Static Analysis: From MDA Computers to FDA Medical Devices
Software-assurance techniques once developed for Missile Defense Agency (MDA) computer systems are now helping the Food and Drug Administration (FDA) find glitches in medical device software.
GrammaTech now sells two main products to help developers understand and analyze their programs. CodeSonar® does the defect scouting, and CodeSurfer® builds a “picture” of the program structure for the programmer. CodeSonar performs a whole-program analysis on more than 10 million lines of source code. CodeSonar analyzes programs that use multiple languages, and it can also examine “binaries” or executables. Binaries, pieces of code that have been compiled into machine code, are more difficult to parse than human-friendly source code.
How it Works
CodeSurfer and CodeSonar use so-called static analysis methods that are capable of detecting subtle errors, allowing detection of bugs earlier in the coding process than with dynamic analysis, which depends on the time-consuming and laborious process of using multiple test cases for sets of code. Neither dynamic nor static analysis can test all the possible paths of a computer program. Static analysis, however, can test significantly more scenarios by employing algorithms that explore the relationships between variables.
Translated into more practical terms, static analysis can turn up bugs that may not be apparent even after many runs in the real world. For example, such analysis can detect memory leaks that lead to abrupt crashes. This feature attracted the interest of the Food and Drug Administration (FDA), which among its many duties, also regulates and certifies medical devices, from pacemakers to medication infusion pumps.
In particular, the FDA has been encouraging the use of static analysis and has used CodeSonar in recent efforts to improve post-market surveillance of medical devices. If a software-driven device fails in the field, the FDA’s Center for Devices and Radiological Health (CDRH) must carry out an investigation that includes a thorough analysis of the source code. In addition, the CDRH wants to be able to reliably assess these types of devices for compliance with software and quality-control standards. In a case study of one such device, conducted by CDRH, CodeSonar was able to uncover more than 100 defects underlying critical functions, using 210 person-hours to carry out the analysis. CDRH recognized this time savings as considerably superior to the time that would have been required for a completely manual analysis.
Where it Stands
NASA’s Jet Propulsion Laboratory (JPL) engineers have been using GrammaTech’s CodeSonar in the development of future Mars exploration systems. While Earthlings seem to have learned celestial mechanics well enough, writing the software that oversees the myriad commands to orbiting satellites and planet-scouring rovers is challenging. CodeSonar will help developers pinpoint bugs so they can be fixed before they cause problems.
For more information on the GrammaTech technology, visit http://info.hotims.com/34459-504. (Source: Joan M. Zimmermann/ NTTC; MDA TechUpdate, Missile Defense Agency, National Technology Transfer Center Washington Operations)
Top Stories
INSIDERSoftware
The Future of Aerospace: Embracing Digital Transformation and Emerging...
INSIDERMaterials
Clean Sky Demonstrator Fuselage Shows Potential of Thermoplastics in Aircraft...
INSIDERTest & Measurement
Blue Origin Rocket Reaches Intended Orbit on First Launch
NewsAutomotive
AVSC Develops Best Practices for Traceable AV Safety Inspection Protocols
INSIDERRF & Microwave Electronics
First F-15Es Equipped With EPAWSS Ready for Flight
NewsPower
Webcasts
Software
Navigating Security in Automotive SoCs: How to Build Resilient...
Propulsion
Is Hydrogen Propulsion Production-Ready?
AR/AI
AI-Powered Quality Control for Sustainable Automotive Production
Aerospace
Improving Thermal Management for Aerospace and Defense Electronics
Connectivity
The Road Ahead for Next-Gen E/E Architectures: Trends and...
Software
Department of Defense Contracts Denied: New Cybersecurity Rules...