Code Analysis C++#
Static Code Analysis
|
status: valid
|
||||
Guideline for Static Code Analysis |
|||||
Static Code Analysis#
In order to fulfil standard requirements a concept for Static Code Analysis needs to be established. Input for this is based upon MISRA and ISO26262.
MISRA introduces coding rules which need to be implemented and enforced. Checking those rules can partially be automated and implemented by a combination of different tools. Thus a mapping needs to be established which provides a linkage of all MISRA requirements to the respective tool requirements/rules. For MISRA C++:2023 this mapping is established: here (gd_guidl__cpp__misra2023_rule_mapping)
Additionally several other SW Analyses are required by ISO26262. Together with the MISRA rules those can be fulfilled by following toolset:
Dynamic Code Analysis#
A dynamic code analysis is not explicitly required by a standard. However to provide a sufficient good SW quality following tools should be used to catch most common errors:
Following sections provide a short overview of the most important features of each applied tool:
Memcheck#
Use of non initialized memory
Read- and write access on released memory
Writing out of bounds of memory sections
Memory Leaks
Thread Sanitizer (TSAN)#
Detect Data Races between Threads
Undefined Behaviour Sanitizer (UBSAN)#
Detect undefined behaviour, e.g.
array out of bounds
null pointer dereferencing
integer overflow
conversions which would lead to overflow
Adress/ Leak Sanitizer (ASAN/LSAN)#
If both tools are combined at runtime memory leaks and the corresponding address can be investigated.
Coverage#
As required by the verification guideline coverage needs to be calculated for the code which is used in the project. For a release the coverage needs to be calculated on the target (QNX). However for development also a quicker approach on the host shall be available.
To enable this, following tools shall be used: