Concurrency Defect Localization in Embedded Systems using Static Code Analysis: An Evaluation

摘要

Defects with low manifestation probability, such as concurrency defects, are difficult to find during testing. When such a defect manifests into an error, the low likelihood can make it time-consuming to reproduce the error and find the root cause. Static Code Analysis (SCA) tools have been used in the industry for decades, mostly for compliance checking towards guidelines such as MISRA. Today, these tools are capable of sophisticated data and execution flow analysis. Our work, presented in this paper, evaluates the feasibility of using SCA tools for concurrency defect detection and localization. Earlier research has categorized concurrency defects. We use this categorization and develop an object-oriented C++ based test suite containing defects from each category. Secondly, we use known and real defects in existing products' source code. With these two approaches, we perform the evaluation, using tools from some of the largest commercial actors in the field. Based on our results, we provide a discussion about how to use static code analysis tools for concurrency defect detection in complex embedded real-time systems.