Dead Code Detection and Coverage with Polyspace
Polyspace tools help you identify dead or unreachable code in your software. This saves time and reduces the cost associated with testing activities geared for robustness and complete code coverage. The detailed information that Polyspace products provide about the run-time behavior of software proves the existence of dead code and helps you trace the control and data flow to potential sources. This is especially important when complying with industry standards such as DO 178 B/C, ISO 26262, IEC 61508, and IEC 62304.
Dead code is the part of your application that can never be executed. Common causes include:
- Programming errors in conditional branches
- Code that will never be reached because the input data will never cause a specific branch to be executed
- Debugging constructs and other nonfunctional code
- Reusable components that are designed for different run-time scenarios
The presence of dead code in your application can lead to serious consequences as it can be a source of hidden bugs. Dead code also implies that the code is inefficient as it can increase the size of your executable, which is especially relevant for embedded applications. There can also be legal implications.
Polyspace products can help you find dead code, optimize the testing cycle, and shorten the overall verification cycle. This is important as it reduces time spent by engineers trying to get to 100% code coverage, and it saves time in testing and development resources. This is particularly true for high-integrity and safety-critical applications that must adhere to standards like DO 178 B/C.
DO-178B/ED-12B defines dead and deactivated code as follows:
- Dead code - Executable object code (or data) which, as a result of a design error, cannot be executed (code) or used (data) in an operational configuration of the target computer environment and is not traceable to a system or software requirement. An exception is embedded identifiers.
- Deactivated code - Executable object code (or data) which by design is either (a) not intended to be executed (code) or used (data), for example, a part of a previously developed software component; or (b) is only executed (code) or used (data) in certain configurations of the target computer environment, for example, code that is enabled by a hardware pin selection or software programmed options.
DO-178B/ED-12B essentially requires that any dead code is removed, and it calls for the verification of deactivated code to prove that it cannot be inadvertently activated. Because of this, the cost of testing is very high. Identifying dead code is also a good development practice irrespective of certification requirements because studies have shown that dead code and deactivated code is a source of hidden defects and run-time errors. Polyspace products can help you optimize the testing cycle and shorten the overall verification cycle.
Identifying unreachable code using Polyspace Bug Finder
Even before you run a single test case, you can identify unreachable code either at the module level or within the complete application using Polyspace code verification tools. As shown in the figure below, with Polyspace Bug Finder™ you can detect unreachable parts of your code right within your IDE such as Eclipse®. This also helps you in considering the implications of any such dead code on your application, and gives you the ability to make changes the first time around.
Proving the existence of dead code using Polyspace Code Prover
Polyspace Code Prover™ enables you to prove the existence of dead code, as it provides mathematical proof highlighting that a certain section of the code is not executed for any code path and for any combination of variable values in your application. By virtue of the formal methods and abstract interpretation techniques, Polyspace Code Prover proves the dead code in your application with a near zero false positive rate.
You can use the detailed check information to further understand the reason for such redundancy. It might uncover missed requirements that were not identified during requirements capture or were not associated with any test cases. The data range specification that lets you identify the parameter range for a contextual verification also lets you identify both dead code and deactivated code.
Code coverage, code metrics, and trends
In addition, Polyspace products integrate well with code coverage tools like VectorCast that can import the results of Polyspace product verification and use the results to complement their code coverage solution.
Code coverage is a metric used to quantify whether a software application has been thoroughly tested and has a lower chance of containing bugs. Structural code coverage is primarily used as a measure to indicate when adequate testing has been achieved. Because it is not possible to test all possible run-time scenarios, 100% code coverage refers to software that has been tested to acceptable levels. The presence of dead code makes it impossible to attain 100% code coverage and leads to significant investment in time and effort in writing unnecessary test cases.
Polyspace tools produce and synthesize useful code metrics that accurately reflect the quality of your code. These metrics can be viewed using a web-based dashboard. With this built-in feature, you can access various metrics such as run-time errors, code complexity, and coding rule violations. Using these metrics, you can track your progress toward predefined software quality objectives as your code evolves from the first iteration to the ultimate delivery version. You can also measure the incremental impact of any code changes you make to the code base such as introducing any dead code as a result of the change.
"For us, a key advantage of Model-Based Design is the ability to concentrate on design and development instead of low-level coding, verification, and certification tasks. The result is higher quality, DO-178B certified software, and faster iterations."