By David N. Kleidermacherdspdesignline.com (September 16, 2008)
Software content has grown rapidly in all manner of medical devices. Meanwhile, society has become increasingly dependent upon their safe operation. Unfortunately, our ability to develop safe and reliable software has not improved at the same rate, resulting in increasing reliability and safety vulnerabilities.
This increase in software vulnerability poses a serious threat to human safety and demands new approaches to safe software development. Static analysis has emerged as a promising technology for improving the safety of software in safety critical applications such as medical devices and systems (See Sidebar). Beyond defect prevention, static analysis is also finding a home in medical forensics labs, aiding scientists who must locate the cause of failures in recalled medical devices.
Static analysis tools analyze software to find defects that may go undetected using traditional techniques, such as compilers, human code reviews, and testing.
A number of limitations, however, have prevented widespread adoption in safety crtical applications such as medical device software development. Static analysis tools often take prohibitively long to execute and are not well integrated into the software development environment. This article discusses a number of techniques that address these barriers to adoption.
Metrics are provided to demonstrate how static analysis can be incorporated as a practical and effective quality tool for everyday medical device software development. In addition to traditional analysis, the paper also discusses how static analysis technology can be extended to enable detection of a new class of defects.
Static source code analyzers attempt to find code sequences that when executed could result in buffer overflows, resource leaks, or many other security and reliability problems. Static source code analyzers are effective at locating a significant class of flaws that are not detected by compilers during standard builds and often go undetected during run-time testing as well.
Click here to read more ...