Static Code Analysis Identification of Safety-critical Software Why Use Static Code Analysis? Software Static Code Analysis Lessons Learned

M ost software errors are relatively harmless, albeit annoying, such as when a word processor crashes. However, errors in some types of software can have serious consequences such as the failure of an aircraft's flight control software, which could be catastrophic. Software that controls a system whose failure could endanger human life or the aircraft is termed safety-critical software. Its integrity is of great concern to developers, users, the public, and the certification/regulatory authority. Recent large-scale assessments of avionics software have produced some interesting results that show how important language selection is when producing safe and reliable avionics. This article presents the following information: • Covers some of the methods used to identify safety-critical software and functionality. • Discusses some myths of static code analysis. • Describes some static analysis techniques. • Identifies some of the tools available. • Provides some general results of the practical application of static code analysis. Safety-critical software must be shown fully predictable in operation and have the properties required of it [1]. In addition to dynamic testing, such code is also subject to static testing: This is the rigorous examination of software (without running it dynamically) to establish the properties that will always hold true under any operating condition. It is an examination of the code, the architectural design, and the accompanying documentation , which together provides a picture of the completeness, or otherwise, of the software system [2]. There are various techniques that come under the umbrella term static code analysis, and these can be characterized by their nature and depth [3]. Nature refers to the broad objectives of the analysis and could be concerned with specific properties such as portability. Depth means the analytical depth of the technique. The United Kingdom (UK) Ministry of Defense (MoD) adopted the safety argument approach in 1992, as retrospective evaluation of avionics systems had become complicated. The MoD still operates the lessons learned/best practice approach that is used as part of the safety argument evidence. The system design standards are used to trap system safety design requirements; these are Defense Standard 00-970 [4] and Defense Standard 00-971 [5] for aircraft. The safety argument approach is now used for the complete aircraft and has major advantages; it does not limit the possible design solution by being over-prescriptive , and it can cope with rapidly changing technology. The current preferred method for safety-critical code functionality identification (including system …