Presentation av examensarbete för högskoleingenjör- och kandidatexamen
| Titel: | Qualification of Tool for Static Code Analysis Processes and Requirements for Approval of Static Code Analysis in the Aviation Industry |
| Respondent: | Sam Florin (TIDAB) och Christopher Gustafson (CINTE) |
| Dag, Datum och Tid: | Fredag 2020-06-05 kl 12.00 |
| Plats: | Webb-möte (online-möte) med uppkoppling via Zoom: se denna länk |
| Opponenter: | (max 3 st), kontakta respondenter för opponering på rapport. |
| Examinator: | Anders Sjögren, handledare Johan Montelius |
| Språk: | Muntligt på svenska (vid behov på engelska, frågor kan ställas på svenska eller engelska). |
| Anmälan: | Anmälan för lyssnarnärvaro behövs ej för besökare. "Aktiva lyssnare" anmäler sig till as@kth.se senast en dag i förväg. |
Abstract
In the aviation industry, the use of software development tools is not as easily adopted as in other industries. Due to the catastrophic consequences of software errors in airborne systems, software development processes has rigorous requirements. One of these requirements is that a specific code standard must be followed. Code standards are used to exclude code constructions which could result in unwanted behaviours. The process of manually ensuring a specific code standard can be costly. This process could be automated by a tool for static code analysis, however, this requires a formal qualification.
This thesis evaluates the process of qualifying a tool for static code analysis in accordance with the requirements of the major aviation authorities EASA and FAA. To describe the qualification process, a literature study was conducted. To further explain how an existing tool could be put through the qualification process, a case study of the existing tool Parasoft C/C++ test was conducted.
The results of the literature study show what processes must be completed in order to qualify a static code analysis tool. Importantly, the study shows that no requirements are put on the development process of the tool. This was an important takeaway as it meant that an existing tool could be qualified without any additional data from the developer of the tool.
The case study of Parasoft C/C++ test showed how the tool could be configured and verified to analyze code in accordance with a small set of code rules. Furthermore, three documents including qualification data were produced showing how the qualification process should be documented in order to communicate the process to an authority.
The results of the thesis do not provide the full picture of how a tool could be qualified as the software, in which the tool is used, is considerations the are specific to the software the tool is used to develop still need to be taken into consideration. The thesis does, however, provide guidance on the majority of the applicable requirements. Future research could be done to provide the complete picture of the qualification process, as well as how the process would look like for other types of tools.
Keywords
Static code analysis, Tool qualification, Aviation industry, Code standard, Parasoft C/C++ Test