Software Development Plan#

Software Development Plan
status: valid
security: YES
safety: ASIL_B
tags: platform_management
version: 1

Purpose#

The main purpose of the software development plan is to define several software development related conditions:

  • selection of design and programming language

  • design guideline

  • coding guideline (e.g. MISRA, can also include style guide or naming convention)

  • SW configuration guideline

  • development tools

Objectives and Scope#

Objective is to define the main SW development policies as defined in the “Purpose” in an ISO 26262 and ASPICE compliant manner. Scope is the complete SW platform and the development parts of the process.

Approach#

Selection of design and programming language#

For the selection of design and programming language a stakeholder requirement is defined in Programming languages for a... (stkh_req__dev_experience__prog_languages), which is based on experience. The criteria for selection are based on the following aspects:

  • Unambiguous definition of syntax and semantics

  • Suitability for specifying and managing for safety related requirements and design

  • Support of modularity, abstraction and encapsulation

  • Support of the use of structured constructs

The selected languages form the stakeholder requirements were analysed in the following table:

Table 101 Selection of design and programming language#

Criteria

C++

Rust

Unambiguous definition of syntax and semantics

Standardized, strict syntax, strong tooling

Strict syntax, single compiler, strong tooling

Suitability for safety related programming

Certified tools, MISRA, static analysis, traceability

Compiler-enforced safety, strong type system, documentation, emerging safety support, certified tools

Support of modularity, abstraction and encapsulation

Classes, templates, modules, access control

Modules, crates, traits, strong visibility control

Support of the use of structured constructs

Full support for structured programming

Full support, enforced by language design

S-CORE allows the use of two programming languages:

C++ with the language set of C++17 - in case additional elements from C++20 are needed this will be considered by rl__safety_manager, rl__security_manager and rl__quality_manager and based on their analysis decided by the project lead circle (rl__project_lead).

Rust - in Edition 2021 - selection of language edition has still to be done in the S-CORE project. For the Rust code of ASIL rated units the “safe subset” shall be used (which is checked by the compiler by configuration of #![forbid(unsafe_code)] in lib.rs)

C language is allowed in incubation phase, as long it is compilable be the selected compiler, but not for a S-CORE release.

For specifying Detailed Design (like for the Architecture) a mixture of UML diagrams and natural language is used. Additionally for the Detailed Design linking to code, Doxygen style comments are used. This is described in doc_concept__imp_concept and guided by gd_temp__detailed_design

Design guideline#

The design guideline is defined in doc_concept__imp_concept and gd_guidl__implementation.

API guidelines#

To provide the user with a consistent approach on the use of APIs, there are guidelines documented in API Guidelines (doc__api_guidelines) and Rust API design guidelines (doc__rust_api_design), this defines for example the error handling concept or rules to improve user experience.

Coding guidelines#

C++ - see Coding Guidelines C++ (doc__cpp_coding_guidelines)

Rust - see Coding Guidelines Rust (doc__rust_coding_guidelines)

SW configuration guideline#

The configuration of the software is done by the code. Which means that there are no external configuration files.

SW development tools#

This list will evolve into the complete “Tool List” S-CORE Tools Overview for the S-CORE project used for tool evaluation and qualification. In the moment the Software Verification Plan (doc__verification_plan) contains additional tools used in verification. Tools for code analysis (static/dynamic) as discussed in Static Code Analysis C++ (doc__cpp_code_analysis) are documented here.

GitHub

is used for hosting, versioning and contribution of the software. Within pull requests it’s possible to contribute. For contribution a separate process description is Contribution Guideline (doc__contr_guideline) available. In the discussion section the information regarding meeting minutes and Working Sections were stored. Within issues can bugfixes, improvements, blank issues set up. It’s also possible to report there Security vulnerabilities. GitHub Actions is used as a support for continuous integration.

The following GitHub features are activated to improve security Platform Vulnerability Mana... (doc__platform_vulnerability_mgt_plan) and quality for software development: * GitHub Dependabot - Automated dependency vulnerability detection and update pull requests * GitHub Advanced Security - Code scanning and secret scanning capabilities where available (CodeQL)

Sphinx

is used for software documentation to generate html-sides from reStructuredText.

Sphinx-Needs

is used for docs-as-code Doc-as-Code (doc_tool__doc_as_code) based documentation that is created and managed by the sphinx documentation generator. With “needs” objects, created in rst-files, requirements, static architecture views and other Sw development documentation is generated. Sphinx-Needs is 100% compliant to Sphinx and reStructuredText.

PlantUML

this UML drawing tool is used for dynamic and static diagrams for unit interaction. Also for dynamic architecture views.

Draw.io

this drawing tool is used to create flowcharts and diagrams for all uses where PlantUML is not suited e.g. in process or concept descriptions

Host Compiler C++

GCC is used as host C++ compiler with its associated linker. It’s used as a development (compilation and linking) and verification tool as it generates compiler warnings, offers sanitizers and builds unit tests and binaries for SW integration testing.

Target Compiler C++

QCC the qualify-able compiler/linker from Blackberry offered together with its Posix conform Operating System QNX is planned to be used for target compilation.

Clang-tidy

is used in conjunction with the Clang compiler to perform static analysis.

GitHub CodeQL

For Static Code Analysis, CodeQL is used to identify potential vulnerabilities, weaknesses, and code quality issues in the software components of the project. It is integrated into the CI pipeline to ensure that any new code changes are automatically analyzed for potential issues.

Core features of CodeQL include:

  • Vulnerability Detection: CodeQL can identify known vulnerabilities in the codebase by comparing it against a database of known issues.

  • Custom Queries: Developers can write custom queries to identify specific patterns or issues in the codebase that are relevant to the project’s security and quality standards.

  • Integration with CI: CodeQL can be integrated into the CI pipeline to automatically analyze code changes and provide feedback on potential issues before they are merged into the main codebase.

  • Reporting: CodeQL provides detailed reports on identified issues, including severity levels and recommendations for remediation.

  • Support for Multiple Languages: CodeQL supports multiple programming languages, including C++, Rust, and others used in the project.

CodeQL has the capability to identify a wide range of issues, including security vulnerabilities, code quality problems, and potential bugs.

Examples of capabilities include:

  • unsafe data flows and control flow (e.g., tainted data flows, unreachable code, missing checks before sensitive calls)

  • potential runtime errors (e.g., null pointer dereferences, buffer overflows)

  • code quality issues (e.g., dead code, unused variables)

  • incorrect use of APIs (e.g., misuse of cryptographic functions, incorrect error handling)

  • compliance with coding standards (e.g., naming conventions, code complexity)

  • violations of project-specific coding guidelines (e.g., use of certain libraries, adherence to architectural patterns)

Custom queries can be developed to identify specific patterns or issues that are relevant to the project’s security and quality standards. This allows for a tailored approach to static code analysis that aligns with the project’s specific requirements and goals.

Host Compiler Rust

There is currently no selection of a Rust host compiler for S-CORE. Pick your own favourite.

Target Compiler Rust

The qualified Ferrocene compiler is planned to be used.

Bazel

The main build environment of the project is based on Bazel. It it used to build software components, documentation, and automated tests.