Software content has grown rapidly in all manner of safety-critical devices.
Meanwhile, society has become increasingly dependent upon their safe
operation. Unfortunately, our ability to develop safe and reliable
software has not improved at the same rate, resulting in increasing
reliability and safety vulnerabilities.
This increase in software vulnerability poses a serious threat to
human safety and demands new approaches to safe software development. Static analysis
has emerged as a
promising technology for improving the safety of software in safety critical
applications such
as medical devices and systems (See
Sidebar).
Beyond defect prevention, static analysis is also
finding a home in medical forensics labs, aiding scientists who must
locate the cause of failures in recalled medical devices.
Static analysis tools analyze software to find defects that may go
undetected using traditional techniques, such as compilers, human code
reviews, and testing.
A number of limitations, however, have prevented widespread adoption
in safety crtical applications such as medical device software
development. Static analysis tools often
take prohibitively long to execute and are not well integrated into the
software development environment. This article discusses a number of
techniques that address these barriers to adoption.
Metrics are provided to demonstrate how static analysis can be
incorporated as a practical and effective quality tool for everyday
medical device software development. In addition to traditional
analysis, the paper also discusses how static analysis technology can
be extended to enable detection of a new class of defects.
Static source code analyzers attempt to find code sequences that
when executed could result in buffer overflows, resource leaks, or many
other security and reliability problems. Static source
code analyzers are
effective at locating a significant class of flaws that are not
detected by compilers during standard builds and often go undetected
during run-time testing as well.
Earlier Is Better
A number of studies over the years have shown that the cost of
detecting and correcting a software flaw increases dramatically as a
project moves through the development, integration, quality assurance,
and deployment cycle [1], as
depicted in Figure 1 below.
 |
| Figure
1 - Cost of software flaws |
This reality matches common sense: a software developer who finds
his own bug soon after adding it has recent context in which to quickly
understand and fix the problem. As a project enters integration and
test phases, a flaw is often discovered by someone other than the
developer who added it and often much later than the flaw was
introduced.
This, of course, makes it more difficult to trace the flaw back to its
source and for developers to infer the cause and determine the optimal
solution to the problem. Once a product has been deployed, the cost of
a serious flaw is bloated by customer service resource usage, patching
protocols, recalls, litigation, and other potential downstream effects.
From a cost-benefit perspective, static analysis is one of the most
powerful tools in the safety-critical device software developer's arsenal
because it enables defects to be cheaply discovered and fixed well
before even a single line of code is ever executed.
Software Complexity
Many of the problems relating to loss in quality and safety in software
can be attributed to the growth of complexity that cannot be
effectively managed [2]. For
instance, commodity operating system code bases have been increasing at
a staggering rate.
Microsoft Windows grew from six million lines of code in 1993, to 29
million in 2000, and 50 million in 2005. A Debian Linux distribution
increased even more rapidly: from over 55 million lines in 2000 to 104
million in 2002, and 215 million in 2005
[3]. In the medical device field, radiotherapy treatment
planning (RTP) systems have grown increasingly sophisticated, reaching
millions of lines of code [4].
Incidence of security vulnerabilities acts as a bellwether for
tracking the effects of software complexity. According to CERT
statistics, the number of documented vulnerabilities has been
increasing almost exponentially, from approximately 400 in 1999, to
more than 4000 in 2002, and more than 8000 in 2006 [5]. Over the past five years, the
CVE database [6] shows high
severity software vulnerabilities growing at a robust rate (Figure 2 below).
 |
| Figure
2 - High Severity Software Vulnerabilities (CVE) |
Complexity strains traditional reliability techniques, such as code
reviews, and implies a growing necessity for automated static analysis
tools.
