SlideShare una empresa de Scribd logo

Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems

Descargar como PPTX, PDF
Andrey Karpov
Andrey Karpov

Coding standards: reasons why they are required. MISRA and AUTOSAR: what’s under the hood. Standards in your projects.

Software
1 de 50
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems Presenter: George Gribkov
 A C++ developer, one of PVS-Studio's static code analyzer developers.  Develops a set of diagnostic rules that check code for compliance with the MISRA C and MISRA C ++ standards  gribkov@viva64.com Presenter: George Gribkov George Gribkov 2
1.Coding standards: reasons why they are required 2.MISRA and AUTOSAR: what’s under the hood 3.Standards in your projects Contents 3
Reasons 4
 Popularity of C Problems 5
 Popularity of C  POPULARITY of C Problems 6
 Popularity of C  POPULARITY of C  Popularity of С++ Problems 7
 Popularity of C  POPULARITY of C  Popularity of С++  Imperfections in these languages Problems 8
 Available compilers  Standardization  Portability  Long use experience  Efficiency  Support from analysis tools What Caused the Popularity 9
 Incomplete standardization  Undefined, unspecified, implementation-defined behavior  Incorrect language use if ( i = 0 ) or if ( i == 0 )? Weaknesses of C and C++ 10
Weaknesses of C and C++ 11
When It Comes to Big Responsibility… 12
 On June 4, 1996, Ariane 5, a European launch vehicle, turned into confetti on 37th second after liftoff. A Very Expensive Error 13
 The investigation revealed that the accident was caused by a programmatic error (an integer overflow).  The rocket carried 4 satellites.  The financial losses amounted to 370 000 000 $. A Very Expensive Error 14
15 It’s time to do something!!!
Coding Standards: What’s Under the Hood? 16
 MISRA is a set of guidelines Current versions:  MISRA C:2012 – 143 rules  MISRA C++:2008 – 228 rules MISRA: What Is This? 17
 MISRA means «Motor Industry Software Reliability Association»: MISRA: What Is This? 18  Bentley Motor Cars  Ford Motor Company  Jaguar Land Rover  Delphi Diesel Systems  HORIBA MIRA  Protean Electric  Visteon Engineering Services  The University of Leeds  Ricardo UK  ZF TRW
 AUTOSAR means AUTomotive Open System ARchitecture A Few Words About AUTOSAR 19
 AUTOSAR means AUTomotive Open System ARchitecture A Few Words About AUTOSAR 20  BMW Group  Bosch  Continental  Daimler AG  Ford  General Motors  PSA Peugeot Citroën  Toyota  Volkswagen  …and over 200 more partners
 AUTOSAR means AUTomotive Open System ARchitecture  AUTOSAR is a development methodology.  AUTOSAR C++ is a part of this methodology. The current version:  AUTOSAR C++: 19-03 – over 350 rules A Few Words About AUTOSAR 21
MISRA C++ and AUTOSAR C++ 22 MISRA C++ AUTOSAR C++ C++03 ✓ ✓ C++11 ☓ ✓ C++14 ☓ ✓
Industries that Use MISRA and AUTOSAR 23
1.Mandatory – no deviations are permissible 2.Required – deviations are acceptable 3.Advisory – optional to follow Rule Categories: 24
Mandatory rules:  Do not use an uninitialized variable’s value  Do not use a pointer to FILE after the stream is closed  Do not write unreachable code  A loop’s counter must not be of a floating-point type  … Rule Examples 25
Required rules:  Do not use goto and longjmp  Each switch must end with default  if, else, for, while, do, and switch operator bodies must be enclosed in braces  Do not use variadic functions  … Rule Examples 26
…and all the rest:  The ‘L’ suffix must be always capitalized (42L)  Do not use address arithmetic (except for [] and ++)  Do not use the ‘comma’ operator  Do not change a function’s parameter inside the function’s body  … Rule Examples 27
Philosophy 28
There’s a lot!  Rules are classified according to different criteria  Rules are applicable to generated code  A complete list of undefined/unspecified/etc… behaviors  Check-lists that detail how to set up analyzers, checks etc.  A matrix that shows intersections with other standards  Documentation examples What Else Is There Aside From Rules? 29
Using Standards in Your Projects 30
 Do you check code manually? It must be a nightmare!  Use static code analysis tools.  Static analysis is automated code review. Checking Code for Compliance 31
 Start using a standard BEFORE you start a project.  If you’ve already started your project – think twice. How to Start 32
 Hide old errors to work at the usual pace.  This way you will see only warnings for new code.  You benefit from the analyzer IMMEDIATELY.  Remember the old errors! Come back and fix them one by one. Use Warning Suppression! 33
How to Work with Suppress Base 34
 Locally on each developer’s computer (plugins for IDEs and compilation monitoring systems are available) How and When Do You Check Code 35
 Continuous integration systems (command-line utilities, plugions for CI systems, monitoring systems) How and Where Can You Check Code 36
How and Where Can You Check Code 37
You need:  Code that complies with the Mandatory and Required rules;  A guide enforcement plan;  Documentation for all deviations;  Documentation for all warnings from compilers and static analyzers;  A guideline compliance summary. How to Prove Your Project’s Compliance? 38
A sample guide enforcement plan: A Guide Enforcement Plan 39 Rule Compiler Analyzer Code review “A” “B” “A” “B” … 5.1 No errors No errors --- --- Procedure x 5.2 No errors No errors Warning V2561 No messages … 10.4 Warning 458 No errors No warnings No messages …
 Sometimes it’s impossible to follow a standard precisely. Example: const unsigned char *PORT = 0x10u;  Different deviations have different specifics. Document Deviations Well 40
 Deviation documentation must contain:  The broken rule’s number  The violation’s location  Reasons for the deviation  Safety proof  Possible consequences Document Deviations Well 41
A sample guideline compliance summary A Guideline Compliance Summary 42 Rule The MISRA Category Compliance … 5.1 Mandatory Compliant 5.2 Required With deviations … 10.4 Advisory Not used …
 All C/C++ code complies with Mandatory and Required rules  The compliance plan is fully filled-out  All deviations are documented  All compiler and analyzer warnings are  The compliance summary is fully filled out Congratulations! You have set safety to the max!!! Summary: 43
MISRA Compliance: 2016 Achieving compliance with MISRA Coding Guidelines More Details on MISRA Standard Compliance 44
1. Remove complex branching, goto and recursion. 2. All loops must have a limit. 3. Give up allocating memory dynamically. 4. Any given function must not exceed a letter-sized sheet of paper. 5. Use no more than two runtime assertions per function. The Power of 10: NASA’s Golden Rules 45
The Power of 10: NASA’s Golden Rules 46 6. Declare data at the lowest scope. 7. Does the function return anything? Do check! 8. Do not use preprocessing. 9. Do not use nested pointers. 10. «A zero-warning rule».
A related article: The Power of 10: NASA’s Golden Rules 47
Conclusion 48
 Sometimes classic quality assurance methods are insufficient.  What do MISRA and AUTOSAR C++ offer?  Using standards in your code. Summary 49
END Q&A50

Recomendados

Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)Andrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019Olivera Milenkovic
 

Recomendados

Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)Andrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019Olivera Milenkovic
 
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerIevgenii Katsan
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityPVS-Studio
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and CppcheckZachary Blair
 
Quality assurance of large c++ projects
Quality assurance of large c++ projectsQuality assurance of large c++ projects
Quality assurance of large c++ projectscorehard_by
 
Pharo Optimising JIT Internals
Pharo Optimising JIT InternalsPharo Optimising JIT Internals
Pharo Optimising JIT InternalsESUG
 
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...Andrey Karpov
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteDVClub
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresAndrey Karpov
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자Taeyeop Kim
 
Pragmatic Code Coverage
Pragmatic Code CoveragePragmatic Code Coverage
Pragmatic Code CoverageAlexandre (Shura) Iline
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That CouldPVS-Studio
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++Andrey Karpov
 
Hands on clang-format
Hands on clang-formatHands on clang-format
Hands on clang-formatKai Wolf
 
I just had to check ICQ project
I just had to check ICQ projectI just had to check ICQ project
I just had to check ICQ projectPVS-Studio
 
Vlsi lab manual exp:2
Vlsi lab manual exp:2Vlsi lab manual exp:2
Vlsi lab manual exp:2komala vani
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7Wim Godden
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
VLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturVLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturPramod Kumar S
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality Andrey Karpov
 
Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsChantalWauters
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems Naveen Jakhar, I.T.S
 

Más contenido relacionado

La actualidad más candente

MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerIevgenii Katsan
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityPVS-Studio
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and CppcheckZachary Blair
 
Quality assurance of large c++ projects
Quality assurance of large c++ projectsQuality assurance of large c++ projects
Quality assurance of large c++ projectscorehard_by
 
Pharo Optimising JIT Internals
Pharo Optimising JIT InternalsPharo Optimising JIT Internals
Pharo Optimising JIT InternalsESUG
 
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...Andrey Karpov
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteDVClub
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresAndrey Karpov
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자Taeyeop Kim
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That CouldPVS-Studio
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++Andrey Karpov
 
Hands on clang-format
Hands on clang-formatHands on clang-format
Hands on clang-formatKai Wolf
 
I just had to check ICQ project
I just had to check ICQ projectI just had to check ICQ project
I just had to check ICQ projectPVS-Studio
 
Vlsi lab manual exp:2
Vlsi lab manual exp:2Vlsi lab manual exp:2
Vlsi lab manual exp:2komala vani
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7Wim Godden
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
VLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturVLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturPramod Kumar S
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality Andrey Karpov
 

La actualidad más candente (20)

MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High Quality
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and Cppcheck
 
Quality assurance of large c++ projects
Quality assurance of large c++ projectsQuality assurance of large c++ projects
Quality assurance of large c++ projects
 
Pharo Optimising JIT Internals
Pharo Optimising JIT InternalsPharo Optimising JIT Internals
Pharo Optimising JIT Internals
 
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced features
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
 
Pragmatic Code Coverage
Pragmatic Code CoveragePragmatic Code Coverage
Pragmatic Code Coverage
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That Could
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++
 
Hands on clang-format
Hands on clang-formatHands on clang-format
Hands on clang-format
 
I just had to check ICQ project
I just had to check ICQ projectI just had to check ICQ project
I just had to check ICQ project
 
Vlsi lab manual exp:2
Vlsi lab manual exp:2Vlsi lab manual exp:2
Vlsi lab manual exp:2
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 
VLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturVLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tiptur
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality
 

Similar a Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems

Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsChantalWauters
 
Standard embedded c
Standard embedded cStandard embedded c
Standard embedded cTam Thanh
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
11. Lecture 19 Code standards and review.ppt
11. Lecture 19 Code standards and review.ppt11. Lecture 19 Code standards and review.ppt
11. Lecture 19 Code standards and review.pptMaddalaSeshu
 
What Is MISRA and how to Cook It
What Is MISRA and how to Cook ItWhat Is MISRA and how to Cook It
What Is MISRA and how to Cook ItAndrey Karpov
 
Accelerating MISRA and CERT coding standards compliance with dedicated report...
Accelerating MISRA and CERT coding standards compliance with dedicated report...Accelerating MISRA and CERT coding standards compliance with dedicated report...
Accelerating MISRA and CERT coding standards compliance with dedicated report...ChantalWauters
 
An Introduction to MISRA C:2012
An Introduction to MISRA C:2012An Introduction to MISRA C:2012
An Introduction to MISRA C:2012PRQA
 
Webinar misra and security
Webinar misra and securityWebinar misra and security
Webinar misra and securityPerforce
 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certificationPRQA
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...Pôle Systematic Paris-Region
 
Coding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR GuidelinesCoding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR GuidelinesPerforce
 
How to improve code quality for iOS apps?
How to improve code quality for iOS apps?How to improve code quality for iOS apps?
How to improve code quality for iOS apps?Kate Semizhon
 
Getting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingGetting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingRISC-V International
 
Static code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solutionStatic code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solutionAndrey Karpov
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code ProtectionPerforce
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldAndrey Karpov
 

Similar a Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems (20)

Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding Standards
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems
 
Standard embedded c
Standard embedded cStandard embedded c
Standard embedded c
 
Code coverage
Code coverageCode coverage
Code coverage
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
11. Lecture 19 Code standards and review.ppt
11. Lecture 19 Code standards and review.ppt11. Lecture 19 Code standards and review.ppt
11. Lecture 19 Code standards and review.ppt
 
What Is MISRA and how to Cook It
What Is MISRA and how to Cook ItWhat Is MISRA and how to Cook It
What Is MISRA and how to Cook It
 
Accelerating MISRA and CERT coding standards compliance with dedicated report...
Accelerating MISRA and CERT coding standards compliance with dedicated report...Accelerating MISRA and CERT coding standards compliance with dedicated report...
Accelerating MISRA and CERT coding standards compliance with dedicated report...
 
An Introduction to MISRA C:2012
An Introduction to MISRA C:2012An Introduction to MISRA C:2012
An Introduction to MISRA C:2012
 
Webinar misra and security
Webinar misra and securityWebinar misra and security
Webinar misra and security
 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certification
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically Guaranteed
 
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
 
Coding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR GuidelinesCoding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR Guidelines
 
How to improve code quality for iOS apps?
How to improve code quality for iOS apps?How to improve code quality for iOS apps?
How to improve code quality for iOS apps?
 
Getting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingGetting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testing
 
Static code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solutionStatic code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solution
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
 
Report on Advanced Robotics & Programming
Report on Advanced Robotics & ProgrammingReport on Advanced Robotics & Programming
Report on Advanced Robotics & Programming
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security world
 

Más de Andrey Karpov

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программистаAndrey Karpov
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developerAndrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Andrey Karpov
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesAndrey Karpov
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewAndrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокAndrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesAndrey Karpov
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?Andrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaAndrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Andrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareAndrey Karpov
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++Andrey Karpov
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?Andrey Karpov
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youAndrey Karpov
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsAndrey Karpov
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...Andrey Karpov
 

Más de Andrey Karpov (20)

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
 

Último

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 

Último (20)

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 

Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems

  • 1. Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems Presenter: George Gribkov
  • 2.  A C++ developer, one of PVS-Studio's static code analyzer developers.  Develops a set of diagnostic rules that check code for compliance with the MISRA C and MISRA C ++ standards  gribkov@viva64.com Presenter: George Gribkov George Gribkov 2
  • 3. 1.Coding standards: reasons why they are required 2.MISRA and AUTOSAR: what’s under the hood 3.Standards in your projects Contents 3
  • 5.  Popularity of C Problems 5
  • 6.  Popularity of C  POPULARITY of C Problems 6
  • 7.  Popularity of C  POPULARITY of C  Popularity of С++ Problems 7
  • 8.  Popularity of C  POPULARITY of C  Popularity of С++  Imperfections in these languages Problems 8
  • 9.  Available compilers  Standardization  Portability  Long use experience  Efficiency  Support from analysis tools What Caused the Popularity 9
  • 10.  Incomplete standardization  Undefined, unspecified, implementation-defined behavior  Incorrect language use if ( i = 0 ) or if ( i == 0 )? Weaknesses of C and C++ 10
  • 11. Weaknesses of C and C++ 11
  • 12. When It Comes to Big Responsibility… 12
  • 13.  On June 4, 1996, Ariane 5, a European launch vehicle, turned into confetti on 37th second after liftoff. A Very Expensive Error 13
  • 14.  The investigation revealed that the accident was caused by a programmatic error (an integer overflow).  The rocket carried 4 satellites.  The financial losses amounted to 370 000 000 $. A Very Expensive Error 14
  • 15. 15 It’s time to do something!!!
  • 17.  MISRA is a set of guidelines Current versions:  MISRA C:2012 – 143 rules  MISRA C++:2008 – 228 rules MISRA: What Is This? 17
  • 18.  MISRA means «Motor Industry Software Reliability Association»: MISRA: What Is This? 18  Bentley Motor Cars  Ford Motor Company  Jaguar Land Rover  Delphi Diesel Systems  HORIBA MIRA  Protean Electric  Visteon Engineering Services  The University of Leeds  Ricardo UK  ZF TRW
  • 19.  AUTOSAR means AUTomotive Open System ARchitecture A Few Words About AUTOSAR 19
  • 20.  AUTOSAR means AUTomotive Open System ARchitecture A Few Words About AUTOSAR 20  BMW Group  Bosch  Continental  Daimler AG  Ford  General Motors  PSA Peugeot Citroën  Toyota  Volkswagen  …and over 200 more partners
  • 21.  AUTOSAR means AUTomotive Open System ARchitecture  AUTOSAR is a development methodology.  AUTOSAR C++ is a part of this methodology. The current version:  AUTOSAR C++: 19-03 – over 350 rules A Few Words About AUTOSAR 21
  • 22. MISRA C++ and AUTOSAR C++ 22 MISRA C++ AUTOSAR C++ C++03 ✓ ✓ C++11 ☓ ✓ C++14 ☓ ✓
  • 23. Industries that Use MISRA and AUTOSAR 23
  • 24. 1.Mandatory – no deviations are permissible 2.Required – deviations are acceptable 3.Advisory – optional to follow Rule Categories: 24
  • 25. Mandatory rules:  Do not use an uninitialized variable’s value  Do not use a pointer to FILE after the stream is closed  Do not write unreachable code  A loop’s counter must not be of a floating-point type  … Rule Examples 25
  • 26. Required rules:  Do not use goto and longjmp  Each switch must end with default  if, else, for, while, do, and switch operator bodies must be enclosed in braces  Do not use variadic functions  … Rule Examples 26
  • 27. …and all the rest:  The ‘L’ suffix must be always capitalized (42L)  Do not use address arithmetic (except for [] and ++)  Do not use the ‘comma’ operator  Do not change a function’s parameter inside the function’s body  … Rule Examples 27
  • 29. There’s a lot!  Rules are classified according to different criteria  Rules are applicable to generated code  A complete list of undefined/unspecified/etc… behaviors  Check-lists that detail how to set up analyzers, checks etc.  A matrix that shows intersections with other standards  Documentation examples What Else Is There Aside From Rules? 29
  • 30. Using Standards in Your Projects 30
  • 31.  Do you check code manually? It must be a nightmare!  Use static code analysis tools.  Static analysis is automated code review. Checking Code for Compliance 31
  • 32.  Start using a standard BEFORE you start a project.  If you’ve already started your project – think twice. How to Start 32
  • 33.  Hide old errors to work at the usual pace.  This way you will see only warnings for new code.  You benefit from the analyzer IMMEDIATELY.  Remember the old errors! Come back and fix them one by one. Use Warning Suppression! 33
  • 34. How to Work with Suppress Base 34
  • 35.  Locally on each developer’s computer (plugins for IDEs and compilation monitoring systems are available) How and When Do You Check Code 35
  • 36.  Continuous integration systems (command-line utilities, plugions for CI systems, monitoring systems) How and Where Can You Check Code 36
  • 37. How and Where Can You Check Code 37
  • 38. You need:  Code that complies with the Mandatory and Required rules;  A guide enforcement plan;  Documentation for all deviations;  Documentation for all warnings from compilers and static analyzers;  A guideline compliance summary. How to Prove Your Project’s Compliance? 38
  • 39. A sample guide enforcement plan: A Guide Enforcement Plan 39 Rule Compiler Analyzer Code review “A” “B” “A” “B” … 5.1 No errors No errors --- --- Procedure x 5.2 No errors No errors Warning V2561 No messages … 10.4 Warning 458 No errors No warnings No messages …
  • 40.  Sometimes it’s impossible to follow a standard precisely. Example: const unsigned char *PORT = 0x10u;  Different deviations have different specifics. Document Deviations Well 40
  • 41.  Deviation documentation must contain:  The broken rule’s number  The violation’s location  Reasons for the deviation  Safety proof  Possible consequences Document Deviations Well 41
  • 42. A sample guideline compliance summary A Guideline Compliance Summary 42 Rule The MISRA Category Compliance … 5.1 Mandatory Compliant 5.2 Required With deviations … 10.4 Advisory Not used …
  • 43.  All C/C++ code complies with Mandatory and Required rules  The compliance plan is fully filled-out  All deviations are documented  All compiler and analyzer warnings are  The compliance summary is fully filled out Congratulations! You have set safety to the max!!! Summary: 43
  • 44. MISRA Compliance: 2016 Achieving compliance with MISRA Coding Guidelines More Details on MISRA Standard Compliance 44
  • 45. 1. Remove complex branching, goto and recursion. 2. All loops must have a limit. 3. Give up allocating memory dynamically. 4. Any given function must not exceed a letter-sized sheet of paper. 5. Use no more than two runtime assertions per function. The Power of 10: NASA’s Golden Rules 45
  • 46. The Power of 10: NASA’s Golden Rules 46 6. Declare data at the lowest scope. 7. Does the function return anything? Do check! 8. Do not use preprocessing. 9. Do not use nested pointers. 10. «A zero-warning rule».
  • 47. A related article: The Power of 10: NASA’s Golden Rules 47
  • 49.  Sometimes classic quality assurance methods are insufficient.  What do MISRA and AUTOSAR C++ offer?  Using standards in your code. Summary 49