Channels ▼
RSS

Security

Detecting Endian Issues with Static Analysis Tools


Simple Rules Detecting Complex Problems

These examples show very simple coding for illustrative purposes. But these simple rules are important to consider: they can be defined with clarity and implemented with robustness. As well, if implemented in static analysis tools, they can detect subtle defects which exist inside complex code. As datatypes are defined with higher complexity the syntax and semantic guidelines can be violated in very obscure ways, resulting in defects. Likewise, as coding is modified over time, protocol violations can be mismanaged in non-obvious manners, where incorrect execution paths result in unexpected but feasible cases, resulting in defects.

Higher Quality Code Earlier In the Development Cycle

With correct development of static analysis tools, defects can be found early in the development cycle: If the code can be compiled, defects can be detected. Detection with a compile-time warning can be developed as a custom warning for the environment and application, warning of potential endianness errors. Even with false positives, our experience has shown that clustering of warnings on issues can indicate problems where protocols and/or data definitions may not quite be clean enough, which could warrant re-coding. And any software engineering requirement that all code should pass a designated coding standard could certainly be applied to passing static analysis tools which strictly enforce the standard and detect defects and enforce correctness.

Some Basic Best Practices for Utilizing Static Analysis Tools

Technology cannot always be left to do the job: the working plans and processes of the software engineering teams must be considered.

The beginning of the project is the best phase to define and institute any endian defect detection processes: "How are we going to find the problems?". The answers to that question are done in parallel with identifying the strategy for coding around endian issues: "byte-swapping methods?", "data definitions?", "what is the correct process?".

If static analysis tools are to be used, the most important phase is in the definition of violations and corrections. This is the phase when detection methods can be developed. Once these are developed, the results of the detection during development can be improved upon by retuning the algorithms to improve analysis detection and iterating on more improvements.

The final step in the process is enforcing fixes to be made, reviewing false positives for validity, and maintaining a regular analysis schedule to detect defects as early as possible.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video