1

Mathieu CuenantApplication Engineer – MathWorksmathieu.cuenant@mathworks.fr

Améliorez la qualité de vos logicielsembarqués grâce à l’analyse statique

2

Developing secure code - Gary McGraw touchpoints

Code review

Architecture risk

analysis

Penetration testing

3

Developing secure code

Code review

#1

#2Architecture risk

analysis

Penetration testing

#3

4

Automating code review

Code review

with a tool

5

A code review tool – Polyspace Bug Finder

Produce and monitor

quality metrics

Enforce coding rules

Identify defects

6

Automatic code review – Overall picture

Delivery

7

Enabling a fix-as-you-go process

Polyspace

Bug Finder

8

Ford deploys static code analysis at enterprise level

Watch video

9

Watch video

Solar Impulse saves 1 to 2 man-year with Polyspace

10

Finding bugs

Polyspace

Bug Finder

11

Where does the find-and-fix process stop ?

12

The magic box – Myth or reality ?

Source

code

Polyspace Code Prover

13

Proving code vs. finding bugs

Polyspace

Code Prover

14

Polyspace Code Prover - Highlights

static void pointer_arithmetic (void)

{

int array[100];

int *p = array;

int i;

for (i = 0; i < 100; i++) {

*p = 0;

p++;

}

if (get_bus_status() > 0) {

if (get_oil_pressure() > 0) {

*p = 5;

} else {

i++;

}

}

i = get_bus_status();

if (i >= 0) {

*(p - i) = 10;

}

}

Green: reliable

safe pointer access

Red: faulty

out of bounds error

Gray: dead

unreachable code

Orange: unproven

may be unsafe

for some conditions

15

Robust verification of software components

Quality gate

SW modules Integrated SW

16

Contextual verification of application

17

Key takeaway

Automate Code Review

with Polyspace tools