as race conditions. Polyspace static analysis can offer a solution for run-time error detection.

Why Worry About Run-Time Errors?

Run-time errors can potentially cause the critical systems of high-integrity applications to fail, leading to disastrous results. Run-time errors have been blamed as the root cause of system failure in high-profile examples. These include an arithmetic overflow run-time error, which crashed the onboard computer of a rocket, and a race condition run-time error, which caused a medical device to inject lethal amounts of radiation.

Run-Time Error Detection

It is critical to perform run-time error detection for high integrity applications. However, this kind of error detection is challenging, because it involves anticipating every possible execution of your software. As noted below, anticipating all paths is difficult:

“In the ideal case, you want to test every possible behavior in your program. This implies testing every possible combination of inputs or every possible decision path at least once. This is a noble, but utterly impractical, goal. For example, in The Art of Software Testing, Glen Ford Myers describes a small program with only five decisions that has 10^14 unique execution paths. He points out that if you could write, execute, and verify one test case every five minutes, it would take one billion years to test exhaustively this program. Obviously, the ideal situation is beyond reach, so you must use approximations to this ideal. As you’ll see, a combination of functional testing and coverage testing provides a reasonable second-best alternative. The basic approach is to select the tests some functional, some coverage that have the highest probability of exposing an error.” [1]

As there could be trillions of possibilities to test for, it is clear that run-time error detection by means of testing alone is insufficient and inefficient. A better solution is to use Polyspace static analysis to detect run-time errors, as you can use it to verify every possible combination of inputs with every possible decision path. It uses a formal methods technique known as abstract interpretation. This technique bridges the gap between conventional static analysis techniques and dynamic testing by verifying the dynamic/run-time properties of software applications at compilation time.

Without executing the program itself, abstract interpretation investigates all possible runtime behaviors of a program to not only prove the existence of complex run-time errors but also to prove their absence. You can use Polyspace products to identify those peculiar runtime errors that only happen under specific runtime conditions. Learn more about the Polyspace static analysis solution.

Combining abstract interpretation and static code analysis enables you to:

1 Berger, “The Basics of Embedded Software Testing.” Embedded. 2011.

Alenia Aermacchi

"For us, a key advantage of Model-Based Design is the ability to concentrate on design and development instead of low-level coding, verification, and certification tasks. The result is higher quality, DO-178B certified software, and faster iterations."