c-stat: static code analysis - iar systems...• why use code analysis? – iec61508 v2 requires the...

Code analysis at your desk vs. in the field

Michael Fuhrmann, Field Application Engineer

Agenda

• C-STAT: Static code analysis • C-RUN: Runtime code analysis • C-RUN in ”standalone-mode”

C-STAT: Static code analysis

C-STAT: Static code analysis • Why use code analysis?

– C is not safe – All software contains bugs – The later you find a bug, the more expensive

it gets

C-STAT: Static code analysis • Why use code analysis?

– IEC61508 v2 requires the use of static analysis for SIL 2 – 4

• Section C.4.2 lays out the need for analysis • Without static analysis, the standard does not

recommend using C – Section B.6.5 strongly recommends dynamic

analysis

C-STAT: Static code analysis • C-STAT is an optional complete

static analysis tool

• It includes rule-sets for: – MISRA-C: 2004 – MISRA-C: 2012 – MISRA-C++: 2008 – 200+ additional checks from CWE & CERT

C-STAT: Static code analysis • C-STAT is fully integrated into IAR Embedded

Workbench (many targets) for daily use by every developer

• Export / Import of individual rule-settings

• Generation of HTML reports

• “F1” help with code examples available

C-STAT: Static code analysis • C-STAT offers a flexible message filter and

suppression management

• It is available in our Eclipse plugin

• It can be used via command line for: – Continuous integration with Jenkins / Bamboo – Regression tests

C-STAT: Static code analysis • Available targets:

IAR Embedded Workbench for Arm ≥ v7.40 IAR Embedded Workbench for MSP430 ≥ v6.30 IAR Embedded Workbench for AVR32 ≥ v4.30 IAR Embedded Workbench for AVR ≥ v6.60 IAR Embedded Workbench for RX ≥ v2.80 IAR Embedded Workbench for V850 ≥ v4.20

C-STAT: Static code analysis • Available targets:

IAR Embedded Workbench for CR16C ≥ v3.30 IAR Embedded Workbench for STM8 ≥ v2.20 IAR Embedded Workbench for 8051 ≥ v9.30 IAR Embedded Workbench for RL78 ≥ v2.20 IAR Embedded Workbench for RH850 ≥ v1.30

Demonstration

C-RUN: Runtime code analysis

C-RUN: Runtime analysis

• C-RUN is an optional runtime code analysis tool for C and C++

• It is fully integrated into IAR Embedded Workbench (some targets) for daily use by every developer

C-RUN: Runtime analysis • C-RUN checks your code during execution

on the target or in the simulator • It can be used for:

– Arithmetic operations checking – Bounds checking – Heap checking – Check of unhandled switch cases

C-RUN: Runtime analysis • C-RUN offers efficient instrumentation

of diagnosis routines inside your code

• It has a flexible error filter management

• C-RUN is available trough our Eclipse plugin

C-RUN: Runtime analysis

• Available targets: IAR Embedded Workbench for Arm ≥ v7.20 IAR Embedded Workbench for RX ≥ v3.10

Demonstration

C-RUN in ”standalone-mode”

C-RUN in ”standalone-mode” • C-RUN is a handy tool, but what if:

– the problem occurs only sporadically after days / weeks of operation?

– reproducing the problem needs “real-world” operating conditions that are hard to simulate on your desk or in the lab?

C-RUN in ”standalone-mode” • Solution: use C-RUN standalone

– Build and deploy a test firmware for a unit with the necessary C-RUN tests enabled

– Redirect the output of C-RUN to a serial interface and log the messages

– Parse the recorded cryptic messages offline to plaintext with CSPYBAT.EXE

Demonstration

Summary • C-STAT and C-RUN are fully integrated into

IAR Embedded Workbench*

• Easy to use ”turn-key” solutions for daily code analysis tasks

• C-RUN can be used standalone to find ”hard to detect” problems in the field

* available for selected architectures

• Get scanned to have this presentation emailed to you.

• Visit IAR Demo Space to get a demo of our technology.

Want to learn more?

Thank you for your attention!

Backup slides

C-RUN in ”standalone-mode” Select the required tests from the C-RUN options.

C-RUN in ”standalone-mode” Redirect the output messages to a serial terminal. The required ReportCheckFailedStdout.c can be found in the EW installation

C-RUN in ”standalone-mode” Log the messages with a data recorder or a terminal program

C-RUN in ”standalone-mode” Modify the *.CSPY.BAT file with the --rtc_filter option and start it with the reference to the *.out file of the project

C-RUN in ”standalone-mode” Copy ‘n’ paste the error message

C-RUN in ”standalone-mode” Get a detailed info: - what C-RUN test

was triggered - what file is affected - what line and

column caused the error

• Get scanned to have this presentation emailed to you.

• Visit IAR Demo Space to get a demo of our technology.

Want to learn more?

Thank you for your attention!