Why embedded developers should use static code analysis
- The first reason: no need to spend time on excruciating search for some specific errors
- The second reason: program updating is expensive, impossible or too late
- The third reason: a developer may not know that he's doing something wrong
I decided to briefly highlight 3 reasons why static analysis tools for program code may be useful for embedded developers.
The first reason: no need to spend time on excruciating search for some specific errors
Static code analysis == cheapening the process of testing and device debugging. The earlier an error is detected, the less expensive it is to correct it. Static analysis allows to find bugs on the stage of writing the code, or at least during the night runs on the server. As a result, finding and correcting many of the errors is much cheaper.
Static analysis may be particularly useful when debugging embedded-systems. In such projects, developers deal not only with errors in programs, but also with errors in the device itself or with poor manufacturing layout (bad contact and etc.). As a result, the process of error detecting can be severely delayed because it is often not clear where to look for a bug. If a programmer supposes that code is written correctly, it can cause long searching involving designers and other colleagues, responsible for the hardware-part. So, it will be all the more unpleasant to return to the program code and finally discover a stupid typo. Stupendously inefficient consumption of time and efforts of a team. Sounds awesome, if a static analyzer finds such an error.
Here's such a situation that my friend once told me:
"Even still studying for master's degree, I started working in the company involved in customization of various small-scale devices. For example, automation of greenhouses or collecting information from sensors in the enterprise that nothing leaked or overheated nowhere.
I'm having another standard task which takes me just a couple of hours and I return it to two colleagues to firmware a device they created. Colleagues are surprised at how quickly everything was done, praising me, and I proudly declare, "Well, I'm kind of a professional in writing such things and generally everything is quite simple here". Colleagues leave with a flash drive where I recorded the binary file for microcontroller firmware.
And I forget about this task. There are other greater and more captivating challenges. Moreover, once they didn't come, then all is well.
But they came. But only a week later. Saying couldn't understand the matter. Tied themselves into knots. Our testing bench is not working. Rather, it works, but not quite as it should. We have already re-soldered it again and replaced the executive electromechanical parts. Does not work ... Maybe you'll have a look? May be, there is still something wrong in the program...
I open code and immediately see an error like this:
uchar A; .... for (uchar i = 0; i != 4; i++) average += A[i]; average /= 3;
I took another project as a base, and the code was written using a Copy-Paste method. In one place I forgot to replace 4 with 3. I was so ashamed that I made two people waste their working week".
The second reason: program updating is expensive, impossible or too late
Errors in embedded devices are extremely unpleasant that it is impossible or nearly impossible to fix them if the serial production started. If hundreds of thousands of washing machines have been already released and sent to shops, what should I do if in a certain mode, the machine is running inappropriately? Generally, it's a rhetorical question and here are two real options:
- Forgive, forget and receive negative customer reviews on various sites, spoiling reputation. You can, of course, release and send application instructions "not to do so", but it's also a weak option.
- Withdraw the series and do a firmware update. Costly affair.
Moreover, regardless whether the circulation is large or small, bugs fixing may be problematic or too late. The rocket fell, the error was detected, but too late. The patients died, the error was detected, but it will not return people. Antimissile weapons system begins to overshoot, the error was found, but there is nothing pleasant in this story. Cars didn't brake, errors were found, but there is no good for injured.
The conclusion is very simple. Code of embedded devices should be tested as thoroughly as possible, especially if the errors can lead to victims or serious material losses.
Static code analysis doesn't guarantee the absence of errors in code. However, you must use every opportunity to additionally verify the correctness of code. Static analyzers can point at lots of different bugs that manage to stay in the code even after several Code-Reviews.
If in your device there will be less errors thanks to static analysis, it is amazing. Perhaps, thanks to detecting these very errors, no one will die, or the company won't lose big sums of money or reputation because of client complaints.
The third reason: a developer may not know that he's doing something wrong
Errors in programs can be figuratively divided into two types. A programmer knows about the errors of first type and they appear in code accidentally, inadvertently. Errors of the second type occur when the programmer simply doesn't know that you cannot write code this or that way. In other words, he can read such code as much as he wants, but still won't find the bug.
Static analyzers have a knowledge base about the various patterns that in certain conditions cause an error. Therefore, they may indicate an error to the programmer, the existence of which he himself would hardly have guessed. An example would be using a 32-bit type time_t, which may result in malfunction of the device after 2038.
Another example is undefined behavior, which occurs because of incorrect use of shift operators <</>>. These operators are very widely used in code of microcontrollers. Unfortunately, programmers often use these operators very negligently, making the program unreliable and dependent on the version and compiler settings. Yet the program may work, but not because it is written correctly, but due to luck.
By using a static analyzer, programmers can hedge themselves against many unpleasant situations. Additionally, the analyzer can be used to monitor the quality of code in general, which is actual, when the number of project participants increases or changes. In other words, the tool helps to track, whether a novice started to write bad code.
There is one more reason to necessarily use a static code analyzer. This is when the project must meet a certain standard of software development of the language, such as MISRA C. However, rather, it refers to administrative measures, and is a bit away from the topic.
I wanted to show that the use of static analyzer is uniquely appropriate for any embedded project. Use this method and you will be able to:
- Reduce time for searching and fixing bugs (example);
- Reduce the likelihood of critical bugs;
- Reduce the likelihood of necessity to update the firmware;
- Monitor the overall code quality (we recommend to additionally look towards SonarQube);
- Control the quality of the work of the new team members;
- Monitor code quality of third-party modules/libraries.
There are no reasons not to use static code analysis, except laziness and illusion of superiority.
Use static code analyzers! There are a lot of them.