Code Analysis C++#

Static Code Analysis
status: valid
status: valid
complies: std_req__iso26262__software_1, std_req__iso26262__software_2, std_req__iso26262__software_3, std_req__iso26262__software_31

Guideline for Static Code Analysis
gd_guidl__cpp__code_analysis
Process Guideline

Static Code Analysis#

In order to fulfil the SCORE related standard requirements a concept for Static Code Analysis needs to be established. Input for the analysis is based upon MISRA and ISO26262 standards in accordance to the Coding Guidelines CPP (gd_guidl__cpp_coding_guidelines).

Checking those rules can partially be automated and implemented by a combination of different tools. Thus a mapping needs to be established which provides a linkage of all MISRA requirements to the respective tool requirements/rules. For MISRA C++:2023 this mapping is established: here (gd_guidl__cpp__misra2023_rule_mapping)

One of the reasons why this tooling setup is selected is, that it was already proven in use. Also with a combination of the two compilers a lager set of findings could be addressed.

If for some technical reason any MISRA finding can not be addressed it needs to be justified appropriately. This means that it needs to be explained why it does not have any impact on the safety of the code and finally documented within the source code. A detailed workflow will follow on demand.

Dynamic Code Analysis#

A dynamic code analysis is not explicitly required by any SCORE related standards. However to provide a sufficient good SW quality following tools should be used to catch most common errors:

Following sections provide a short overview of the most important features of each applied tool:

Memcheck#

  • Use of non initialized memory

  • Read- and write access on released memory

  • Writing out of bounds of memory sections

  • Memory Leaks

Full description: Memcheck

Thread Sanitizer (TSAN)#

  • Detect Data Races between Threads

Full description: TSAN

Undefined Behaviour Sanitizer (UBSAN)#

Detect undefined behaviour, e.g.

  • array out of bounds

  • null pointer dereferencing

  • integer overflow

  • conversions which would lead to overflow

Adress/ Leak Sanitizer (ASAN/LSAN)#

If both tools are combined at runtime memory leaks and the corresponding address can be investigated.

Coverage#

As required by the verification guideline coverage needs to be calculated for the code which is used in the project. Therefore two approaches should be available:

  • As a quick solution it is possible to calculate the coverage on the host via gcc.

  • But for a more accurate statement coverage can also be calculated with the qcc compiler with the appropriate libraries and POSIX interfaces. This method will also be used for the reporting.

To enable this, following tools are used: