Polyspace Static Analysis Notes

Read through the latest posts to learn more about Polyspace® products.

Learn how to use Polyspace products for stack estimation and analysis in embedded software programming.


Release R2022b of Polyspace® products lets you check for all AUTOSAR C++14 coding rules, find new types of defects such as useless includes, and review results more easily in the Visual Studio Code IDE.


Release 2022a of Polyspace® products adds improvements that enable you to run faster, more accurate analyses and review results more efficiently.


When you author software to simultaneously handle multiple tasks, you may use multithreaded programming—programs with constructs such as multiple entry points, interleaving of threads, and asynchronous interrupts. However, multithreaded programming is highly complex and introduces subtle defects such as data races and deadlocks. When such a defect occurs, it can take a long time to reproduce the issue and even longer to identify the root cause and fix it.


Data races are a common problem in multithreaded programming. Data races occur when multiple tasks or threads access a shared resource without sufficient protections, leading to undefined or unpredictable behavior.


Release 2021b provides new features and enhancements to Polyspace® products, including Polyspace as You Code—a new feature designed explicitly for developers.


The Polyspace® family of products now offers a feature designed explicitly for software developers: Polyspace as You Code. This feature brings the code checking capabilities of Polyspace Bug Finder into Integrated Development Environments (IDEs) and saves you from finding bugs late in the software development cycle.


The 2021a release of Polyspace® products adds improvements to many existing workflows. Run a faster analysis and view more precise results on C/C++ code that uses the AUTOSAR RTE API. Run Polyspace Code Prover™ analysis on a project that contains a mix of C and C++ source files. Reduce the software complexity of your code with the new customizable Guidelines checkers.


Release 2020b adds improvements to many existing Polyspace® product workflows. You can run a Polyspace analysis on C++17 code or use a Polyspace analysis to leverage source and compiler specifications generated in a JSON compilation database format from your build systems. 


Many companies that develop software for embedded systems are either investigating cloud platforms, planning pilot projects, or actively developing software in the cloud. These companies are often attracted to public cloud providers, such as Amazon Web Services (AWS®) and Microsoft Azure®, because of competitive pricing and other advantages that cloud platforms offer.


Release 2020a of the Polyspace® products complete many existing workflows and introduce some new capabilities. Polyspace Bug Finder™ now supports all CERT C rules, and Polyspace Access™ products can analyze all forms of C/C++ code that are imported into Simulink. New key features include checkers that detect potential performance problems in C++ code, flag functions from a user-curated list of deprecated functions, and check for issues in initialization code.


In the past 20 years, advancements in technologies such as mobile, smart devices, IoT, and the cloud have led to creation of millions of new applications. To develop applications faster with quality and predictability, companies are evolving their software development processes. In the early 2000s, “lightweight” agile software development started gaining popularity. Agile is an iterative software development process that places importance on collaboration, continuous planning, and continuous testing.


A question comes up often: Does Polyspace® support the compiler that I am using? Sometimes a variant of this question gets asked: Why does a static analysis tool like Polyspace need to know about a compiler? It’s not as if the tool compiles the code, creates a binary, and executes the binary to detect run-time errors. The run-time error detection does not involve executing the code at all.


Polyspace Access™ and Polyspace Code Prover Access™ make it easy to view analysis results and facilitate team collaboration. Everyone on the project team can view, comment, and triage results from a web interface. The following workflow shows how different members of a software development team can use Polyspace Access products to monitor software quality of their projects and view and triage code analysis and verification results.


By Anirban Gangopadhyay

Starting in R2018a, Polyspace Code Prover directly supports the AUTOSAR (Automotive Open System Architecture) methodology for software development. Whatever your role in the AUTOSAR software development workflow, you can now use Polyspace Code Prover as an AUTOSAR-aware static analysis tool.


By Ram Cherukuri and Anirban Gangopadhyay

Buffer overflows have plagued the C/C++ development community for years. While the C language empowers developers to access memory directly via pointers, it also opens the door to overflow problems. Safe coding practices help developers avoid buffer overflows to some extent (at the cost of performance), but sometimes buffer overflows can be subtle and complex to find and resolve.


By Ram Cherukuri

MISRA published an amendment to its latest MISRA C:2012 coding guidelines to mitigate the growing risk of cyber security vulnerabilities. Published in early 2016, the amendment addresses embedded security through additional coding guidelines. These 14 new coding guidelines are aimed at bridging the gap within the security guidelines published in ISO/IEC 17961:2013. The table below identifies the classification of these 14 rules in line with the MISRA C 2012 specification. To learn more about the classification system used in the MISRA C:2012 standard, view Understanding Compliance to the MISRA C 2012 Coding Guidelines (33:28).


By Ram Cherukuri

Polyspace Code Prover™ uses the color orange to highlight operations that can't be automatically proven to be error free under all circumstances. You can then review potential run-time issues that might lead to robustness or reliability concerns.


By Ram Cherukuri, Fred Noto, and Alexandre Langenieux

CERT C is a set of guidelines for software developers and is used for secure coding in C language. It was developed on the CERT community wiki following a community based development process, with the first edition released in 2008 and the second edition released in 2014.


By Ram Cherukuri

Code generation greatly simplifies the MISRA compliance process. The key objectives of coding standards (such as MISRA) are readability, maintainability, and portability, in addition to ensuring safety and reliability. Because the models are at the core of the development process and code can be generated from the model in a consistent manner for different platforms, it simplifies the portability and maintainability pieces.


By Ram Cherukuri

Testing is a major part of the verification process at most embedded software development organizations. Studies estimate that around 25 – 30% of development time is spent on testing, and in some cases, this can be as high as 50% [1].


By Ram Cherukuri, Gary Ryu

The most recent version of the MISRA standard coding rules is MISRA C:2012, which succeeds MISRA C:2004 that has been widely adopted in the software community across industries for embedded systems.