Modern Car Engine

The Safer C™ toolset is the first C toolset to be designed from the beginning using measurement-based feedback.

Today, C is more widely used than ever and is the dominant language used in programmable embedded control systems for example. However, the cost of failure in such systems today can be very high indeed. C has many fault and failure modes, but this is balanced by the fact that more is known about how C programs fail than arguably any other language. By avoiding these fault and failure modes, C is capable of producing some of the most reliable systems ever measured whilst retaining the many benefits of C such as efficiency, small footprint, portability, availability of experienced engineers and very widespread availability of good compilers.

The key question is how do we develop in C and avoid these fault and failure modes?

Safer C™: The Toolset

The Safer C™ toolset (SCT) was designed and built by Oakwood Computing Associates to answer this question by bringing together a vast amount of experience from around the world and placing it on the engineer's desktop as an ever-present expert, unobtrusive but always available when needed on the engineer's own code. In particular, the feedback gained by teaching more than 5000 engineers so far on our companion Safer C™ course over some 15 years has proved invaluable. It became obvious when teaching this course that engineers make the same kind of mistakes in certain parts of the language. By providing a mixture of education, animation, direct and indirect defect detection and population comparison measurements, the Safer C™ toolset allows the vast majority of these problems to be avoided when the code first appears.

To build confidence in the toolset itself, it goes through a formidably detailed set of tests before each revision, one of which is a requirement to parse FIPS160 correctly, the international ISO C standard. The toolset is fully internationalised.

SCT is a static analyser. Static analysis is one of the most powerful of all defect avoidance techniques. In the Safer C™ toolset, static defects are avoided by:

  • Education. SCT contains animations of key areas of difficulty in the language along with discussions and reference works such as a comprehensive MISRA (TM) suite.
  • Detection. SCT can directly detect several hundred known defects in the language using its built-in knowledge base.
  • Prediction. SCT uses unique defect clustering algorithms to predict defect-prone components in a system.

The toolset also enables the following kinds of static analysis to be done:-

  • Compliance analysis. Compliance with well-known publicly available standards such as ISO and MISRA can be measured directly.
  • Forensic analysis. SCT allows the user to search for specific optional patterns from a vast collection when performing both detective or verification work. Here SCT works closely with the human analyst maximising their efficiency.
  • Inspection checklists. SCT contains a large number of inspection checklists which are often used in standard code inspections. These are fully automated by SCT greatly reducing the workload of a typical inspection.
  • Verification analysis. SCT allows the user to map messages to different tool message systems so that tool output can be easily compared.