continuous code inspection - iar systems · continuous code inspection michael fuhrmann, field...
TRANSCRIPT
![Page 1: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/1.jpg)
Continuous Code Inspection
Michael Fuhrmann, Field Application Engineer
![Page 2: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/2.jpg)
Agenda
• Code inspections
• Static code analysis
• C-STAT and CI
![Page 3: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/3.jpg)
Code inspections
![Page 4: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/4.jpg)
Code inspections
• 3 approaches to code inspections
– Code reviews
– Pair programming
– Automated inspections
Cartoon licensed under CC-BY-3.0 http://geek-and-poke.com/
![Page 5: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/5.jpg)
Code inspections
• Code reviews
– Activity, where the code gets viewed & read by one or
several humans
– At least one of the humans must not be the author of
the code
– Can be done as interruption of the implementation or
after the implementation
– Possible process: Fagan inspection
![Page 6: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/6.jpg)
Code inspections
• Code review goals
– Improve code quality
– Find possible defects
– Knowledge transfer
– Highlight possible better solutions
– QA guideline compliance
Cartoon licensed under CC-BY-3.0 http://geek-and-poke.com/
![Page 7: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/7.jpg)
Code inspections
• Pair programming
– Two programmers work together at
one workstation
– One (the driver) writes the code, while
the other (the observer) reviews the
code, while it is typed in
Cartoon licensed under CC-BY-3.0 http://geek-and-poke.com/
![Page 8: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/8.jpg)
Code inspections
• Pair programming advantages
– Better code with less defects
– Improved problem / project oriented focus
– Knowledge transfer, reduced bus factor
• Pair programming challenges
– Building successful / productive teams
![Page 9: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/9.jpg)
Code inspections
• Automated inspections
– Offload the code reviews to a machine
– No limitations in the frequency of the
code reviews
– High repeatability of the results
– Can be included into CI flow
Cartoon licensed under CC-BY-3.0 http://geek-and-poke.com/
![Page 10: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/10.jpg)
Static code analysis
![Page 11: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/11.jpg)
Static code analysis
• Wikipedia defines static code analysis as
– … the analysis of computer software that is performed
without actually executing programs …
– … the analysis performed by an automated tool, with
human analysis being called program understanding,
program comprehension, or code review
![Page 12: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/12.jpg)
Static code analysis
• Background on static code analysis
– Intended to identify potential errors, vulnerabilities,
portability issues, etc.
– Can be used to enforce compliance to a coding style
and / or to a language subset (e.g. MISRA-C)
– Highly recommended for any embedded
development, mandatory for many certifications, if
you are in the area of functional safety
![Page 13: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/13.jpg)
Static code analysis
• Motor Industry Software Reliability Association
– A consortium that promotes standards to improve the
safety and reliability of embedded code
– MISRA-C is:
• A language subset, that takes out the undefined behavior that
is part of the C standard
• A basis for a coding standard
![Page 14: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/14.jpg)
Static code analysis
• IAR Systems provides C-STAT
– Fully integrated into the IAR Embedded Workbench
– Flexible rule selection + export / import of rule-sets
– Detailed documentation of checks and messages
– C-STAT supports:
• ~250 checks based on issues addressed by CWE and CERT
• MISRA-C 2004
• MISRA-C 2012
• MISRA-C++ 2008
![Page 15: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/15.jpg)
Demonstration of C-STAT
![Page 16: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/16.jpg)
C-STAT and CI
![Page 17: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/17.jpg)
C-STAT and CI
• Continuous Integration (CI) environments
– automate the build and test of code, every time a team
member commits changes to the version control system
– should be agnostic to the underlying tools
– should offer the option to call tools from the command
line
![Page 18: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/18.jpg)
C-STAT and CI
• C-STAT from the command line
– Perform static code analysis from the command line
– Useful when you want to automate repetitive analysis
– Results will be reported in the console window and in
a database file
– Syntax: icstat.exe [options] <command> [--<extra>]
![Page 19: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/19.jpg)
C-STAT and CI
• C-STAT through iarbuild.exe
– Build your complete project based on the project settings file *.ewp with iarbuild.exe
– Static code analysis via C-STAT can be invoked
– Syntax: iarbuild.exe project.ewp [ -clean | -build |
-make | -cstat_analyze | -cstat_clean] configuration
[log options][parallel][custom argument variables]
![Page 20: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/20.jpg)
C-STAT and CI
Cartoon licensed under CC-BY-3.0 http://geek-and-poke.com/
Test Build
CommitNotify
Code
![Page 21: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/21.jpg)
Summary
• Automated inspections are a good
approach to improve code quality
• Static code analysis helps you to identify
possible issues in an efficient way
• C-STAT is available for daily use inside
IAR Embedded Workbench as well as
from the command line
![Page 22: Continuous Code Inspection - IAR Systems · Continuous Code Inspection Michael Fuhrmann, Field Application Engineer. Agenda •Code inspections •Static code analysis •C-STAT and](https://reader030.vdocuments.site/reader030/viewer/2022041114/5f2381f2f00bc922b015f1f5/html5/thumbnails/22.jpg)
Thank you for your attention!
www.iar.com