Automated translation toolchain validation: the revolution of compiler qualification
Functional safety standards are adamant in saying that you can code and reason about safety-related programs at the C/C++ source code level only if:
- your program is written in a safe subset of the language, which today invariably means MISRA C/C++;
- you qualify the translation toolchain (preprocessor, compiler, assembler, linker) so as to justify your reliance on the fact that your source code is translated into equivalent machine code.
In order to ensure point (1) you need a software analyzer that interprets the source code the same way the compiler does.
This is not trivial at all, given that C and C++ have more than one hundred implementation-defined behaviors each, many of which do influence the interpretation of source code. A misconfigured software analyzer will misinterpret the source code and so cannot give any guarantee of MISRA compliance. What makes this aspect very complex is the fact that every compiler has dozens to hundreds of options that do influence one or more implementation-defined aspects. Moreover, options can be given on the command line, or can be provided in environment variables, or again can be given in compiler configuration files: just miss one relevant option and your MISRA-compliance verification activity is worth nothing. One of the most loved features of the ECLAIR Software Verification Platform is that it completely automates this configuration phase: ECLAIR will detect by itself, without any user intervention, all the relevant implementation-defined behaviors, no matter whether and how compiler options are used to influence them. It does so by intercepting all the invocation to the toolchain components, by interpreting the meaning of each provided options, and by "knowing" the defaults of each supported compiler.
In order to ensure point (2) and to qualify the translation toolchain you need a professional compiler validation testsuite and, this is crucial, you need to configure it so as to capture your use case(s) precisely.
In fact, the dozens to hundreds options accepted by compilers do not only control the implementation-defined aspects, they also control optimization levels and other important factors concerning the generated machine code. Every combination of options of the compiler constitutes a different use case for the compiler, and validating one use case gives no guarantee for another use case. Suppose you have successfully validated the compiler in its default configuration, i.e., without any compilation options the execution of the tens of thousands of validated tests in the testsuite revealed no problems. This is good and fine, if you really only use the compiler this way. But if you compile (some) translation units with an optimization level different from the default one, or if you request the generation of position-independent code by adding an option, then your compiler validation activity is worth nothing. Does this ring a bell? Of course it does! ECLAIR, due to its ability to catch all the options given to the compiler for each translation unit that is compiled, knows exactly the set of all and only the compiler use cases for your project.
The revolution
CerTran, the new solution jointly developed by BUGSENG and Solid Sands, leverages the automatic detection of all compiler use cases for your project by producing the required SuperTest configuration files and then running the compiler validation procedures. This radically changes the way in which translation toolchains can be used and qualified for use in safety-related development. Qualification can now be done automatically and possibly integrated in CI systems. This allows development teams to easily change the translation toolchains or the options with which they are used, whenever the need arises (e.g., to work around defects or to obtain more performance via specific optimizations). Users of SuperTest, which is the most authoritative C/C++ compiler validation suite, can now fully exploit its power, by routinely validating all the translation toolchains they use, in whichever configurations they use it, even those used for debugging.
Attend a webinar and learn how to automate compiler qualification
We are presenting and showcasing the CerTran solution in a joint webinar with Solid Sands:
"When developing safety-critical applications in C or C++, there are two key factors to consider – do the compiler and library do what they are supposed to, and does the application source code comply with the programming guidelines like MISRA? For the first, Solid Sands has SuperTest, and for the second, BUGSENG has ECLAIR. With ECLAIR's CerTran integration, these two can now work together seamlessly. It makes safety-critical development much more efficient." – Solid Sands’ CTO Marcel Beemster.
Take-home: This webinar will teach you how the integration of CerTran and SuperTest automates the analysis of the compiler’s use case and the compiler validation, as part of your qualification project.
Don't forget to join our LinkedIn community to keep up to date with all our news. Also, subscribe to BUGSENG YouTube channel to strengthen your knowledge of the safe and secure software world. Our videos dive into functional safety, tool qualification, MISRA compliance and so much more.