Abstract
In this paper, we are exploring the approach to utilize system-specific static analyses of code with the goal to improve software quality for specific software systems. Specialized analyses, tailored for a particular system, make it possible to take advantage of system/domain knowledge that is not available to more generic analyses. Furthermore, analyses can be selected and/or developed in order to best meet the challenges and specific issues of the system at hand. As a result, such analyses can be used as a complement to more generic code analysis tools because they are likely to have a better impact on (business) concerns such as improving certain software quality attributes and reducing certain classes of failures. We present a case study of a large, industrial embedded system, giving examples of what kinds of analyses could be realized and demonstrate the feasibility of implementing such analyses. We synthesize lessons learned based on our case study and provide recommendations on how to realize system-specific analyses and how to get them adopted by industry.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
When developing safety-critical code, Holzmann (2006) establishes the rule that code must be checked by the compiler with the most pedantic warnings enabled and by at least one static code analyzer, preferably several.
While slicing originated in imperative languages, there are also slicers for other programming paradigms.
A failure is a diversion of the actual system behavior from the expected one at run-time. A fault is a point in the program that may lead to failure. Thus, fault is a static property of a system, while failure is a dynamic one (Hatton 2005).
For bug checkers, soundness means the ability to detect all possible errors of a certain kind (Xie et al. 2005).
Embedded real-time systems are often designed and implemented as a set of tasks where a task is “the basic unit of work from the standpoint of a control program” (RTCA 1992). It may be realized as an operating system process or thread.
The system runs on VxWorks in production but a Windows build is also used, during development and early testing phases.
The system is organized into logical units called subsystems, where each subsystem consists of a set of C files.
Industrial tools for WCET analysis exists, for instance AiT (AbsInt) and RapiTime (Rapita Systems). However, these tools are challenging to apply to a large system and often require manual code annotations or run-time measurements.
This can be useful because analyses can be written so that they do not have to be run repeatedly for different configurations.
The most complex analysis that we realized with Understand is a program slicer implemented by the second author (Kraft 2010).
References
Adams, E. N. (1984). Optimizing preventive service of software products. IBM Journal of Research and Development, 28(1), 2–14.
Åkerholm, M., Land, R., & Strzyz, C. (2009). Can you afford not to certify your control system? iVTinternational http://www.ivtinternational.com/legislative_focus_nov.ph.
Andersson, J. (2005). Modeling the temporal behavior of complex embedded systems. Licentiate thesis, Mälardalen University, Sweden.
Anderson, P. (2008). Detecting bugs in safety-critical code. Dr Dobb’s Journal http://www.grammatech.com/products/codesonar/DrDobbsDetectingBugsInSafetyCriticalCode.pdf.
Antoniol, G., Penta, M. D., Masone, G., & Villano, U. (2003). XOgastan: XML-oriented gcc AST analysis and transformations. In 3rd IEEE international workshop on source code analysis and manipulation (SCAM’03) (pp. 173–182).
Atkinson, D. C., & Griswold, W. G. (2006). Effective pattern matching of source code using abstract syntax patterns. Software—Practice and Experience, 36(4), 413–447
Basili, V. R. (1992). Software modeling and measurement: The goal/question/metric paradigm. Tech. Rep. CS-TR-2957, University of Maryland, http://www.cs.umd.edu/basili/publications/technical/T78.pdf.
Bessey, A., Block, K., Chelfs, B., Chou, A., Fulton, B., Hallem, S., et al. (2010). A few billion lines of code later: Using static analysis to find bugs in the real world. Communications of the ACM, 53(2), 66–75.
Boogerd, C., & Moonen, L. (2008). Assessing the value of coding standards: An empirical study. In 24th IEEE international conference on software maintenance (ICSM’08) (pp. 277–286).
Boogerd, C., & Moonen, L. (2009). Evaluating the relation between coding standard violations and faults within and across software versions. In 6th Working conference on mining software repositories (MSR’09) (pp. 41–50).
Brichau, J., Kellens, A., Castro, S., & D’Hondt, T. (2010). Enforcing structural regularities in software using IntensiVE. Science of Computer Programming, 75(4), 232–246.
Bull, R. I., Trevors, A., Malton, A. J., & Godfrey, M. W. (2002). Semantic grep: Regular expressions + relational abstraction. In 9th IEEE working conference on reverse engineering (WCRE’02) (pp. 267–276).
Ceccato, M., Dean, T. R., Tonella, P., & Marchignoli, D. (2008a). Data model reverse engineering in migrating a legacy system to Java. In 15th IEEE working conference on reverse engineering (WCRE’08) (pp. 177–186).
Ceccato, M., Tonella, P. (2010). Static analysis for enforcing intra-thread consistent locks in the migration of a legacy system. In 26th IEEE international conference on software maintenance (ICSM’10).
Ceccato, M., Tonella, P., & Matteotti, C. (2008b). Goto elimination strategies in the migration of legacy code to Java. In 12th IEEE European conference on software maintenance and reengineering (CSMR’08) (pp. 53–62).
Chelf, B., Ebert, C. (2009). Ensuring the integrity of embedded software with static code analysis. IEEE Software, 26(3), 96–99.
Dean, T. R., Malton, A. J., & Holt, R. (2001). Union schemas as a basis for a C++ extractor. In 8th IEEE working conference on reverse engineering (WCRE’01) (pp. 59–67).
Eaton, C., & Memon, A. M. (2007). An empirical approach to testing web applications across diverse client platform configurations. International Journal on Web Engineering and Technology, 3(3), 227–253. http://www.cs.umd.edu/atif/papers/EatonIJWET2007.pdf.
Ebert, C., & Jones, C. (2009). Embedded software: Facts, figures and future. IEEE Computer, 42(4), 42–52.
Ebert, C., & Salecker, J. (2009). Embedded software—technologies and trends. IEEE Software, 26(3), 14–18.
Engler, D., & Ashcraft, K. (2003). RacerX: Effective, static detection of race conditions and deadlocks. In 19th ACM symposium on operating system principles (SOSP’03) (pp. 237–252).
Favre, J., Estublier, J., & Sanlaville, R. (2003). Tool adoption issues in a very large software company. In 3rd International workshop on adoption-centric software engineering (ACSE’03) (pp. 81–89).
Gantt, M., & Nardi, B. A. (1992). Gardeners and gurus: Patterns of cooperation among CAD users. In ACM SIGCHI conference on human factors in computing systems (CHI’92) (pp. 107–117).
Hallem, S., Chelf, B., Xie, Y., & Engler, D. (2002). A system and language for building system-specific static analyses. In ACM SIGPLAN conference on programming language design and implementation (PLDI’02) (pp. 69–83).
Hankin, C. (1998). Program analysis tools. International Journal on Software Tools for Technology Transfer, 2(1), 6–12.
Harman, M., & Hierons, R. M. (2001). An overview of program slicing. Software Focus, 2(3), 85–92.
Hatton, L. (2004). Safer language subsets: an overview and a case history, MISRA C. Information and Software Technology, 46(7), 465–472.
Hatton, L. (2005). EC—a measurement based safer subset of ISO C suitable for embedded system development. Information and Software Technology, 47(7), 181–187.
Hills, C. (2005). C-change for safety critical systems. IEEE Electronics Systems and Software, 3(1), 28–31.
Holzmann, G. J. (2006). The power of 10: Rules for developing safety-critical code. IEEE Computer, 39(6), 95–97.
Hovemeyer, D., & Pugh, W. (2004). Finding bugs is easy. In Companion to the 19th ACM object-oriented programming, systems, languages, and applications (OOPSLA’04) (pp. 92–106).
Jackson, D., & Rinard, M. (2000). Software analysis: A roadmap. In Conference on the future of software engineering (pp. 135–145).
Kienle, H. M., & Müller, H. A. (2001). Leveraging program analysis for web site reverse engineering. In 3rd IEEE international workshop on web site evolution (WSE’01) (pp. 117–125).
Kienle, H. M., & Müller, H. A. (2010). The tools perspective on software reverse engineering: Requirements, construction and evaluation. Advances in Computers, 79, 189–290.
Klusener, S., & Lämmel, R. (2003). Deriving tolerant grammars from a base-line grammar. In 19th IEEE international conference on software maintenance (ICSM’03) (pp. 179–188).
Kraft, J. (2010). Enabling timing analysis of complex embedded systems. PhD thesis no. 84, Mälardalen University, Sweden, http://www.mdh.diva-portal.org/smash/get/diva2:312516/FULLTEXT0.
Kraft, J., Wall, A., & Kienle, H. (2010). 1st International conference on runtime verification (RV 2010), Lecture Notes in Computer Science (Vol. 6418, pp. 315–329), Springer, chap Trace Recording for Embedded Systems: Lessons Learned from Five Industrial Projects.
Kremenek, T., Ashcraft, K., Yang, J., & Engler, D. (2004). Correlation exploitation in error ranking. In 12th ACM SIGSOFT international symposium on foundations of software engineering (FSE-12) (pp. 83–93).
Kullbach, B., & Winter, A. (1999). Querying as an enabling technology in software reengineering. In 3rd IEEE European conference on software maintenance and reengineering (CSMR’99) (pp. 42–50).
Lethbridge, T. C., & Singer, J. (1997). Understanding software maintenance tools: Some empirical research. In 3rd Workshop on empirical studies of software maintenance (WESS’97) (pp. 157–162).
Lethbridge, T. C., Tichelaar, S., & Ploedereder, E. (2004). The Dagstuhl middle metamodel: A schema for reverse engineering. In J. M. Favre, M. Godfrey, & A. Winter (Eds.), International workshop on meta-models and schemas for reverse engineering (ateM’03), Electronic Notes in Theoretical Computer Science (Vol. 94, pp. 7–18). Amsterdam: Elsevier.
Lv, M., Guan, N., Zhang, Y., Deng, Q., Yu, G., & Zhang, J. (2009). A survey of WCET analysis of real-time operating systems. In 2009 IEEE international conference on embedded software and systems (pp. 65–72).
Marinescu, C., & Jurca, I. (2006). A meta-model for enterprise applications. In 8th IEEE international symposium on symbolic and numeric algorithms for scientific computing (SYNASC’06) (pp. 187–194).
Martin, F. (1998). PAG—an efficient program analyzer generator. International Journal on Software Tools for Technology Transfer, 2(1), 46–67.
Matsumura, T., Monden, A., & Matsumoto, K. (2002). The detection of faulty code violating implicit coding rules. In IEEE international symposium on empirical software engineering (ISESE’02) (pp. 173–182).
McDowell, C. E., & Helmbold, D. P. (1989). Debugging concurrent programs. ACM Computing Surveys, 21(4), 593–622.
McLellan, S. G., Roesler, A. W., Tempest, J. T., & Spinuzzi, C. I. (1998). Building more usable APIs. IEEE Software, 15(3), 78–86
Murphy, G. C., Notkin, D., Griswold, W. G., & Lan, E. S. (1998). An empirical study of static call graph extractors. ACM Transactions on Software Engineering and Methodology, 7(2), 158–191.
Nagy, C., Pantos, J., Gergely, T., & Beszedes, A. (2010). Towards a safe method for computing dependencies in database-intensive systems. In 14th IEEE European conference on software maintenance and reengineering (CSMR’10) (pp. 169–178).
Ousterhout, J. K. (1998). Scripting: Higher-level programming for the 21st century. IEEE Computer, 31(3), 23–30.
Perin, F., Girba, T., & Nierstrasz, O. (2010). Recovery and analysis of transaction scope from scattered information in Java enterprise applications. In 26th IEEE international conference on software maintenance (ICSM’10).
Pfleeger, S. L. (1999). Understanding and improving technology transfer in software engineering. Journal of Systems and Software, 47(2–3), 111–124.
Pinzger, M., Fischer, M., Gall, H., & Jazayeri, M. (2002). Revealer: A lexical pattern matcher for architecture recovery. In 9th IEEE working conference on reverse engineering (WCRE’02) (pp. 170–178).
Pinzger, M., Oberleitner, J., & Gall, H. (2003). Analyzing and understanding architectural characteristics of COM+ components. In 11th IEEE international workshop on program comprehension (IWPC’03) (pp. 54–63).
Power, J. F., & Malloy, B. A. (2002). Program annotation in XML: A parse-tree based approach. In 9th IEEE working conference on reverse engineering (WCRE’02) (pp. 190–198).
Renggli, L., Ducasse, S., Gîrba, T., & Nierstrasz, O. (2010). Domain-specific program checking. In 48th International conference on objects, models, components and patterns (TOOLS 2010) (pp. 213–232).
Rogers, E. M. (1995). Diffusion of innovations (4th ed.). New York: The Free Press.
Roy, C. K., & Cordy, J. R. (2008). Scenario-based comparison of clone detection techniques. In 16th IEEE international conference on program comprehension (ICPC’08) (pp. 153–162).
RTCA. (1992). Software considerations in airborne systems and equipment certification. Standard RTCA/DO-17B, RTCA.
SciTools. (2004). Perl and C application program interface for Understand: User guide and reference manual. http://www.getunderstand.com/documents/manuals/pdf/understand_api.pdf.
Xie, Y., Naik, M., Hackett, B., & Aiken, A. (2005). Soundness and its role in bug detection systems. In Workshop on the evaluation of software defect detection tools at PLDI 2005 http://www.cs.umd.edu/pugh/BugWorkshop05/papers/12-xie.pdf.
Acknowledgments
Many thanks to the anonymous reviewers whose thorough comments greatly helped to improve the paper. This work is supported by the Swedish Foundation for Strategic Research through the PROGRESS Centre for Predictable Embedded Software Systems, which is a part of Mälardalen Real-Time Research Centre (MRTC) at Mälardalen University in Västerås, Sweden.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kienle, H.M., Kraft, J. & Nolte, T. System-specific static code analyses: a case study in the complex embedded systems domain. Software Qual J 20, 337–367 (2012). https://doi.org/10.1007/s11219-011-9138-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-011-9138-7