In many industries such as automotive, avionics, medical and industrial controls, newly developed applications must in most cases obtain the appropriate functional safety certification. Going through all the necessary processes and tests to complete functional safety certification has historically been a very difficult process, but there are ways to help speed up the certification process. Of course, choosing a development tool such as IAR Embedded Workbench, which is itself certified and proven in a variety of real-world applications, is also a way to speed up the process from design to completion.
In developing functional safety-critical applications, developers can make several adjustments to expedite certification, but all depend on the application’s code quality. How to do the code quality can be guaranteed? Luckily, we have some simple ways to improve code quality immediately, with as little effort as possible.
Make good use of standards
Did you know that there are about 190 ambiguities in the C99 code specification? In C99, to be precise, there are 190 syntactically legal C constructs that are not explicitly stated in the C language specification. In fact, things get a little bit worse with the latest C18 code specification, and even worse if multiple inheritance and virtual inheritance are introduced in C++. The compiler turns the source code into executable code, so the meaning of the code must be parsed to run correctly.
In practice, developers may use different compilers, which may interpret the source code differently. However, in a high-reliability system, this would be a nightmare scenario, especially since many companies pursuing functional safety certification typically cross-compile their code on multiple platforms to facilitate testing. As you can imagine, this will seriously slow down certification, since you have to test for all such cases to prove the repeatability and reliability of your code.
How can we overcome this difficulty? Simply put, avoid code ambiguity. But how to do this? Developers can choose a coding standard like MISRA, which is designed to avoid common code ambiguities. In addition, the standard promotes safe and secure coding practices to reduce the number of defects in your code. With functional safety standards, the problem can be solved.
Functional safety standards cover code analysis
Almost every functional safety standard requires developers to perform static analysis of code, and it is also strongly recommended that project teams perform runtime (or dynamic) analysis of code. The most influential of these is IEC 61508, which applies to all safety-related systems in a general sense. According to section C.4.2 of the standard, the use of C without coding standards for disambiguation and dangerous behavior is not recommended for Safety Integrity Levels (SIL) above 1. In other words, if a product is to be developed to achieve SIL 2-4 certification, static analysis must be used to improve the robustness of the code.
And static analysis tools can force developers to implement coding standards such as MISRA. In addition, static and runtime analysis can quickly point out risky coding behaviors, especially the coding standard ambiguities mentioned earlier, thus helping to improve code quality. Based on this consideration, developers should choose more tools such as IAR Embedded Workbench that have been proven in diverse applications, which can provide more comprehensive standardized functions.
However, when these types of automated tools are used can also have a huge impact on a project’s certification timeline. Many organizations use hard-to-configure, hard-to-use code analysis tools that run nightly on build servers. However, this kind of tool is limited in practice, because each program developer cannot get immediate feedback on what is wrong with the code they just wrote.
Also, sometimes the warning messages issued by these tools are inherently obscure, wasting the developer’s time figuring out what they really mean and how to correct the code to eliminate the warning. If you can run code analysis during the development process before entering the official build, you can perfectly avoid code defects. As a result, the project code defect injection rate will be greatly reduced, which is a very important indicator for certification bodies, because it means that the project has a very mature development organization.
Incorporate code analysis into your daily workflow
Based on the results of research conducted with companies in multiple industries, the IAR Systems team found that the easier it is to configure and use a code analysis tool, the more likely it is that developers will choose it and benefit more quickly. If these automated tools can be incorporated into the developer’s toolbox, the developer can check and improve the quality of the code at any time as the application is written, while “on the spot” seeing what this part of the code does and how it interacts with the system. Interact with other modules. To do this effectively, code analysis tools must be integrated into the daily workflow.
To see what others thought about integrated code analysis, the IAR team looked through the material and found that Google had published an article in the ACM journal exploring the benefits of code analysis. While the article takes a comprehensive look at their entire codebase (including C, C++, and Java), their conclusions are clear:
“Compiler bugs are caught early in the development process and can be integrated into the developer’s workflow. We found that expanding the compiler’s set of checks was effective in improving Google’s code quality.”
The author said that integrating static analysis checks into the compiler workflow and outputting them as Error messages will greatly improve developers’ attention to tool output information, and ultimately greatly improve code quality. Further down, they talk about sending out the same survey to developers who recently encountered a compiler bug and developers who have already received a fix for that bug.
“Google developers believe that flagging errors at compile time (compared to patches that build code detection capabilities) catches more significant bugs; for example, 74% of issues flagged at compile time were considered by survey participants are real problems, and only 21% of real problems are found in the detection code.”
Additionally, the article touches on the importance of integrating code analysis into the workflow, noting that when they automate code submissions through static analysis tools and invite engineers to view the analysis dashboard, few engineers follow up. However, static analysis tools are easier to use and harder to ignore if immediate feedback is available during compilation. Therefore, they chose to integrate static code analysis by default in everyone’s workflow. They believe that to promote code analysis tools, developers must feel able to benefit from them and enjoy using them.
What are the results of adding code analysis to the workflow? One result is that the overall security of the application is improved, as good code can eliminate vulnerabilities such as buffer overflows, illegal pointers, etc. While this is a good enough reason, sometimes it’s hard to get people to “prevent it” and you need more dramatic results to convince developers and management of the benefits of code analysis.
A paper by Stefan Wagner et al. (https://arxiv.org/pdf/1711.05019.pdf) uses empirical data to calculate the pros and cons of code analysis tools versus traditional testing across different codebases. Their results are convincing, of the 769 identified defects, 76% were found by code analysis tools, while only 4% were found by traditional testing (the remaining 20% were found during code reviews).
How fast can the software mean time between failure (MTTF) goal be achieved if 75% of defects can be eliminated before testing begins? The answer is “very fast”. The time and money saved on testing alone is worth the investment in a code analysis tool, not to mention that it also speeds time to market. These are the types of processes that functional safety certification bodies like to see because it greatly reduces the risk of defects entering the final product.
Premium Code Accelerated Functional Safety Certification
The key to accelerating functional safety certification is improving code quality. Only by improving code quality can project teams reduce defect injection rates and thus meet software release standards faster, so that when submitting to functional safety certification bodies for certification, they will consider your organization to have a very mature process. While developers can never know exactly how many bugs are left in an application, early and frequent use of code analysis tools will help reduce their number.