SlideShare a Scribd company logo

Misracompliant20162020

Download as PPTX, PDF
Kiyoshi Ogawa
Kiyoshi Ogawa

misra compliance 2020/2016

Software
1 of 28
MISRA Compliance:2016
1. Introduction • Use of a disciplined software development process; • Exactly which guidelines are being applied; • The effectiveness of the enforcement methods; • The extent of any deviations from the guidelines; • The status of any software components developed outside of the project.
2. Content • 2.1The development contract • 2.2 The software development process – 1.The software requirements, including any safety or security requirements, are complete, unambiguous and correct; – 2.The design specifications reaching the coding phase are correct, consistent with the requirements and do not contain any other functionality; – 3.The object modules produced by the compiler behave as specified in the corresponding designs; – 4.The object modules have been tested, individually and together, to identify and eliminate errors
3. Fundamental elements of compliance • 3.1Guideline classification – Rule – Directive • 3.2 Analysis scope – Single Translation Unit “Every switch statement shall have a default value”, – System • “An identifier with external linkage shall have exactly one external definition”
• 3.3 The guideline enforcement plan(GEP) – Compilers – Tools – Manual review • 3.4 Investigating messages – 1.Correct diagnosis of a violation – 2.Diagnosis of a possible violation – 3.False diagnosis of a violation – 4.Diagnosis of a genuine issue that is not a violation
• 3.5 Decidability – Decidable – Undecidable • Complying with undecidable rules
4 Deviations • 4.1 The role of deviations • 4.2 Deviation records – 1. The guideline(s) being violated; – 2. A concise description of the circumstances in which a violation is acceptable; – 3. The reason why the deviation is required (see Section 4.4); – 4. Background information to explain the context and the language issues; – 5. A set of requirements to include any risk assessment procedures and precautions which must be observed.
• 4.3Deviation permits – Focus greater control over the generation of any new deviations; – Reduce disruption during the development process; – Reduce the effort associated with creating and reviewing deviations. – Category • Public deviation permits, published by MISRA; • Acquirer deviation permits, produced by an acquirer; • Supplier deviation permits, produced by a supplier.
• 4.4 Justifying a deviation – Simply to satisfy the convenience of the developer; – When a reasonable alternative coding strategy would make the need for a violation unnecessary; – Without considering the wider consequences of a particular violation on other guidelines; – Without the support of a suitable process; – Without the consent of a designated technical authority.
• Reason 1: Code quality – Functional suitability: Functional completeness, Functional correctness, Functional appropriateness – Performance efficiency: • Time behaviour, • Resource utilization, Capacity – Compatibility: Co-existence, Interoperability – Usability : Appropriateness recognizability, Learnability, Operability, User error protection,User interface aesthetics, Accessibility – Reliability: Maturity, Availability, Fault tolerance, Recoverability – Security: Confidentiality, Integrity, Non-repudiation, Accountability, Authenticity – Maintainability: Modularity, Reusability, Analysability, Modifiability, Testability – Portability: Adaptability, Installability, Replaceability
• Reason 2: Access to hardware – implementation-defined behaviour – encapsulated and isolated • Reason 3: Adopted code integration • Reason 4: Non-compliant adopted code – different version of The Guidelines.
5 guideline re-categorization plan(GRP) • Mandatory Guidelines — Guidelines for which violation is never permitted; • Required Guidelines — Guidelines which can only be violated when supported by a deviation defining a set of clear restrictions, requirements and precautions; • Advisory Guidelines — Recommendations to be followed as far as is reasonably practical. Violations are identified but are not required to be supported by a deviation.
6 Adopted Code • 6.1 The nature of adopted code – The Standard Library — The library code and header files specified by The Language Standard and provided with the compiler; – Device driver files — Code either included with the compiler or supplied by a semiconductor manufacturer providing an interface to device peripherals; – Middleware — Operating systems, protocol stacks, development tools, etc.; – Third Party Libraries — Mathematical operation libraries, graphical libraries, etc.; – Automatically generated code — Code generated by modelling tools, UML tools, etc.; – Legacy code — Code developed for other projects or previous versions of the current project.
• 6.2 System wide analysis scope • 6.3 Adopted binary code – Agree upon a common procedure and tools that each will apply to their own source code; – Supply each other with stub versions of source code to permit cross-organizational checks to be made. • 6.4 Adopted source code – Required or Advisory guidelines re-categorized as Mandatory are violated; – Advisory guidelines re-categorized as Required are violated and the use case is not covered by a deviation. – GRP • 1. Guidelines which must never be violated; • 2.Guidelines which must not be violated without a formal deviation.
• 6.5 Adopted header files – Expansion violates MISRA C:2012 Rule 11.9 • 6.6 The Standard Library – 1. Casting pointers to object types into pointers to other object types; – 2. Pointer arithmetic; – 3. Embedding assembly language statements in C.
7 Claiming MISRA compliance • 7.1 Staff competence • 7.2 The management process • 7.3 The guideline compliance summary – 1. Compliant — There are no violations of the guideline within the project; – 2. Deviations — There are violations of the guideline within the project which are all supported by deviations; – 3. Violations — There are violations of the guideline within the project which are not supported by deviations; – 4. Disapplied — No checks have been made for compliance with the guideline.
• 7.4 Project delivery – 1 .The guideline enforcement plan and, if requested by the acquirer: • 1.1The documentation listed in Section 3.3, demonstrating how compliance has been enforced; • 1.2Documentary evidence proving which tool checks have been performed; • 1.3Documentary evidence of any violations identified. – 2.The guideline compliance summary, declaring the level of compliance which is being claimed; – 3.Details of all approved deviation permits (if used); • 4.Deviation records covering all violations of guidelines re-categorized as Required;
8 References [1]MISRA C, Guidelines for the use of the C language in critical systems, HORIBA MIRA Limited. [2]MISRA C++, Guidelines for the use of the C++ language in critical systems, HORIBA MIRA Limited. [3]ISO/IEC 9899, Programming languages - C, International Organization for Standardization. [4]ISO/IEC 14882, Programming languages - C++, International Organization for Standardization. [5]ISO/IEC/IEEE 12207, Systems and software engineering - Software life cycle processes, International Organization for Standardization. [6]IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems, International Electrotechnical Commission. [7]ISO 26262, Road vehicles - Functional safety, International Organization for Standardization. [9]EN 50128, Railway applications Communications, signalling and processing systems - Software for railway control and protection, European Committee for Electrotechnical Standardization. [10]IEC 62304, Medical device software - Software life cycle processes, International Electrotechnical Commission. [8]DO-178/ED-12, Software Considerations in Airborne Systems and Equipment Certification, RTCA/EUTOCAE, 2011 [11]ISO/IEC/IEEE 25010, Systems and software Quality Requirements and Evaluation (SQuaRE) - System and software quality models, International Organization for Standardization.
Appendix A. Example deviation record
Appendix B. Example deviation permit Rule
Appendix C. Glossary(italics are 2020only) • Acquirer: Organization or person that enters into an agreement to acquire or procure a product or service from a supplier. • Adopted code: Code that has been developed outside the scope of the current project which may or may not have been developed so as to comply with The Guidelines applied to the project. • Deviation: A violation which has been formally accepted and approved. • Deviation permit: The specification of a use case and a set of requirements which may be applied to justify a deviation. • Deviation record: The documentation used to justify the presence of a violation. • Directive: A guideline lacking a complete, unambiguous specification. • Guideline: A directive or rule that defines a language restriction used to implement part of The Guidelines. • Guideline enforcement plan (GEP): A record of the methods used to provide enforcement of each guideline. • Guideline re-categorization plan (GRP): A policy agreed between the acquirer and the supplier whereby the MISRA category assigned to each guideline within The Guidelines is reviewed and in some cases superseded by a more stringent category.
• Guideline compliance summary (GCS):A record of the level of compliance achieved by indicating where guidelines have been Disapplied, where violations are present and where deviations have been introduced. • The Guidelines: A generic term denoting one of the documents within the MISRA Guidelines that is used to enforce a language subset. • MISRA category: A classification (Mandatory, Required or Advisory) applied to every guideline within The Guidelines that establishes the conditions under which a violation may or may not be permitted. • MISRA Guidelines: A collective name for all editions of MISRA C and MISRA C++ • Native code: Code that has been developed within the scope of the current project which has been developed so as to comply with The Guidelines applied to the project. • Revised category: The classification (Mandatory, Required, Advisory or Disapplied) applied to every guideline within the guideline re-categorization plan as a result of guideline re-categorization. • Rule: A guideline having a complete, unambiguous specification. • The Standard: A generic term denoting the ISO language standard referenced by a MISRA coding guideline document. • Supplier: Organization or person that enters into an agreement with the acquirer for the supply of a product or service. • Violation: Code which does not conform to the restrictions specified by a guideline.
MISRA compliant 2020 2. The software development process(The context) 2.1 The development contract( =) 2.2 Framework(the software development process) 2.3 Training 2.4 Style guide 2.5 Metrics 2.6 Tool management 2.6.1 Selecting the compiler 2.6.2 Selecting static analysis tools 2.6.3 Tool validation 2.6.4 Understanding and configuring the compiler 2.6.5 Understanding and configuring the static analysis tool 2.6.6 Run-time behavioun 8 References(Add 4 document and specify latest version) Appendix A Process and tools checklist Appendix D Glossary( add Misra guideline, rule)
• 2.3 Training(2020) – The use of the chosen programming language for embedded applications; – The use of the chosen programming language for high-integrity, safety-related or security-related systems. – compilers and static analysis tools • 2.4 Style guide(2020) – Code layout and use of indenting; – Layout of braces “{ }” and block structures; – Naming conventions; – Use of comments; – Inclusion of company name, copyright notice and other standard file header information – [14] C Style: Standards and Guidelines, • 2.5Metrics(2020) – [15]Fenton N.E. and Bieman J., Software Metrics: A Rigorous and Practical Approach, 3rd Edition, ISBN 978-1-439838-22-8, CRC Press, 2014. – [16]MISRA Report 5, Software Metrics, Motor Industry Research Association, Nuneaton, February 1995. – [17]MISRA Report 6, Verification and Validation, Motor Industry Research Association, Nuneaton, February 1995.
• 2.6 Tool management – 2.6.1Selecting the compiler • Checking that the compiler developer follows a suitable software development process; • Reading reviews of the compiler and user experience reports; • Reviewing the size of the user base and types of applications developed using the compiler; • Performing and documenting independent validation testing, e.g. by using a conformance test suite or by compiling existing applications. – 2.6.2 Selecting static analysis tools • Detect all violations of The Guidelines; • Produce no “false positives”, i.e. would only report genuine violations and would not report non-violations or possible violations.
• 2.6.3 Tool validation – Recording faults reported by the users; – Notifying existing users of known faults; – Correcting faults in future releases. – Perform some form of documented validation testing; – Assess the software development process of the tool supplier; – Review the performance of the tool to date.
• 2.6.4Understanding and configuring the compiler – The conformance of the compiler against applicable standards; – The availability of language extensions; – The availability of conditional language features; – The resources, especially processing time and memory space, required by the program; – The likelihood that a defect in the compiler will be exposed, such as might occur when complex highly- optimizing code transformations are performed.
• 2.6.5Understanding and configuring the static analysis tool – Which version(s) of the language are supported; – How to configure the analyser to match the compiler’s implementation-defined behaviour, e.g. sizes of the integer types; – Which of The Guidelines the analyser is capable of checking (Section 3.3); – Whether it is possible to configure the analyser to handle any language extensions that will be used; – Whether it is possible to adjust the analyser’s behaviour in order to achieve a different balance between analysis time and analysis precision. • 2.6.6 Run-time behaviour – The execution environment provides sufficient resources, especially processing time and stack space, for the program; – Run-time errors, such as arithmetic overflow, are absent from areas of the program: for example by virtue of code that checks the ranges of inputs to a calculation.

Recommended

Unit 3 requirements engineering processes merged
Unit 3 requirements engineering processes mergedUnit 3 requirements engineering processes merged
Unit 3 requirements engineering processes merged
anuragmbst
 
Comparing Software Quality Assurance Techniques And Activities
Comparing Software Quality Assurance Techniques And ActivitiesComparing Software Quality Assurance Techniques And Activities
Comparing Software Quality Assurance Techniques And Activities
Lemia Algmri
 
Software engineering 15 software quality assurance practices
Software engineering 15 software quality assurance practicesSoftware engineering 15 software quality assurance practices
Software engineering 15 software quality assurance practices
Vaibhav Khanna
 
Unit 8
Unit 8Unit 8
Unit 8
anuragmbst
 
Qa
QaQa
Qa
Tanzeem Syed
 
Chapter 8 software quality assurance and configuration audit
Chapter 8 software quality assurance and configuration auditChapter 8 software quality assurance and configuration audit
Chapter 8 software quality assurance and configuration audit
Cliftone Mullah
 
Software quality assurance and cyber security
Software quality assurance and cyber securitySoftware quality assurance and cyber security
Software quality assurance and cyber security
Nascenia IT
 
Sqa
SqaSqa
Sqa
Rapunzall
 

Recommended

Unit 3 requirements engineering processes merged
Unit 3 requirements engineering processes mergedUnit 3 requirements engineering processes merged
Unit 3 requirements engineering processes merged
anuragmbst
 
Comparing Software Quality Assurance Techniques And Activities
Comparing Software Quality Assurance Techniques And ActivitiesComparing Software Quality Assurance Techniques And Activities
Comparing Software Quality Assurance Techniques And Activities
Lemia Algmri
 
Software engineering 15 software quality assurance practices
Software engineering 15 software quality assurance practicesSoftware engineering 15 software quality assurance practices
Software engineering 15 software quality assurance practices
Vaibhav Khanna
 
Unit 8
Unit 8Unit 8
Unit 8
anuragmbst
 
Qa
QaQa
Qa
Tanzeem Syed
 
Chapter 8 software quality assurance and configuration audit
Chapter 8 software quality assurance and configuration auditChapter 8 software quality assurance and configuration audit
Chapter 8 software quality assurance and configuration audit
Cliftone Mullah
 
Software quality assurance and cyber security
Software quality assurance and cyber securitySoftware quality assurance and cyber security
Software quality assurance and cyber security
Nascenia IT
 
Sqa
SqaSqa
Sqa
Rapunzall
 
Components of the sqa system
Components of the sqa system Components of the sqa system
Components of the sqa system
Hamza Malik
 
SQA Components
SQA ComponentsSQA Components
SQA Components
Luthfia Ulinnuha
 
Software Engineering
Software EngineeringSoftware Engineering
Software Engineering
UMA PARAMESWARI
 
Software Testing and Quality Assurance Assignment 3
Software Testing and Quality Assurance Assignment 3Software Testing and Quality Assurance Assignment 3
Software Testing and Quality Assurance Assignment 3
Gurpreet singh
 
Lect2 quality factor
Lect2 quality factorLect2 quality factor
Lect2 quality factor
babak sh
 
MDG Agile for Medical Device Software
MDG Agile for Medical Device SoftwareMDG Agile for Medical Device Software
MDG Agile for Medical Device Software
Mike Attili
 
Towards a Metamodel for a Requirements Engineering Process of Embedded Systems
Towards a Metamodel for a Requirements Engineering Process of Embedded SystemsTowards a Metamodel for a Requirements Engineering Process of Embedded Systems
Towards a Metamodel for a Requirements Engineering Process of Embedded Systems
Tarcísio Couto
 
Unit 2 unit testing
Unit 2 unit testingUnit 2 unit testing
Unit 2 unit testing
ravikhimani1984
 
Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective
Engineering Software Lab
 
01 software test engineering (manual testing)
01 software test engineering (manual testing)01 software test engineering (manual testing)
01 software test engineering (manual testing)
Siddireddy Balu
 
Role of BA in Testing
Role of BA in TestingRole of BA in Testing
Role of BA in Testing
Veneet-BA
 
07 Outsource To India Independent Testing
07 Outsource To India Independent Testing07 Outsource To India Independent Testing
07 Outsource To India Independent Testing
outsourceToIndia
 
Testing documents
Testing documentsTesting documents
Testing documents
suhasreddy1
 
Software Testing
Software TestingSoftware Testing
Software Testing
Krishna Sujeer
 
Manual testing
Manual testingManual testing
Manual testing
Krishna Gurjar
 
Death by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development ChallengesDeath by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development Challenges
Aligned AG
 
Mt s10 stlc&test_plan
Mt s10 stlc&test_planMt s10 stlc&test_plan
Mt s10 stlc&test_plan
TestingGeeks
 
Innovations and adaptations in agile testing
Innovations and adaptations in agile testingInnovations and adaptations in agile testing
Innovations and adaptations in agile testing
Subrahmaniam S.R.V
 
Lisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_ResumeLisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_Resume
Lisa DiFazio
 
Software testing q as collection by ravi
Software testing q as collection by raviSoftware testing q as collection by ravi
Software testing q as collection by ravi
Ravindranath Tagore
 
Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
saurabhshertukde
 
Sdlc model
Sdlc modelSdlc model
Sdlc model
Dhilsath Fathima
 

More Related Content

What's hot

Software Testing and Quality Assurance Assignment 3
Software Testing and Quality Assurance Assignment 3Software Testing and Quality Assurance Assignment 3
Software Testing and Quality Assurance Assignment 3
Gurpreet singh
 
MDG Agile for Medical Device Software
MDG Agile for Medical Device SoftwareMDG Agile for Medical Device Software
MDG Agile for Medical Device Software
Mike Attili
 
Towards a Metamodel for a Requirements Engineering Process of Embedded Systems
Towards a Metamodel for a Requirements Engineering Process of Embedded SystemsTowards a Metamodel for a Requirements Engineering Process of Embedded Systems
Towards a Metamodel for a Requirements Engineering Process of Embedded Systems
Tarcísio Couto
 
Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective
Engineering Software Lab
 
01 software test engineering (manual testing)
01 software test engineering (manual testing)01 software test engineering (manual testing)
01 software test engineering (manual testing)
Siddireddy Balu
 
Role of BA in Testing
Role of BA in TestingRole of BA in Testing
Role of BA in Testing
Veneet-BA
 
Testing documents
Testing documentsTesting documents
Testing documents
suhasreddy1
 
Mt s10 stlc&test_plan
Mt s10 stlc&test_planMt s10 stlc&test_plan
Mt s10 stlc&test_plan
TestingGeeks
 
Lisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_ResumeLisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_Resume
Lisa DiFazio
 
Software testing q as collection by ravi
Software testing q as collection by raviSoftware testing q as collection by ravi
Software testing q as collection by ravi
Ravindranath Tagore
 

What's hot (20)

Components of the sqa system
Components of the sqa system Components of the sqa system
Components of the sqa system
 
SQA Components
SQA ComponentsSQA Components
SQA Components
 
Software Engineering
Software EngineeringSoftware Engineering
Software Engineering
 
Software Testing and Quality Assurance Assignment 3
Software Testing and Quality Assurance Assignment 3Software Testing and Quality Assurance Assignment 3
Software Testing and Quality Assurance Assignment 3
 
Lect2 quality factor
Lect2 quality factorLect2 quality factor
Lect2 quality factor
 
MDG Agile for Medical Device Software
MDG Agile for Medical Device SoftwareMDG Agile for Medical Device Software
MDG Agile for Medical Device Software
 
Towards a Metamodel for a Requirements Engineering Process of Embedded Systems
Towards a Metamodel for a Requirements Engineering Process of Embedded SystemsTowards a Metamodel for a Requirements Engineering Process of Embedded Systems
Towards a Metamodel for a Requirements Engineering Process of Embedded Systems
 
Unit 2 unit testing
Unit 2 unit testingUnit 2 unit testing
Unit 2 unit testing
 
Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective
 
01 software test engineering (manual testing)
01 software test engineering (manual testing)01 software test engineering (manual testing)
01 software test engineering (manual testing)
 
Role of BA in Testing
Role of BA in TestingRole of BA in Testing
Role of BA in Testing
 
07 Outsource To India Independent Testing
07 Outsource To India Independent Testing07 Outsource To India Independent Testing
07 Outsource To India Independent Testing
 
Testing documents
Testing documentsTesting documents
Testing documents
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Manual testing
Manual testingManual testing
Manual testing
 
Death by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development ChallengesDeath by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development Challenges
 
Mt s10 stlc&test_plan
Mt s10 stlc&test_planMt s10 stlc&test_plan
Mt s10 stlc&test_plan
 
Innovations and adaptations in agile testing
Innovations and adaptations in agile testingInnovations and adaptations in agile testing
Innovations and adaptations in agile testing
 
Lisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_ResumeLisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_Resume
 
Software testing q as collection by ravi
Software testing q as collection by raviSoftware testing q as collection by ravi
Software testing q as collection by ravi
 

Similar to Misracompliant20162020

Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
saurabhshertukde
 
Software Engineering Methodologies
Software Engineering MethodologiesSoftware Engineering Methodologies
Software Engineering Methodologies
Nesrine Shokry
 
2nd MODULE Software Requirements _ SW ENGG 22CSE141.pdf
2nd MODULE Software Requirements _ SW ENGG 22CSE141.pdf2nd MODULE Software Requirements _ SW ENGG 22CSE141.pdf
2nd MODULE Software Requirements _ SW ENGG 22CSE141.pdf
Jayanthi Kannan MK
 
_VoicePPT_QA_Testing_Training_4_Days_Schedule.ppt
_VoicePPT_QA_Testing_Training_4_Days_Schedule.ppt_VoicePPT_QA_Testing_Training_4_Days_Schedule.ppt
_VoicePPT_QA_Testing_Training_4_Days_Schedule.ppt
AnilKumarARS
 
vu-re-lecture-03 requirement engineering.ppt
vu-re-lecture-03 requirement engineering.pptvu-re-lecture-03 requirement engineering.ppt
vu-re-lecture-03 requirement engineering.ppt
ubaidullah75790
 
Software Requirements
Software Requirements Software Requirements
Software Requirements
Zaman Khan
 

Similar to Misracompliant20162020 (20)

Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
 
Sdlc model
Sdlc modelSdlc model
Sdlc model
 
Software Engineering Methodologies
Software Engineering MethodologiesSoftware Engineering Methodologies
Software Engineering Methodologies
 
Software Requirements
Software RequirementsSoftware Requirements
Software Requirements
 
2nd MODULE Software Requirements _ SW ENGG 22CSE141.pdf
2nd MODULE Software Requirements _ SW ENGG 22CSE141.pdf2nd MODULE Software Requirements _ SW ENGG 22CSE141.pdf
2nd MODULE Software Requirements _ SW ENGG 22CSE141.pdf
 
Software quality assurance
Software quality assuranceSoftware quality assurance
Software quality assurance
 
Softwarequalityassurance with Abu ul hassan Sahadvi
Softwarequalityassurance with Abu ul hassan SahadviSoftwarequalityassurance with Abu ul hassan Sahadvi
Softwarequalityassurance with Abu ul hassan Sahadvi
 
_VoicePPT_QA_Testing_Training_4_Days_Schedule.ppt
_VoicePPT_QA_Testing_Training_4_Days_Schedule.ppt_VoicePPT_QA_Testing_Training_4_Days_Schedule.ppt
_VoicePPT_QA_Testing_Training_4_Days_Schedule.ppt
 
vu-re-lecture-03 requirement engineering.ppt
vu-re-lecture-03 requirement engineering.pptvu-re-lecture-03 requirement engineering.ppt
vu-re-lecture-03 requirement engineering.ppt
 
Software Engineering- Requirement Elicitation and Specification
Software Engineering- Requirement Elicitation and SpecificationSoftware Engineering- Requirement Elicitation and Specification
Software Engineering- Requirement Elicitation and Specification
 
Software devlopment security
Software devlopment securitySoftware devlopment security
Software devlopment security
 
UNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptx
UNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptxUNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptx
UNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptx
 
Testing Throughout the Software Life Cycle (2013)
Testing Throughout the Software Life Cycle (2013)Testing Throughout the Software Life Cycle (2013)
Testing Throughout the Software Life Cycle (2013)
 
Introduction to Software engineering ch03
Introduction to Software engineering ch03Introduction to Software engineering ch03
Introduction to Software engineering ch03
 
Software Requirements
Software Requirements Software Requirements
Software Requirements
 
Unit_5 and Unit 6.pptx
Unit_5 and Unit 6.pptxUnit_5 and Unit 6.pptx
Unit_5 and Unit 6.pptx
 
Software Development
Software DevelopmentSoftware Development
Software Development
 
Sdlc phases
Sdlc phasesSdlc phases
Sdlc phases
 
Sdlc phases
Sdlc phasesSdlc phases
Sdlc phases
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 

More from Kiyoshi Ogawa

More from Kiyoshi Ogawa (20)

High Quality Design with Hcd and hazop
High Quality Design with Hcd and hazopHigh Quality Design with Hcd and hazop
High Quality Design with Hcd and hazop
 
Deep learningwithgithubanddocker
Deep learningwithgithubanddockerDeep learningwithgithubanddocker
Deep learningwithgithubanddocker
 
Deep learningwithgithubanddocker
Deep learningwithgithubanddockerDeep learningwithgithubanddocker
Deep learningwithgithubanddocker
 
Nagoya2018
Nagoya2018Nagoya2018
Nagoya2018
 
Hazop tokyo201809
Hazop tokyo201809Hazop tokyo201809
Hazop tokyo201809
 
Who like C++ coding standard
Who like C++ coding standardWho like C++ coding standard
Who like C++ coding standard
 
Who enjoy a coding standard? ver. 0.30
Who enjoy a coding standard? ver. 0.30Who enjoy a coding standard? ver. 0.30
Who enjoy a coding standard? ver. 0.30
 
Who enjoy a coding standard? ver. 0.20
Who enjoy a coding standard? ver. 0.20Who enjoy a coding standard? ver. 0.20
Who enjoy a coding standard? ver. 0.20
 
Who enjoy a coding standard?
Who enjoy a coding standard?Who enjoy a coding standard?
Who enjoy a coding standard?
 
機械と標準
機械と標準機械と標準
機械と標準
 
TOPPERS as an IoT OS(kernel)
TOPPERS as an IoT OS(kernel)TOPPERS as an IoT OS(kernel)
TOPPERS as an IoT OS(kernel)
 
How can we resolve problems.
How can we resolve problems.How can we resolve problems.
How can we resolve problems.
 
Datamining Introduction using R with Raspbian on Raspberry Pi 3B.
Datamining Introduction using R with Raspbian on Raspberry Pi 3B.Datamining Introduction using R with Raspbian on Raspberry Pi 3B.
Datamining Introduction using R with Raspbian on Raspberry Pi 3B.
 
Hazop Safety and Security at Fukui 2017(2/2)
Hazop Safety and Security at Fukui 2017(2/2)Hazop Safety and Security at Fukui 2017(2/2)
Hazop Safety and Security at Fukui 2017(2/2)
 
Hazop Safety and Security at Fukui 2017(1/2)
Hazop Safety and Security at Fukui 2017(1/2)Hazop Safety and Security at Fukui 2017(1/2)
Hazop Safety and Security at Fukui 2017(1/2)
 
Hazop and triz by/of/for the children(3/3)
Hazop and triz by/of/for the children(3/3)Hazop and triz by/of/for the children(3/3)
Hazop and triz by/of/for the children(3/3)
 
Hazop and triz by/of/for the children(2/3)
Hazop and triz by/of/for the children(2/3)Hazop and triz by/of/for the children(2/3)
Hazop and triz by/of/for the children(2/3)
 
Hazop and triz by/of/for the children(1/3)
Hazop and triz by/of/for the children(1/3)Hazop and triz by/of/for the children(1/3)
Hazop and triz by/of/for the children(1/3)
 
Raspberrypitraining20171027
Raspberrypitraining20171027Raspberrypitraining20171027
Raspberrypitraining20171027
 
STAMP/STPA and UML/HAZOP on the IoT and AI/Deep Learning
STAMP/STPA and UML/HAZOP on the IoT and AI/Deep Learning STAMP/STPA and UML/HAZOP on the IoT and AI/Deep Learning
STAMP/STPA and UML/HAZOP on the IoT and AI/Deep Learning
 

Recently uploaded

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Recently uploaded (20)

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 

Misracompliant20162020

  • 2. 1. Introduction • Use of a disciplined software development process; • Exactly which guidelines are being applied; • The effectiveness of the enforcement methods; • The extent of any deviations from the guidelines; • The status of any software components developed outside of the project.
  • 3. 2. Content • 2.1The development contract • 2.2 The software development process – 1.The software requirements, including any safety or security requirements, are complete, unambiguous and correct; – 2.The design specifications reaching the coding phase are correct, consistent with the requirements and do not contain any other functionality; – 3.The object modules produced by the compiler behave as specified in the corresponding designs; – 4.The object modules have been tested, individually and together, to identify and eliminate errors
  • 4. 3. Fundamental elements of compliance • 3.1Guideline classification – Rule – Directive • 3.2 Analysis scope – Single Translation Unit “Every switch statement shall have a default value”, – System • “An identifier with external linkage shall have exactly one external definition”
  • 5. • 3.3 The guideline enforcement plan(GEP) – Compilers – Tools – Manual review • 3.4 Investigating messages – 1.Correct diagnosis of a violation – 2.Diagnosis of a possible violation – 3.False diagnosis of a violation – 4.Diagnosis of a genuine issue that is not a violation
  • 6. • 3.5 Decidability – Decidable – Undecidable • Complying with undecidable rules
  • 7. 4 Deviations • 4.1 The role of deviations • 4.2 Deviation records – 1. The guideline(s) being violated; – 2. A concise description of the circumstances in which a violation is acceptable; – 3. The reason why the deviation is required (see Section 4.4); – 4. Background information to explain the context and the language issues; – 5. A set of requirements to include any risk assessment procedures and precautions which must be observed.
  • 8. • 4.3Deviation permits – Focus greater control over the generation of any new deviations; – Reduce disruption during the development process; – Reduce the effort associated with creating and reviewing deviations. – Category • Public deviation permits, published by MISRA; • Acquirer deviation permits, produced by an acquirer; • Supplier deviation permits, produced by a supplier.
  • 9. • 4.4 Justifying a deviation – Simply to satisfy the convenience of the developer; – When a reasonable alternative coding strategy would make the need for a violation unnecessary; – Without considering the wider consequences of a particular violation on other guidelines; – Without the support of a suitable process; – Without the consent of a designated technical authority.
  • 10. • Reason 1: Code quality – Functional suitability: Functional completeness, Functional correctness, Functional appropriateness – Performance efficiency: • Time behaviour, • Resource utilization, Capacity – Compatibility: Co-existence, Interoperability – Usability : Appropriateness recognizability, Learnability, Operability, User error protection,User interface aesthetics, Accessibility – Reliability: Maturity, Availability, Fault tolerance, Recoverability – Security: Confidentiality, Integrity, Non-repudiation, Accountability, Authenticity – Maintainability: Modularity, Reusability, Analysability, Modifiability, Testability – Portability: Adaptability, Installability, Replaceability
  • 11. • Reason 2: Access to hardware – implementation-defined behaviour – encapsulated and isolated • Reason 3: Adopted code integration • Reason 4: Non-compliant adopted code – different version of The Guidelines.
  • 12. 5 guideline re-categorization plan(GRP) • Mandatory Guidelines — Guidelines for which violation is never permitted; • Required Guidelines — Guidelines which can only be violated when supported by a deviation defining a set of clear restrictions, requirements and precautions; • Advisory Guidelines — Recommendations to be followed as far as is reasonably practical. Violations are identified but are not required to be supported by a deviation.
  • 13. 6 Adopted Code • 6.1 The nature of adopted code – The Standard Library — The library code and header files specified by The Language Standard and provided with the compiler; – Device driver files — Code either included with the compiler or supplied by a semiconductor manufacturer providing an interface to device peripherals; – Middleware — Operating systems, protocol stacks, development tools, etc.; – Third Party Libraries — Mathematical operation libraries, graphical libraries, etc.; – Automatically generated code — Code generated by modelling tools, UML tools, etc.; – Legacy code — Code developed for other projects or previous versions of the current project.
  • 14. • 6.2 System wide analysis scope • 6.3 Adopted binary code – Agree upon a common procedure and tools that each will apply to their own source code; – Supply each other with stub versions of source code to permit cross-organizational checks to be made. • 6.4 Adopted source code – Required or Advisory guidelines re-categorized as Mandatory are violated; – Advisory guidelines re-categorized as Required are violated and the use case is not covered by a deviation. – GRP • 1. Guidelines which must never be violated; • 2.Guidelines which must not be violated without a formal deviation.
  • 15. • 6.5 Adopted header files – Expansion violates MISRA C:2012 Rule 11.9 • 6.6 The Standard Library – 1. Casting pointers to object types into pointers to other object types; – 2. Pointer arithmetic; – 3. Embedding assembly language statements in C.
  • 16. 7 Claiming MISRA compliance • 7.1 Staff competence • 7.2 The management process • 7.3 The guideline compliance summary – 1. Compliant — There are no violations of the guideline within the project; – 2. Deviations — There are violations of the guideline within the project which are all supported by deviations; – 3. Violations — There are violations of the guideline within the project which are not supported by deviations; – 4. Disapplied — No checks have been made for compliance with the guideline.
  • 17. • 7.4 Project delivery – 1 .The guideline enforcement plan and, if requested by the acquirer: • 1.1The documentation listed in Section 3.3, demonstrating how compliance has been enforced; • 1.2Documentary evidence proving which tool checks have been performed; • 1.3Documentary evidence of any violations identified. – 2.The guideline compliance summary, declaring the level of compliance which is being claimed; – 3.Details of all approved deviation permits (if used); • 4.Deviation records covering all violations of guidelines re-categorized as Required;
  • 18. 8 References [1]MISRA C, Guidelines for the use of the C language in critical systems, HORIBA MIRA Limited. [2]MISRA C++, Guidelines for the use of the C++ language in critical systems, HORIBA MIRA Limited. [3]ISO/IEC 9899, Programming languages - C, International Organization for Standardization. [4]ISO/IEC 14882, Programming languages - C++, International Organization for Standardization. [5]ISO/IEC/IEEE 12207, Systems and software engineering - Software life cycle processes, International Organization for Standardization. [6]IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems, International Electrotechnical Commission. [7]ISO 26262, Road vehicles - Functional safety, International Organization for Standardization. [9]EN 50128, Railway applications Communications, signalling and processing systems - Software for railway control and protection, European Committee for Electrotechnical Standardization. [10]IEC 62304, Medical device software - Software life cycle processes, International Electrotechnical Commission. [8]DO-178/ED-12, Software Considerations in Airborne Systems and Equipment Certification, RTCA/EUTOCAE, 2011 [11]ISO/IEC/IEEE 25010, Systems and software Quality Requirements and Evaluation (SQuaRE) - System and software quality models, International Organization for Standardization.
  • 19. Appendix A. Example deviation record
  • 20. Appendix B. Example deviation permit Rule
  • 21. Appendix C. Glossary(italics are 2020only) • Acquirer: Organization or person that enters into an agreement to acquire or procure a product or service from a supplier. • Adopted code: Code that has been developed outside the scope of the current project which may or may not have been developed so as to comply with The Guidelines applied to the project. • Deviation: A violation which has been formally accepted and approved. • Deviation permit: The specification of a use case and a set of requirements which may be applied to justify a deviation. • Deviation record: The documentation used to justify the presence of a violation. • Directive: A guideline lacking a complete, unambiguous specification. • Guideline: A directive or rule that defines a language restriction used to implement part of The Guidelines. • Guideline enforcement plan (GEP): A record of the methods used to provide enforcement of each guideline. • Guideline re-categorization plan (GRP): A policy agreed between the acquirer and the supplier whereby the MISRA category assigned to each guideline within The Guidelines is reviewed and in some cases superseded by a more stringent category.
  • 22. • Guideline compliance summary (GCS):A record of the level of compliance achieved by indicating where guidelines have been Disapplied, where violations are present and where deviations have been introduced. • The Guidelines: A generic term denoting one of the documents within the MISRA Guidelines that is used to enforce a language subset. • MISRA category: A classification (Mandatory, Required or Advisory) applied to every guideline within The Guidelines that establishes the conditions under which a violation may or may not be permitted. • MISRA Guidelines: A collective name for all editions of MISRA C and MISRA C++ • Native code: Code that has been developed within the scope of the current project which has been developed so as to comply with The Guidelines applied to the project. • Revised category: The classification (Mandatory, Required, Advisory or Disapplied) applied to every guideline within the guideline re-categorization plan as a result of guideline re-categorization. • Rule: A guideline having a complete, unambiguous specification. • The Standard: A generic term denoting the ISO language standard referenced by a MISRA coding guideline document. • Supplier: Organization or person that enters into an agreement with the acquirer for the supply of a product or service. • Violation: Code which does not conform to the restrictions specified by a guideline.
  • 23. MISRA compliant 2020 2. The software development process(The context) 2.1 The development contract( =) 2.2 Framework(the software development process) 2.3 Training 2.4 Style guide 2.5 Metrics 2.6 Tool management 2.6.1 Selecting the compiler 2.6.2 Selecting static analysis tools 2.6.3 Tool validation 2.6.4 Understanding and configuring the compiler 2.6.5 Understanding and configuring the static analysis tool 2.6.6 Run-time behavioun 8 References(Add 4 document and specify latest version) Appendix A Process and tools checklist Appendix D Glossary( add Misra guideline, rule)
  • 24. • 2.3 Training(2020) – The use of the chosen programming language for embedded applications; – The use of the chosen programming language for high-integrity, safety-related or security-related systems. – compilers and static analysis tools • 2.4 Style guide(2020) – Code layout and use of indenting; – Layout of braces “{ }” and block structures; – Naming conventions; – Use of comments; – Inclusion of company name, copyright notice and other standard file header information – [14] C Style: Standards and Guidelines, • 2.5Metrics(2020) – [15]Fenton N.E. and Bieman J., Software Metrics: A Rigorous and Practical Approach, 3rd Edition, ISBN 978-1-439838-22-8, CRC Press, 2014. – [16]MISRA Report 5, Software Metrics, Motor Industry Research Association, Nuneaton, February 1995. – [17]MISRA Report 6, Verification and Validation, Motor Industry Research Association, Nuneaton, February 1995.
  • 25. • 2.6 Tool management – 2.6.1Selecting the compiler • Checking that the compiler developer follows a suitable software development process; • Reading reviews of the compiler and user experience reports; • Reviewing the size of the user base and types of applications developed using the compiler; • Performing and documenting independent validation testing, e.g. by using a conformance test suite or by compiling existing applications. – 2.6.2 Selecting static analysis tools • Detect all violations of The Guidelines; • Produce no “false positives”, i.e. would only report genuine violations and would not report non-violations or possible violations.
  • 26. • 2.6.3 Tool validation – Recording faults reported by the users; – Notifying existing users of known faults; – Correcting faults in future releases. – Perform some form of documented validation testing; – Assess the software development process of the tool supplier; – Review the performance of the tool to date.
  • 27. • 2.6.4Understanding and configuring the compiler – The conformance of the compiler against applicable standards; – The availability of language extensions; – The availability of conditional language features; – The resources, especially processing time and memory space, required by the program; – The likelihood that a defect in the compiler will be exposed, such as might occur when complex highly- optimizing code transformations are performed.
  • 28. • 2.6.5Understanding and configuring the static analysis tool – Which version(s) of the language are supported; – How to configure the analyser to match the compiler’s implementation-defined behaviour, e.g. sizes of the integer types; – Which of The Guidelines the analyser is capable of checking (Section 3.3); – Whether it is possible to configure the analyser to handle any language extensions that will be used; – Whether it is possible to adjust the analyser’s behaviour in order to achieve a different balance between analysis time and analysis precision. • 2.6.6 Run-time behaviour – The execution environment provides sufficient resources, especially processing time and stack space, for the program; – Run-time errors, such as arithmetic overflow, are absent from areas of the program: for example by virtue of code that checks the ranges of inputs to a calculation.