CODE QUALITY BLOG: As cyberwarfare becomes increasingly part of the norm, many, if not most, military embedded systems are safety- and/or security-critical in nature. To combat this increasing risk, it only makes sense that military systems should be constructed following some of the industry’s most rigorous software development standards to ensure their safe, secure, and functionally accurate operation. Following these standards offers a double benefit. Not only does it reduce safety and security risk, but it also reduces cost. Software development standards improve maintainability, upgradability, reusability, and testability, delivering long-term benefits especially given the typical life span of these systems.
To address the need for improved safety and security, consistency and to simplify future maintenance and testing, software development organizations must consider standardizing on a process for software development and a well-defined use of the software language. If this environment is not well defined, there are of course huge potential problems further down the line.
Let’s look at this issue in the C language, which has defined operators, syntax, functions, etc., in an extremely flexible way. It is possible to write code that may work, but is nearly incomprehensible to others and may contain complexities and hidden errors that wreak havoc under certain conditions. Languages such as C++, Java, and even Ada — all used in military embedded systems — used indiscriminately, can lead to similar unsupportable conditions. Coding standards provide a consistent, mutually understandable language and approach to software development that help developers avoid any ambiguities in the software language definition and ensures that teams get coding done and done right.
Having such a standards-based approach brings immediate benefits. A coding standard helps define a set of practices that can be understood and used across a team. By collaborating on a common set of coding constructs and practices, team members can easily communicate using the same approach and produce code that is more consistent, maintainable, and testable across the software development organization.
In the military and aerospace domain, there are now programs that must follow DO-178C, a software standard for developing safety-critical avionics applications. DO-178C requires companies to use coding standards to ensure that safety-critical applications are built on code that is safer and more secure by construction. Standards such as MISRA, CERT C/C++, and CWE help eliminate flaws and security vulnerabilities from entering the code in the first place. With languages such as C where many variants have been defined, coding standards ensure consistent, maintainable practices that help reduce risk and support future reusability and testability.
Getting it right
Needless to say, any such set of coding standards will be quite detailed and require constant attention. Checking to ensure that the standards actually have been fully adhered to is potentially an even more daunting task and one that can only be reliably achieved through the use of automated tools. Replacing manual inspection, automated checking is done through static analysis of the source code and should be done throughout code construction. This only becomes practical (or bearable) when the tool lends itself to quick and easily comprehensible operation showing developers exactly what they need to know about compliance.
Look for a static analysis tool that lets you select from established standards along with rules that have been adopted within an organization. These advantages enable teams on the same project to bring together their results based on the same set of practices and standards they’ve been using. There are a lot fewer questions, conversations, and explanations trying to figure out what others are trying to do. While not exactly quantifiable, this means spending less time on comprehending the code and communicating about it, which over the life of a project can result in enormous savings.
Automated checking for compliance speeds the iterative development effort. With respect to security, coding standards help solve a piece of the overall security puzzle. They don’t address encryption, isolation, quarantining, nor ensure data is secured at rest and in transit, etc., but they do help avoid subtle coding errors that could be exploited. Such standards would have eliminated the notorious heartbleed bug that was caused by simply failing to limit the size of a variable—a risk that cannot be justified in a military system. A tool set up for in-depth analysis can also collect internal information about the code and understand more in-depth topics like true data coupling and control coupling, necessary for safety- and security-critical applications.
Dynamic testing goes beyond static analysis in that it involves actually compiling and running the code with inputs and looking for expected outputs. Dynamic unit and integration testing requires a set of test vectors and a test harness derived from a deep understanding of the code gained by the static analysis. The harness is a piece of software that surrounds the code under test and enables the presentation of test inputs and the extraction of the resulting outputs.
Standards — foundational!
Think of coding standards as both a piece of the process and a foundation. Adopting a set of standards that a team understands, combined with robust tool support, leads to a smoother workflow and results in code that immediate and future teams can understand. Because it is comprehensible, areas that may need tweaking or modification can be easily identified, leading to easier maintenance. And, the in-depth analysis can enormously ease the burden of setting up and carrying out detailed testing to fully assure developers (or compliance organizations) of the solid functionality of their efforts.
So, yes, coding standards are necessary to form the foundation of solid software quality process. Development organizations that adhere to rigorous coding standards will create more consistent, maintainable, reusable, and testable code. Ultimately, this results in higher quality application software.
Coding standards compliance is displayed inline with file/function name to show which aspects of the system do not comply with the standard. Bar charts compare violations across the MISRA standards to give a clear understanding of conformance to the models and to show necessary code changes to update or move to a different MISRA standard.