Embedded Toolbox: Use Ada and Let the Compiler Do the Static Analysis
June 23, 2020
Buffer overflows. Divide-by-zeros. Dead code. Software engineers are all too familiar with these bugs. But in today's world of tight release schedules, do you really need to achieve 100 percent code coverage if you're not developing, say, an airplane? Aren't most of these trivial memory issues, well, trivial?
As it turns out, the Heartbleed vulnerability revealed in 2014 was the result of a bug in the OpenSSL crypto library whereby processes read from out-of-bounds memory that contained sensitive data on approximately 17 percent of the Internet's secure web servers. And, there are countless examples like Heartbleed in industries ranging consumer electronics to automotive systems where simple vulnerabilities compromised system safety and/or security.
Debugging all of the aforementioned "trivial" memory issues and achieving anything close to 100 percent code coverage is still a daunting and time consuming task. Indeed, it can be an excruciating endeavor, especially in later stages of development where finding a small vulnerability can mean dozens of hours of re-engineering.
In this episode of Embedded Toolbox, Rob Tice, CodePeer Product Manager at AdaCore, explains how – as opposed to C and C++-based development – the Ada programming language abstracts most direct interaction with memory into the compilation process. In other words, responsibility for memory checking can be transitioned from human developers and onto compilers that perform the checks automatically, made possible by the fact that array boundaries, for instance, are stored in an object type.
To demonstrate, Rob analyzes code from a Sumo Robot he built that contains some complex navigation algorithms. By leveraging the AdaCore CodePeer static analysis tool, he shows us how quickly "trivial" issues like divide-by-zeros, dead code, and buffer overflows can be identified and remedied.
Get ready to save yourself a ton of debugging time.
To get started with the Ada programming language, visit learn.adacore.com.
For code and tutorials from Rob's SPARKZumo sumo robot project, visit https://blog.adacore.com/sparkzumo-part-1-ada-and-spark-on-any-platform.
To learn how to build the SPARKZumo project with Arduino and GNAT Programming Studio, visit https://blog.adacore.com/sparkzumo-part-2-integrating-the-arduino-build-environment-into-gps.
For more information on AdaCore's CodePeer static analysis tool, visit https://www.adacore.com/codepeer.