 |
|
Catching Embedded Software Bugs Early Embedded systems are only as good as the software that drives them! Bugs are not just a nuisance, they’re a major problem. A bug in a smart device can have disastrous effects -- cell phones don’t work, automobiles stall in traffic, pacemakers don’t keep hearts beating, weapons systems kill the wrong people … the list goes on. And in less spectacular scenarios, bug-laden devices cost corporations millions annually in lost revenue and brand reputation. The traditional approach to eliminating bugs has been manual code review, or peer review. This simple inspection process is valuable but has obvious limitations. In practice, typical applications have grown recently to the point where rigorous manual review of all possible paths and subsystems is unrealistic. For example, the operating system and applications software bundled with a cell phone today consist of millions of lines of code, written by large teams of developers spread around the world. The opportunities for insidious bugs are clearly huge! Given the magnitude of the debugging problem, automation is the obvious solution. One method for automating code inspection is static source code analysis. It detects and identifies structural deficiencies such as incorrect pointer usage, overflows, and leaks,that can cause field failures. Static analysis tools find bugs early, usually long before integration builds are available for execution. This is particularly useful in larger projects, where developers typically must write much of the code before they even have a suitably integrated system that can be executed on the target device. A key point to remember is that the earlier bugs are found, the faster and cheaper it is to correct them. An industry rule of thumb is that a bug that costs $1 to fix when first introduced by the developer costs $100 to fix post-integration. Follow that further downstream to the end user, and dollar costs become huge. Imagine the cost of correcting the code in a million cell phones! Applying static analysis within the developer’s normal implement/debug/test cycle saves money by finding bugs when they are still easy and cheap to correct. Recent growth in the use of static analysis has been most evident in embedded markets such as networking and telecom equipment, military and defense systems, other safety critical software such as medical devices, computer hardware, and electronics. In these segments, organizations are under constant pressure to deliver functionality and real-time reliability, with no margin for error, all while minimizing costs. Many open source and commercial static analysis tools are available for embedded systems developers. For example, Klocwork offers a commercial product called Insight that allows developers to run accurate, fast analysis within the implement/debug/test cycle, thereby maximizing reliability and productivity improvements. For organizations developing mission critical embedded software, static source code analysis will help meet reliability and cost reduction demands. This will lead to fewer defects reaching system integration, quality assurance, and field deployment. Todd Landry is a Senior Product Manager at Klocwork. You can reach him at todd.landry@klocwork.com. |