Post-market investigators at the United States Food and Drug Administration may need to review medical device software to assess its integrity. They have to do this with little or no prior knowledge of the software. Historically, the only way to perform such a review has been to manually search the code for potential sources of error --- a process that is both tedious and error-prone.
Static analysis tools can improve this process by providing a means for automated error detection. By using symbolic execution techniques to explore execution paths of the software, static analysis provides complete, or almost complete, coverage of the code, and helps detect potentially fatal errors that may not easily be detected through conventional testing methods. Using automated static analysis tools can help reduce the effort involved in analysis and provide a more accurate assessment of the software.
In this paper, we discuss CodeSonar, a whole-program interprocedural static analysis tool for C/C++ programs, and illustrate how it was used to facilitate error detection during a post-market investigation.
[1]
Daniel Jackson,et al.
Lightweight Formal Methods
,
2001,
FME.
[2]
Natarajan Shankar,et al.
PVS: A Prototype Verification System
,
1992,
CADE.
[3]
Dawson R. Engler,et al.
Uprooting Software Defects at the Source
,
2003,
ACM Queue.
[4]
Peter Gorm Larsen,et al.
A Lightweight Approach to Formal Methods
,
1998,
FM-Trends.
[5]
Tiziana Margaria.
Introductory paper
,
2005,
International Journal on Software Tools for Technology Transfer.
[6]
Insup Lee,et al.
Formal Methods Based Development of a PCA Infusion Pump Reference Model: Generic Infusion Pump (GIP) Project
,
2007,
2007 Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability (HCMDSS-MDPnP 2007).
[7]
Steven V. Earhart.
UNIX programmer's manual
,
1986
.
[8]
C. Johnson,et al.
In Unix Programmer''s Manual
,
1978
.