SlideShare a Scribd company logo

Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems

Download as PPTX, PDF
Andrey Karpov
Andrey Karpov

Coding standards: reasons why they are required. MISRA and AUTOSAR: what’s under the hood. Standards in your projects.

Software
1 of 50
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems Presenter: George Gribkov
 A C++ developer, one of PVS-Studio's static code analyzer developers.  Develops a set of diagnostic rules that check code for compliance with the MISRA C and MISRA C ++ standards  gribkov@viva64.com Presenter: George Gribkov George Gribkov 2
1.Coding standards: reasons why they are required 2.MISRA and AUTOSAR: what’s under the hood 3.Standards in your projects Contents 3
Reasons 4
 Popularity of C Problems 5
 Popularity of C  POPULARITY of C Problems 6
 Popularity of C  POPULARITY of C  Popularity of С++ Problems 7
 Popularity of C  POPULARITY of C  Popularity of С++  Imperfections in these languages Problems 8
 Available compilers  Standardization  Portability  Long use experience  Efficiency  Support from analysis tools What Caused the Popularity 9
 Incomplete standardization  Undefined, unspecified, implementation-defined behavior  Incorrect language use if ( i = 0 ) or if ( i == 0 )? Weaknesses of C and C++ 10
Weaknesses of C and C++ 11
When It Comes to Big Responsibility… 12
 On June 4, 1996, Ariane 5, a European launch vehicle, turned into confetti on 37th second after liftoff. A Very Expensive Error 13
 The investigation revealed that the accident was caused by a programmatic error (an integer overflow).  The rocket carried 4 satellites.  The financial losses amounted to 370 000 000 $. A Very Expensive Error 14
15 It’s time to do something!!!
Coding Standards: What’s Under the Hood? 16
 MISRA is a set of guidelines Current versions:  MISRA C:2012 – 143 rules  MISRA C++:2008 – 228 rules MISRA: What Is This? 17
 MISRA means «Motor Industry Software Reliability Association»: MISRA: What Is This? 18  Bentley Motor Cars  Ford Motor Company  Jaguar Land Rover  Delphi Diesel Systems  HORIBA MIRA  Protean Electric  Visteon Engineering Services  The University of Leeds  Ricardo UK  ZF TRW
 AUTOSAR means AUTomotive Open System ARchitecture A Few Words About AUTOSAR 19
 AUTOSAR means AUTomotive Open System ARchitecture A Few Words About AUTOSAR 20  BMW Group  Bosch  Continental  Daimler AG  Ford  General Motors  PSA Peugeot Citroën  Toyota  Volkswagen  …and over 200 more partners
 AUTOSAR means AUTomotive Open System ARchitecture  AUTOSAR is a development methodology.  AUTOSAR C++ is a part of this methodology. The current version:  AUTOSAR C++: 19-03 – over 350 rules A Few Words About AUTOSAR 21
MISRA C++ and AUTOSAR C++ 22 MISRA C++ AUTOSAR C++ C++03 ✓ ✓ C++11 ☓ ✓ C++14 ☓ ✓
Industries that Use MISRA and AUTOSAR 23
1.Mandatory – no deviations are permissible 2.Required – deviations are acceptable 3.Advisory – optional to follow Rule Categories: 24
Mandatory rules:  Do not use an uninitialized variable’s value  Do not use a pointer to FILE after the stream is closed  Do not write unreachable code  A loop’s counter must not be of a floating-point type  … Rule Examples 25
Required rules:  Do not use goto and longjmp  Each switch must end with default  if, else, for, while, do, and switch operator bodies must be enclosed in braces  Do not use variadic functions  … Rule Examples 26
…and all the rest:  The ‘L’ suffix must be always capitalized (42L)  Do not use address arithmetic (except for [] and ++)  Do not use the ‘comma’ operator  Do not change a function’s parameter inside the function’s body  … Rule Examples 27
Philosophy 28
There’s a lot!  Rules are classified according to different criteria  Rules are applicable to generated code  A complete list of undefined/unspecified/etc… behaviors  Check-lists that detail how to set up analyzers, checks etc.  A matrix that shows intersections with other standards  Documentation examples What Else Is There Aside From Rules? 29
Using Standards in Your Projects 30
 Do you check code manually? It must be a nightmare!  Use static code analysis tools.  Static analysis is automated code review. Checking Code for Compliance 31
 Start using a standard BEFORE you start a project.  If you’ve already started your project – think twice. How to Start 32
 Hide old errors to work at the usual pace.  This way you will see only warnings for new code.  You benefit from the analyzer IMMEDIATELY.  Remember the old errors! Come back and fix them one by one. Use Warning Suppression! 33
How to Work with Suppress Base 34
 Locally on each developer’s computer (plugins for IDEs and compilation monitoring systems are available) How and When Do You Check Code 35
 Continuous integration systems (command-line utilities, plugions for CI systems, monitoring systems) How and Where Can You Check Code 36
How and Where Can You Check Code 37
You need:  Code that complies with the Mandatory and Required rules;  A guide enforcement plan;  Documentation for all deviations;  Documentation for all warnings from compilers and static analyzers;  A guideline compliance summary. How to Prove Your Project’s Compliance? 38
A sample guide enforcement plan: A Guide Enforcement Plan 39 Rule Compiler Analyzer Code review “A” “B” “A” “B” … 5.1 No errors No errors --- --- Procedure x 5.2 No errors No errors Warning V2561 No messages … 10.4 Warning 458 No errors No warnings No messages …
 Sometimes it’s impossible to follow a standard precisely. Example: const unsigned char *PORT = 0x10u;  Different deviations have different specifics. Document Deviations Well 40
 Deviation documentation must contain:  The broken rule’s number  The violation’s location  Reasons for the deviation  Safety proof  Possible consequences Document Deviations Well 41
A sample guideline compliance summary A Guideline Compliance Summary 42 Rule The MISRA Category Compliance … 5.1 Mandatory Compliant 5.2 Required With deviations … 10.4 Advisory Not used …
 All C/C++ code complies with Mandatory and Required rules  The compliance plan is fully filled-out  All deviations are documented  All compiler and analyzer warnings are  The compliance summary is fully filled out Congratulations! You have set safety to the max!!! Summary: 43
MISRA Compliance: 2016 Achieving compliance with MISRA Coding Guidelines More Details on MISRA Standard Compliance 44
1. Remove complex branching, goto and recursion. 2. All loops must have a limit. 3. Give up allocating memory dynamically. 4. Any given function must not exceed a letter-sized sheet of paper. 5. Use no more than two runtime assertions per function. The Power of 10: NASA’s Golden Rules 45
The Power of 10: NASA’s Golden Rules 46 6. Declare data at the lowest scope. 7. Does the function return anything? Do check! 8. Do not use preprocessing. 9. Do not use nested pointers. 10. «A zero-warning rule».
A related article: The Power of 10: NASA’s Golden Rules 47
Conclusion 48
 Sometimes classic quality assurance methods are insufficient.  What do MISRA and AUTOSAR C++ offer?  Using standards in your code. Summary 49
END Q&A50

Recommended

Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)Andrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019Olivera Milenkovic
 

Recommended

Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)Andrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019Olivera Milenkovic
 
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerIevgenii Katsan
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityPVS-Studio
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and CppcheckZachary Blair
 
Quality assurance of large c++ projects
Quality assurance of large c++ projectsQuality assurance of large c++ projects
Quality assurance of large c++ projectscorehard_by
 
Pharo Optimising JIT Internals
Pharo Optimising JIT InternalsPharo Optimising JIT Internals
Pharo Optimising JIT InternalsESUG
 
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...Andrey Karpov
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteDVClub
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresAndrey Karpov
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자Taeyeop Kim
 
Pragmatic Code Coverage
Pragmatic Code CoveragePragmatic Code Coverage
Pragmatic Code CoverageAlexandre (Shura) Iline
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That CouldPVS-Studio
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++Andrey Karpov
 
Hands on clang-format
Hands on clang-formatHands on clang-format
Hands on clang-formatKai Wolf
 
I just had to check ICQ project
I just had to check ICQ projectI just had to check ICQ project
I just had to check ICQ projectPVS-Studio
 
Vlsi lab manual exp:2
Vlsi lab manual exp:2Vlsi lab manual exp:2
Vlsi lab manual exp:2komala vani
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7Wim Godden
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
VLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturVLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturPramod Kumar S
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality Andrey Karpov
 
Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsChantalWauters
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems Naveen Jakhar, I.T.S
 

More Related Content

What's hot

MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerIevgenii Katsan
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityPVS-Studio
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and CppcheckZachary Blair
 
Quality assurance of large c++ projects
Quality assurance of large c++ projectsQuality assurance of large c++ projects
Quality assurance of large c++ projectscorehard_by
 
Pharo Optimising JIT Internals
Pharo Optimising JIT InternalsPharo Optimising JIT Internals
Pharo Optimising JIT InternalsESUG
 
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...Andrey Karpov
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteDVClub
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresAndrey Karpov
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자Taeyeop Kim
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That CouldPVS-Studio
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++Andrey Karpov
 
Hands on clang-format
Hands on clang-formatHands on clang-format
Hands on clang-formatKai Wolf
 
I just had to check ICQ project
I just had to check ICQ projectI just had to check ICQ project
I just had to check ICQ projectPVS-Studio
 
Vlsi lab manual exp:2
Vlsi lab manual exp:2Vlsi lab manual exp:2
Vlsi lab manual exp:2komala vani
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7Wim Godden
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
VLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturVLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturPramod Kumar S
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality Andrey Karpov
 

What's hot (20)

MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High Quality
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and Cppcheck
 
Quality assurance of large c++ projects
Quality assurance of large c++ projectsQuality assurance of large c++ projects
Quality assurance of large c++ projects
 
Pharo Optimising JIT Internals
Pharo Optimising JIT InternalsPharo Optimising JIT Internals
Pharo Optimising JIT Internals
 
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
 
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test SuiteProcessor Verification Using Open Source Tools and the GCC Regression Test Suite
Processor Verification Using Open Source Tools and the GCC Regression Test Suite
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced features
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
 
Pragmatic Code Coverage
Pragmatic Code CoveragePragmatic Code Coverage
Pragmatic Code Coverage
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That Could
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++
 
Hands on clang-format
Hands on clang-formatHands on clang-format
Hands on clang-format
 
I just had to check ICQ project
I just had to check ICQ projectI just had to check ICQ project
I just had to check ICQ project
 
Vlsi lab manual exp:2
Vlsi lab manual exp:2Vlsi lab manual exp:2
Vlsi lab manual exp:2
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 
VLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tipturVLSI lab manual Part A, VTU 7the sem KIT-tiptur
VLSI lab manual Part A, VTU 7the sem KIT-tiptur
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality
 

Similar to Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems

Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsChantalWauters
 
Standard embedded c
Standard embedded cStandard embedded c
Standard embedded cTam Thanh
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
11. Lecture 19 Code standards and review.ppt
11. Lecture 19 Code standards and review.ppt11. Lecture 19 Code standards and review.ppt
11. Lecture 19 Code standards and review.pptMaddalaSeshu
 
What Is MISRA and how to Cook It
What Is MISRA and how to Cook ItWhat Is MISRA and how to Cook It
What Is MISRA and how to Cook ItAndrey Karpov
 
Accelerating MISRA and CERT coding standards compliance with dedicated report...
Accelerating MISRA and CERT coding standards compliance with dedicated report...Accelerating MISRA and CERT coding standards compliance with dedicated report...
Accelerating MISRA and CERT coding standards compliance with dedicated report...ChantalWauters
 
An Introduction to MISRA C:2012
An Introduction to MISRA C:2012An Introduction to MISRA C:2012
An Introduction to MISRA C:2012PRQA
 
Webinar misra and security
Webinar misra and securityWebinar misra and security
Webinar misra and securityPerforce
 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certificationPRQA
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...Pôle Systematic Paris-Region
 
Coding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR GuidelinesCoding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR GuidelinesPerforce
 
How to improve code quality for iOS apps?
How to improve code quality for iOS apps?How to improve code quality for iOS apps?
How to improve code quality for iOS apps?Kate Semizhon
 
Getting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingGetting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingRISC-V International
 
Static code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solutionStatic code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solutionAndrey Karpov
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code ProtectionPerforce
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldAndrey Karpov
 

Similar to Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems (20)

Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding Standards
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems
 
Standard embedded c
Standard embedded cStandard embedded c
Standard embedded c
 
Code coverage
Code coverageCode coverage
Code coverage
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
11. Lecture 19 Code standards and review.ppt
11. Lecture 19 Code standards and review.ppt11. Lecture 19 Code standards and review.ppt
11. Lecture 19 Code standards and review.ppt
 
What Is MISRA and how to Cook It
What Is MISRA and how to Cook ItWhat Is MISRA and how to Cook It
What Is MISRA and how to Cook It
 
Accelerating MISRA and CERT coding standards compliance with dedicated report...
Accelerating MISRA and CERT coding standards compliance with dedicated report...Accelerating MISRA and CERT coding standards compliance with dedicated report...
Accelerating MISRA and CERT coding standards compliance with dedicated report...
 
An Introduction to MISRA C:2012
An Introduction to MISRA C:2012An Introduction to MISRA C:2012
An Introduction to MISRA C:2012
 
Webinar misra and security
Webinar misra and securityWebinar misra and security
Webinar misra and security
 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certification
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically Guaranteed
 
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
 
Coding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR GuidelinesCoding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR Guidelines
 
How to improve code quality for iOS apps?
How to improve code quality for iOS apps?How to improve code quality for iOS apps?
How to improve code quality for iOS apps?
 
Getting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingGetting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testing
 
Static code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solutionStatic code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solution
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
 
Report on Advanced Robotics & Programming
Report on Advanced Robotics & ProgrammingReport on Advanced Robotics & Programming
Report on Advanced Robotics & Programming
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security world
 

More from Andrey Karpov

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программистаAndrey Karpov
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developerAndrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Andrey Karpov
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesAndrey Karpov
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewAndrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокAndrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesAndrey Karpov
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?Andrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaAndrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Andrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareAndrey Karpov
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++Andrey Karpov
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?Andrey Karpov
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youAndrey Karpov
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsAndrey Karpov
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...Andrey Karpov
 

More from Andrey Karpov (20)

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
 

Recently uploaded

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 

Recently uploaded (20)

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 

Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems

  • 1. Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems Presenter: George Gribkov
  • 2.  A C++ developer, one of PVS-Studio's static code analyzer developers.  Develops a set of diagnostic rules that check code for compliance with the MISRA C and MISRA C ++ standards  gribkov@viva64.com Presenter: George Gribkov George Gribkov 2
  • 3. 1.Coding standards: reasons why they are required 2.MISRA and AUTOSAR: what’s under the hood 3.Standards in your projects Contents 3
  • 5.  Popularity of C Problems 5
  • 6.  Popularity of C  POPULARITY of C Problems 6
  • 7.  Popularity of C  POPULARITY of C  Popularity of С++ Problems 7
  • 8.  Popularity of C  POPULARITY of C  Popularity of С++  Imperfections in these languages Problems 8
  • 9.  Available compilers  Standardization  Portability  Long use experience  Efficiency  Support from analysis tools What Caused the Popularity 9
  • 10.  Incomplete standardization  Undefined, unspecified, implementation-defined behavior  Incorrect language use if ( i = 0 ) or if ( i == 0 )? Weaknesses of C and C++ 10
  • 11. Weaknesses of C and C++ 11
  • 12. When It Comes to Big Responsibility… 12
  • 13.  On June 4, 1996, Ariane 5, a European launch vehicle, turned into confetti on 37th second after liftoff. A Very Expensive Error 13
  • 14.  The investigation revealed that the accident was caused by a programmatic error (an integer overflow).  The rocket carried 4 satellites.  The financial losses amounted to 370 000 000 $. A Very Expensive Error 14
  • 15. 15 It’s time to do something!!!
  • 17.  MISRA is a set of guidelines Current versions:  MISRA C:2012 – 143 rules  MISRA C++:2008 – 228 rules MISRA: What Is This? 17
  • 18.  MISRA means «Motor Industry Software Reliability Association»: MISRA: What Is This? 18  Bentley Motor Cars  Ford Motor Company  Jaguar Land Rover  Delphi Diesel Systems  HORIBA MIRA  Protean Electric  Visteon Engineering Services  The University of Leeds  Ricardo UK  ZF TRW
  • 19.  AUTOSAR means AUTomotive Open System ARchitecture A Few Words About AUTOSAR 19
  • 20.  AUTOSAR means AUTomotive Open System ARchitecture A Few Words About AUTOSAR 20  BMW Group  Bosch  Continental  Daimler AG  Ford  General Motors  PSA Peugeot Citroën  Toyota  Volkswagen  …and over 200 more partners
  • 21.  AUTOSAR means AUTomotive Open System ARchitecture  AUTOSAR is a development methodology.  AUTOSAR C++ is a part of this methodology. The current version:  AUTOSAR C++: 19-03 – over 350 rules A Few Words About AUTOSAR 21
  • 22. MISRA C++ and AUTOSAR C++ 22 MISRA C++ AUTOSAR C++ C++03 ✓ ✓ C++11 ☓ ✓ C++14 ☓ ✓
  • 23. Industries that Use MISRA and AUTOSAR 23
  • 24. 1.Mandatory – no deviations are permissible 2.Required – deviations are acceptable 3.Advisory – optional to follow Rule Categories: 24
  • 25. Mandatory rules:  Do not use an uninitialized variable’s value  Do not use a pointer to FILE after the stream is closed  Do not write unreachable code  A loop’s counter must not be of a floating-point type  … Rule Examples 25
  • 26. Required rules:  Do not use goto and longjmp  Each switch must end with default  if, else, for, while, do, and switch operator bodies must be enclosed in braces  Do not use variadic functions  … Rule Examples 26
  • 27. …and all the rest:  The ‘L’ suffix must be always capitalized (42L)  Do not use address arithmetic (except for [] and ++)  Do not use the ‘comma’ operator  Do not change a function’s parameter inside the function’s body  … Rule Examples 27
  • 29. There’s a lot!  Rules are classified according to different criteria  Rules are applicable to generated code  A complete list of undefined/unspecified/etc… behaviors  Check-lists that detail how to set up analyzers, checks etc.  A matrix that shows intersections with other standards  Documentation examples What Else Is There Aside From Rules? 29
  • 30. Using Standards in Your Projects 30
  • 31.  Do you check code manually? It must be a nightmare!  Use static code analysis tools.  Static analysis is automated code review. Checking Code for Compliance 31
  • 32.  Start using a standard BEFORE you start a project.  If you’ve already started your project – think twice. How to Start 32
  • 33.  Hide old errors to work at the usual pace.  This way you will see only warnings for new code.  You benefit from the analyzer IMMEDIATELY.  Remember the old errors! Come back and fix them one by one. Use Warning Suppression! 33
  • 34. How to Work with Suppress Base 34
  • 35.  Locally on each developer’s computer (plugins for IDEs and compilation monitoring systems are available) How and When Do You Check Code 35
  • 36.  Continuous integration systems (command-line utilities, plugions for CI systems, monitoring systems) How and Where Can You Check Code 36
  • 37. How and Where Can You Check Code 37
  • 38. You need:  Code that complies with the Mandatory and Required rules;  A guide enforcement plan;  Documentation for all deviations;  Documentation for all warnings from compilers and static analyzers;  A guideline compliance summary. How to Prove Your Project’s Compliance? 38
  • 39. A sample guide enforcement plan: A Guide Enforcement Plan 39 Rule Compiler Analyzer Code review “A” “B” “A” “B” … 5.1 No errors No errors --- --- Procedure x 5.2 No errors No errors Warning V2561 No messages … 10.4 Warning 458 No errors No warnings No messages …
  • 40.  Sometimes it’s impossible to follow a standard precisely. Example: const unsigned char *PORT = 0x10u;  Different deviations have different specifics. Document Deviations Well 40
  • 41.  Deviation documentation must contain:  The broken rule’s number  The violation’s location  Reasons for the deviation  Safety proof  Possible consequences Document Deviations Well 41
  • 42. A sample guideline compliance summary A Guideline Compliance Summary 42 Rule The MISRA Category Compliance … 5.1 Mandatory Compliant 5.2 Required With deviations … 10.4 Advisory Not used …
  • 43.  All C/C++ code complies with Mandatory and Required rules  The compliance plan is fully filled-out  All deviations are documented  All compiler and analyzer warnings are  The compliance summary is fully filled out Congratulations! You have set safety to the max!!! Summary: 43
  • 44. MISRA Compliance: 2016 Achieving compliance with MISRA Coding Guidelines More Details on MISRA Standard Compliance 44
  • 45. 1. Remove complex branching, goto and recursion. 2. All loops must have a limit. 3. Give up allocating memory dynamically. 4. Any given function must not exceed a letter-sized sheet of paper. 5. Use no more than two runtime assertions per function. The Power of 10: NASA’s Golden Rules 45
  • 46. The Power of 10: NASA’s Golden Rules 46 6. Declare data at the lowest scope. 7. Does the function return anything? Do check! 8. Do not use preprocessing. 9. Do not use nested pointers. 10. «A zero-warning rule».
  • 47. A related article: The Power of 10: NASA’s Golden Rules 47
  • 49.  Sometimes classic quality assurance methods are insufficient.  What do MISRA and AUTOSAR C++ offer?  Using standards in your code. Summary 49