Safety, security, and compliance – these are some of the key challenges that embedded software developers face today. Whether you are developing software for medical devices, automotive systems, industrial automation, or IoT applications, you must ensure that your code is reliable, robust, and resistant to attacks. And you need to do this while meeting the requirements of various standards and regulations that apply to your domain.
If we are working with software for embedded systems, especially in the more deeply embedded end of things where MCUs dominate, we know that C and C++ still rule the world. However, as defined in their respective language standards, C and C++ are not really that well suited for developing high-integrity software. The languages are excellent thanks to their efficiency, flexibility, and direct access to hardware. Nonetheless, these languages also have some features and constructs that can introduce errors, vulnerabilities, and undefined behaviors in your code. These can compromise the functionality, safety, and security of your system, and make it harder to comply with the relevant standards.
So, it’s not a coincidence that to be compliant with Functional Safety standards (like IEC61508 or ISO26262), it is highly recommended that you use a well-defined language subset to eliminate most, if not all, of the weaknesses of C and C++. Using a language subset for C and C++ is also considered best practice in a cyber security context (like IEC62443). This is also not a coincidence — independent of a security or safety perspective, we will find a big pool of language issues that have meaning in both contexts. Check the Common Weakness Enumeration's top list of persistent issues for the last four years for more info on this.
For example, we can consider out-of-bounds read and write. From a safety perspective, an out-of-bounds read can cause your system to crash and burn due to unexpected input data. Conversely, forcing a system to perform an out-of-bounds write is a well-known attack vector to gain control of a system.
Of course, using a language subset is not enough to guarantee the quality and security of your code. You also need to verify that your code conforms to the rules of the subset and does not contain any other defects or vulnerabilities that could affect your system.
As developers, we all know we sometimes inadvertently introduce recurring errors into our code base. Research conducted by esteemed entities such as NASA, Bell Labs, and MITRE, which have conducted numerous surveys and studies, supports this observation. The research has led to the creation of guidelines outlining best practices in programming, pinpointing coding patterns that can be problematic from a safety, security, or portability perspective. This is where static analysis comes in.
Static analysis is a technique that analyzes your source code without executing it and detects potential errors, bugs, and violations of coding standards. The technique can help you identify and fix issues early in the development cycle before they become costly and risky to correct. It can also help you demonstrate compliance with the standards that apply to your project, by providing evidence of adherence to the language subset and other coding rules.
One of the best tools for static analysis is C-STAT, which is seamlessly integrated into the IAR-Embedded Workbench. C-STAT supports a range of industry standards, including MISRA C, MISRA C++, CERT C, and CERT C++ standards, alongside other rule sets like CWE and SEI CERT. C-STAT can be customized to suit your specific needs and preferences, ensuring a user-friendly experience. It provides clear and actionable reports of the analysis results as it works seamlessly with the IAR build chain. With certification from TÜV SÜD for functional safety projects, C-STAT enforces quality and reliability.
Automating software quality, safety, and security enforcement stands out as the most efficient approach for boosting software quality and security. This involves utilizing high-quality compilers and linkers, ideally those with functional safety certifications, in conjunction with automated static analysis tools.
Static analysis is a powerful technique that can help you improve the quality and security of your embedded software and comply with the relevant standards and regulations. By using a well-defined language subset for C and C++ and verifying your code with C-STAT, you can eliminate many common issues that can compromise your system and save time and money in the development process. Whether you are developing software for functional safety, cyber security, or general-purpose embedded systems, C-STAT can help you deliver better software faster.