Manual code inspection could lead to fatal consequences

1270
 

There are also some static analysis tools that offer developers immediate feedback on the code they have written, allowing them to address issues before committing changes to the organisation’s repository of code. These tools can also be used to provide a measure of overall project quality when used in conjunction with a software quality management system.

Q. How fast can these static tools detect errors?
A. There was an interesting case study of one of our prospects working in industrial automation space and developing control instrumentation products. They were not using any static analysis tool and were mainly relying on manual code inspection. They gave a beta release of their product to one of their existing customers for testing. There was a serious bug in the code, which they were unable to find for almost six months. We were called on-site, and within 30 minutes we were able to set up and configure the tool for their environment and identify the defect.

Q. What are the guidelines set by IEC61508 standard?
A. The IEC 61508 standard includes guidance that helps developers mitigate risks or systematic failures and random hardware failures through provision of appropriate requirements and processes. With an extensive hazard analysis of not only the resulting software but also the processes used during the development cycle, these risks should be addressed.

Additional challenges include peer reviews at each decision phase and documenting bidirectional traceability of requirements through design and testing to release. On the software part, the international standard IEC 61508 mandates use of better development processes, including use of coding standards to encourage further improvements in software quality.

Q. Are there any kinds of certifications for your products?
A. TÜV SÜD has certified QA·C & QA·C++ as “fit for purpose” for safety-related development under ISO 26262 and IEC 61508, enabling our customers to achieve product certifications to these standards more easily and in less time.

Q. What languages other than ‘C’ and ‘C++’ are emerging for code development?
A. ‘C’ is the most widely used language, followed by ‘C++.’ ‘C++’ is actually growing in the embedded market and also in the aviation industry. We are also looking at ‘C#’ as some of our clients are using it.

Q. What kind of coding standards do your products enforce?
A. Historically several industries have created specific coding standards that are adopted by manufacturers throughout the supply chain. Some of the key standards that we support are:

  • MISRA-C
  • MISRA-C++
  • JSF AV C++
  • High Integrity C++ (HICPP)
  • In-House / Internal Coding Standards

Q. Could you throw some light on Structure 101?
A. Structure 101 provides a visual display of rolled-up dependencies across complex projects, partitioning of code bases according to your own view of structure, focus on intensely tangled code portions, and the ability to set architectural rules and constraints and trigger warnings for any breaches. Structure101 for QA·C & QA·C++ offers unmatched power and functionality in managing the most complex code bases.

Q. What is QA·Verify all about?
A. QA·Verify is Quality Management System for industrial-scale software projects and leverages the success of QA·C and QA·C++, extending the functionality of these static analysis tools and also extending the audience beyond the core traditional developers and quality professionals to encourage collaboration amongst key stakeholders, such as development leads, architects, project managers, senior management and even external customers and suppliers.

Some of its key features are – management of project software quality, legacy code handling facilities, sophisticated code compliance structures, more effective code reviews through automated code inspection & rich user-defined measurement system for advanced quality profiling.

Q. What about your market segments?
A. We have multiple markets which are safety critical, mission critical and increasingly commercial critical not only in the automotive industry and we are building quite a reputation in defence and aerospace as well as medical. In India, we deal mainly with service providers apart from defence & space organisations and local OEM’s.

Q. Who are your major clients?
A. In Automotive, our main clients are BMW, Toyota, Delphi, and Autoliv. Defence and Aerospace include SELEX Galileo, Thales, Northrop Grumman, and BAE Systems. Medical devices are getting a lot of traction these days and amongst our clients, we can name Abiomed, Novo Nordisk, and Gambro. Some of the Indian companies include Wipro Ltd., HCL Technologies, iGate, L&T, Tata Elxsi Ltd., Sony, DRDO, VSSC to name few.

Q. Do you provide software training for your products?
A. On-going quality improvement and continued education is a key part of a successful and quality driven development environment. PRQA technical consultants provide a number of training courses and also mentoring options that target both inexperienced and experienced engineers and focus on effective and robust language and product usage. All our training courses are instructor-led and are typically tailored to individual needs.

SHARE YOUR THOUGHTS & COMMENTS

Please enter your comment!
Please enter your name here