MISRA was developed to provide guidance to facilitate safe and reliable coding practices for the automotive industry, however the Motor Industry Software Reliability Association (MISRA) coding standards have been adopted by many other industries developing safety-critical or business critical embedded software, including telecom, aerospace, defence, and medical. Klocwork has automated detection and reporting for MISRA-C:2004, MISRA-C++:2008 and MISRA-C:2012.
Klocwork is certified (pre-qualified) by TÜV SÜD for use in ISO 26262 projects. As with MISRA, developers should follow all ISO guidelines and ensure that any static analysis tool used in the coding process supports the ISO 26262 standard.
While software verification tools cannot, on their own, ensure compliance with ISO 26262, they can aid developers looking to demonstrate compliance to the standard. Static Code Analysis tools can either fully or partially address many of the requirements found in Part 6 of the standard. This section covers “Product Development at the Software Level” for the functional safety of road vehicles and examines correctness of software design and implementation.
In short, by using automated SCA tools, developers can accelerate compliance with standards while reducing costs.
As the amount of embedded software found in cars multiplies, so too does the risk of software failure or attack in the field. Insecure or defective automotive software can lead to costly patches being needed to prevent potential fatalities. rectify a fault and the vehicle being open to security threats that include invasion of privacy, car theft and control being compromised by using automated static code analysis tools and modelling relevant threats, developers can ensure that their embedded software is secure, reliable, and compliant with the latest coding standards and processes.
The full-featured SCA solution provided by Klocwork helps developers find and fix security vulnerabilities and critical defects the moment they’re introduced. MISRA-C and MISRA-C++ coding standard violations can be reported automatically at the developer desktop or at the integration build. Additionally, Klocwork is ISO 26262 and IEC 61508 certified by TÜV SÜD. Developers can use certified SCA checkers to detect coding issues with confidence, knowing they have been designed, developed, tested, and released in an audited and certified manner. Klocwork also provides guidance to ensure developers use it in a functionally safe way that supports their own application for ISO 26262 certification.
By allowing embedded software developers to perform high quality static code analysis at their desktop and run it at the earliest point in the development cycle, Klocwork helps development teams achieve the software verification and validation expected by auto makers and required by regulatory bodies in a timely, productive fashion.
Trapping Security Vulnerabilities
Defensive coding through automation with a threat model in hand, developers can begin to drill-down and identify the specific security vulnerabilities that could expose their embedded software to risk. Programmers, however, aren’t security experts and can miss common security gaps, logic errors, and concurrency violations that expose code to external threats.
Automated static code analysis (SCA) tools can assist embedded software developers by helping to eliminate security vulnerabilities early in the development cycle. While automotive software development teams are familiar with traditional SCA tools, they’re limited to finding programmatic bugs only. Modern tools can detect security vulnerabilities and defects as the developer is writing code. This helps developers build security into their code and reduce risk as early as possible, without burdening the project with a lengthy defect-testing phase.
Static analysis tools can identify hundreds — if not thousands — of security vulnerabilities, including critical vulnerabilities such as buffer overflows, uninitialized data, use of dangling pointers, injection flaws, and the use of known insecure APIs and libraries.
The latest and greatest C++ language standards pose a challenge for safety-critical systems. Despite the increase in developer productivity from the use of new language features, the requirement to produce software that is compliant with safety-critical standards such as AUTOSAR can be a difficult challenge for development teams.
Watch this video as Walter Capitani, Klocwork’s Product Manager, reviews the AUTOSAR standard and how it applies to the new C++ language features. Walter will explore some of the defects that can be revealed via Klocwork’s static code analysis, and show you how you can develop safety-critical code and prove compliance with the AUTOSAR standard.
About Rogue Wave Software
Rogue Wave Software are the largest independent provider of cross-platform software development tools and embedded components in the world. Through decades of solving the most complex problems across financial services, telecommunications, healthcare, government, academia, and other industries, Rogue Wave tools, libraries, and services enable developers to write better code, faster. More details…
Find out more…
For more information on Klocwork static analysis tools, ISO 26262 support or to arrange a 7-day free trial, please complete the form below.