What are the costs of false positives and false negatives?
False positives and false negatives are as dangerous in static analysis tools as they are in Covid-19 testing. False positives say you have a problem when you don’t. False negatives tell you everything is fine when it isn’t.
New webinar demo: ECLAIR revolutionizes interfacing with IDEs
Apparently, Isaac Newton did some of his best work while isolating from the Great Plague of 1665/6. The enforced absence gave him time and space to develop his theories on calculus, optics and the laws of motion and gravity. We can’t claim that our work will be quite so world-changing, but we do believe we have solved an issue all static analysis tool vendors have been grappling with for years.
ECLAIR 3.7 launches with 3 new code analysis benefits
We initially created ECLAIR, our static code analysis tool, back in 2008. Our aim was, and still is, to help developers build better, more reliable systems. At the same time, we want to help managers ensure code safety, portability and reliability.
Register for our new FREE MISRA C/C++ and BARR-C webinars
Update:
We added 4 new bonus webinars: April 23 (ECLAIR, IDEs and extensible editors), May 5 + 7 (floating-point computation traps & pitfalls, parts 1 and 2) and May 19 (MISRA C Compliance: Watch it Done Live). Check them out below!
What does MISRA C/C++ compliance really involve?
Some organizations believe they can claim MISRA compliance for their software simply by buying any one of the many MISRA-checking tools on the market. That’s not the case. In fact, this approach is extremely risky.
Compliance to MISRA C/C++ is not simply something you can define according to your own taste. The MISRA consortium defines the conditions for formulating a defensible compliance claim. If you’d like to do your own research, here are three normative sources:
Meet BUGSENG at Embedded World 2020
Now in its 18th year, Embedded World is the leading international exhibition and conference for embedded systems. It attracts more than 30,000 trade visitors to meet and learn from over 1,000 exhibitors and speakers from across the world. The conference program covers the entire spectrum of embedded systems, with topics ranging from distributed intelligence and the Internet of Things (IoT) to e-mobility, energy efficiency and systems security.
BUGSENG’s 2019 review and 2020 vision
Launching new products, speaking at international conferences, running training courses and publishing papers. It’s been an incredibly busy and successful year for BUGSENG. We asked CTO, Roberto Bagnara, to give us a brief round up of what’s been happening in 2019 and reveal some of BUGSENG’s plans for next year.
It’s been a highly successful year for BUGSENG; are there any particular achievements that stand out for you?
BUGSENG’s joint paper with Michael Barr
Roberto Bagnara and Dr Patricia Hill of BUGSENG are currently working on a joint paper with Michael Barr, a leading embedded systems software engineer and consultant. The paper discusses the relationship between BARR-C: 2018 and MISRA C: 2012. These are the two most widely used C coding standards and the paper details their parallel and serial adoption.
Three big BUGSENG announcements
We’ve been busy at BUGSENG recently and are now delighted to be able to share three exciting news stories.
Launch: ECLAIR Qualification Kits
Competition time: Test your C programming skills
When Lonely Planet asked travelers for their ‘lost in translation’ photos of signs and menus from around the world, they had over 1,000, often hilarious, responses. Even when communicating in natural languages and dialects, the potential for confusion is immense. We see a similar but more serious issue of confusion around the C programming language.
C means nothing on its own
Meet one of the inspirations for BUGSENG’s success
Dr Patricia Hill (or Pat as she’s known around here) makes an unassuming hero. However, she’s been part of the BUGSENG journey since the start and her experience contributes to our success every day. Her career story is inspiring and exhausting in equal measure, so we persuaded her to pause and reflect on what she’s learnt so far. As co-founder of BUGSENG, how would you describe your role?“I mainly work on the design and implementation of static analyses for the automatic checking of compliance with respect to coding standards.
Three safety critical software trends shaping industry
We live in a world where our safety increasingly depends on software. It has now become so deeply ingrained in many aspects of modern life that, quite literally at times, we can’t live without it. This reflects three broad, converging industry trends: increased software complexity, greater software dependency, and growing demand for fast, accurate, safety critical performance from software.
The question for organizations that produce goods that depend on software is how do you manage these trends in a cost-effective yet responsible way?
Why is MISRA C/C++ compliance great for business?
[Please read to the end for details of our free MISRA C workshop in Italy.]
Most clients initially ask us for help because they need to comply with MISRA C/C++ guidelines. They are the de facto standards for safety critical sectors as diverse as automotive, aerospace and medical devices. These are industries where the quality of the software can literally mean the difference between life and death.
Our philosophy: No shortcuts, no compromises, no excuses
The story of how BUGSENG came to be has taken many twists and turns over the years. From a teenage boy playing with his friend’s programmable calculator, through stints with the military and CERN and on to a glittering academic career spanning both Italy and Yorkshire, England. We wanted to find out more about this story, and who better to tell it than BUGSENG’s co-founder and CTO, Roberto Bagnara.
Q: What inspired you to set up BUGSENG?
Why can’t I use a Bug Finder tool for MISRA compliance?
With a generic programmer audience in mind, Bug Finders are engineered to produce as few false positives as possible. This avoids the frustration of expensive and time consuming investigations. However, in safety critical software development, this approach is potentially life threatening. You may also have a contractual obligation to use MISRA C/C++ for safety critical software.
MISRA C/C++ is about error prevention, not bug finding
Feeling overwhelmed by MISRA C compliance?
In our previous blogs, we looked at the complexities of MISRA C compliance and the need for both robust verification tools and adequate personnel training. Organizations that start new projects having fulfilled these requirements will typically be able to claim MISRA compliance at the end of the project.
But there are exceptions, especially connected to the use of existing code. In this blog we’ll look at four situations, which can occur at the same time. The first two are rather common and all four can be the source of significant extra complications.
How can you avoid the C/C++ traps and pitfalls
In our previous blog, we looked at the complexities of MISRA C compliance and the necessity of robust verification tools. However, simply installing a tool is not sufficient. The MISRA compliance documents specifically state that, in order to describe a project as "MISRA Compliant", staff must be competent and fully understand the issues underlined by each guideline. This is especially important for personnel involved in the approval of deviations from the guidelines.
Three headaches with MISRA compliance
Software bugs are frustrating, inconvenient and expensive in any industry. But, in safety-critical, mission-critical or security-critical sectors, the consequences are not only disruptive to business. A single, subtle bug can be catastrophic to people’s lives.
In the car industry, for example, the number of safety recalls linked to software failures has risen by 30% a year since 2012. Toyota recently recalled more than 2.4 million hybrid vehicles worldwide because of a fault in their systems that could cause them to lose power.