Embedded Systems Design Europe - May 2008 - (Page 28)

medical umentation accompanying the source code. The result of this was a makeﬁle that could be used to emulate the original compilation environment. In addition, several conﬁguration parameters were changed from the default in order to improve the precision of the analysis. This included increasing the number of paths being searched in each procedure, maximizing the path ﬁnding effort, and setting the lower bound for the null pointer threshold to 1 to indicate that all address values (except NULL) could be dereferenced safely. Finally, the tool was run for each of the three modules separately. The output of the analysis was generated as a navigable HTML report, with links to speciﬁc regions in the source code that contained the errors. Figure 1 shows part of the output generated by the static analysis tool. The code in the ﬁgure is an “Uninitialized variable” warning. This warning is generated to report the attempted use of a variable that has not been initialized (names of the variables in the code have been deliberately changed to protect the manufacturer’s conﬁdentiality). The code shown in the ﬁgure depicts part of a procedure S_Keys that has a number of variables deﬁned locally. Of these, the variables is_button_pressed, number, and button_ press are initialized to default values at the start of the procedure. However, the variable button is not initialized. Instead, it is expected to be assigned a value by the function ProcessButton, to which it is passed as a parameter, invoked at line 1267. Moreover, the function ProcessButton is invoked from within a conditional loop and may itself contain conditional statements that would not always guarantee a valid value being assigned to the variable button. Thus, when used in the switch statement on line 1272, button is ﬂagged as an “Uninitialized variable.” This could lead to an unintended path being executed along the switch statement, which may ultimately lead to device malfunction. In all, static analysis of the code produced a total of 736 such warnings. 28 A breakdown of these warnings classiﬁed by the different warning classes is listed in Table 1. All of the reported warnings were inspected manually to determine if they constituted genuine problems. A number of warnings were discarded during this process, if they were determined never to be the direct cause of a device malfunction. For example, the static code analyzer issues an “Unused value” warning when a variable is assigned a value that is never used. These types of warnings Warnings reported by CodeSonar Warning class Buffer overrun Buffer underrun Cast alters value Ignored return value Division by zero Leak Missing return statement Null pointer dereference Redundant condition Shift amount exceeds bit width Type overrun Type underrun Uninitialized variable Unreachable code Unused value Useless assignment Table 1 are typically harmless by themselves, but the tool reports them because some safety-critical coding conventions prohibit their use, and because they could be indicative of poor design and maintenance processes. Warnings like these were discarded, unless they were suspicious for some other reason. A second group of warnings were discarded because they were false positives. As discussed in the previous section, false positives are impossible to avoid in general. However, some of these could be eliminated by Warnings reported 6 9 116 14 1 25 13 62 139 2 3 2 169 34 23 118 Actual problems 29 1 28 4 36 20 9 MAY 2008 | embedded systems design europe | www.embedded.com/europe http://www.embedded.com/europe

Table of Contents Feed for the Digital Edition of Embedded Systems Design Europe - May 2008

Embedded Systems Design Europe - May 2008 Contents Microsoft Provides Embedded Roadmap Enea Buys Developers Irish Start-Up Raises Funds for Telecom FPGAs Kontron Promotes COM Express Nano Mentor Nucleus Platform Provides UI for Atmel Small Form Factor Boards Head for the SUMIT Proffibus Advances IO-Link Integration Embedded Developers Cautious on Multicore Auto Cooperation Improves Test Altera Launches DO-254 Partner Network Building an ‘Instant-Up’ Real-Time Operating Systems An Architecture for Reusable Embedded Systems Software Free up Bandwidth in PCI Express Evaluating Software in Medical Devices Circuit Sensitivity in Analog Circuits Choosing Flash Memory New Products Advertising Contacts

Embedded Systems Design Europe - May 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.