Embedded project Static analysis

Thread Starter

rizzof87

Joined Nov 16, 2016
2
Hello everyone!

I'm confused about static analysis

Let's say I have a C project for an embedded system.
It correctly compiles into my IDE for my target, which can be for example an ARM processor.

Let's say I decide to give my project to an external company, in order to make some static analysis on it.

They will change the code in order to validate my project, using the static analyzer tool they prefer.

In order to pass all the tests, they will change the source code (let's say adding some "const" or "static" attribute for example).

Assuming that this company have access to the same IDE,
when they will give me back the code, I expect that the project still correctly compile as before.

Is this correct?

Because, if they change the code, but they do not check if code still compiles,
the job they did is completely useless since I'm forced to change it again in order to correctly compile it again
(but at this point, the code will not more pass the static analysis)
.

Is this correct?

I think, it's implicit the compile check by the company that make the static analysis.

I hope someone can help me to clarify this doubt.

Best regards,
Francesco.
 

ErnieM

Joined Apr 24, 2011
8,377
What does the hypothetical third party company say?

I would expect any additional code they insert to be tagged with conditional compile flags, so one source code base can be compiled for either analysis or production use.

If they render your code useless (defined by unsucessful compilation) then either have them rework the code, or fire them and do not pay.
 

Thread Starter

rizzof87

Joined Nov 16, 2016
2
Hi,

third part company says that the check about a successful compilation was not their goal. They are only concerned to pass the static analysis tests.

I mean, since there is not allowed to release a product with a software which does not pass static analysis (for my company),
I need to receive back a code, changed of course for static analysis test compliant, but which still successful compiles in order to use it for our product.

If I'm forced to change it again, invalidating static analysis tests, I think their job become useless .

They also says that most of the compile errors appear because during the static analysis they don't care about header files (*.h). So they eventually change source files (*.c) but when they give be back the project, there is, of course, an inconsistency between source and header files.

I find that this explanation is pretty ridiculous.

Can you confirm that during static analysis the header files are ignored? If yes, why?

Thank you,

Francesco.
 
Top