Embedded Toolbox: Use Ada and Let the Compiler Do the Static Analysis

June 23, 2020 Brandon Lewis

Buffer overflows. Divide-by-zeros. Dead code. Software engineers are all too familiar with these bugs. But in today's world of tight release schedules, do you really need to achieve 100 percent code coverage if you're not developing, say, an airplane? Aren't most of these trivial memory issues, well, trivial?

As it turns out, the Heartbleed vulnerability revealed in 2014 was the result of a bug in the OpenSSL crypto library whereby processes read from out-of-bounds memory that contained sensitive data on approximately 17 percent of the Internet's secure web servers. And, there are countless examples like Heartbleed in industries ranging consumer electronics to automotive systems where simple vulnerabilities compromised system safety and/or security.

Debugging all of the aforementioned "trivial" memory issues and achieving anything close to 100 percent code coverage is still a daunting and time consuming task. Indeed, it can be an excruciating endeavor, especially in later stages of development where finding a small vulnerability can mean dozens of hours of re-engineering.

In this episode of Embedded Toolbox, Rob Tice, CodePeer Product Manager at AdaCore, explains how  – as opposed to C and C++-based development – the Ada programming language abstracts most direct interaction with memory into the compilation process. In other words, responsibility for memory checking can be transitioned from human developers and onto compilers that perform the checks automatically, made possible by the fact that array boundaries, for instance, are stored in an object type.

To demonstrate, Rob analyzes code from a Sumo Robot he built that contains some complex navigation algorithms. By leveraging the AdaCore CodePeer static analysis tool, he shows us how quickly "trivial" issues like divide-by-zeros, dead code, and buffer overflows can be identified and remedied.

Get ready to save yourself a ton of debugging time.

To get started with the Ada programming language, visit learn.adacore.com.

For code and tutorials from Rob's SPARKZumo sumo robot project, visit https://blog.adacore.com/sparkzumo-part-1-ada-and-spark-on-any-platform.

To learn how to build the SPARKZumo project with Arduino and GNAT Programming Studio, visit https://blog.adacore.com/sparkzumo-part-2-integrating-the-arduino-build-environment-into-gps.

For more information on AdaCore's CodePeer static analysis tool, visit https://www.adacore.com/codepeer.

About the Author

Brandon Lewis

Brandon Lewis, Editor-in-Chief of Embedded Computing Design, is responsible for guiding the property's content strategy, editorial direction, and engineering community engagement, which includes IoT Design, Automotive Embedded Systems, the Power Page, Industrial AI & Machine Learning, and other publications. As an experienced technical journalist, editor, and reporter with an aptitude for identifying key technologies, products, and market trends in the embedded technology sector, he enjoys covering topics that range from development kits and tools to cyber security and technology business models. Brandon received a BA in English Literature from Arizona State University, where he graduated cum laude. He can be reached by email at brandon.lewis@opensysmedia.com.

Follow on Twitter Follow on Linkedin Visit Website More Content by Brandon Lewis
Previous Article
TCG Releases iTPM 2.0 Library Specification Revision 1.59
TCG Releases iTPM 2.0 Library Specification Revision 1.59

The Trusted Computing group (TCG) released its TPM 2.0 Library specification Revision 1.59.

Next Article
Long Term Security and Safety Management Ensured with CDS TAURI Tablets
Long Term Security and Safety Management Ensured with CDS TAURI Tablets

Crystal Display Systems are helping to ensure security and safety as the world attempts to resume back to n...