SW Quality: essential for NXP presentation for Bits

1
SW Quality essential for NXPpresentation for
BitsChips 2008, Eindhoven, 9 October 2008
Kees Lepoeter, NXP product manager IP SW Quality
V3, 15 September 2008
2
Outline

• Introducing NXP Semiconductors
• Trends
• SW Quality do we have an issue?
• Current initiatives in NXP
• SW Quality landscape
• SW Certification
• Conclusions

2
2
3
NXP Semiconductors

• Spin-out of Royal Philips Electronics
  Semiconductor Division
• Top-10 global supplier with Sales of 6.32 Bln
  (2007)
• 31,000 employees / 6,000 engineers
• Investing 1.4 Bln in RD annually (2007)
• 5,700 patent families
• More than 26 RD centers in 12 countries
• Participation in over 100 standardization bodies
  and consortia
• ) These figures include the Mobile Personal
  Business which is largely part of the ST NXP
  Wireless JV since August 2, 2008

4
Trends

• Innovation and time-to-market determine margins
• Winner takes it all
• Growing software complexity in silicon industry
• Including increasing amount of 3rd party SW
• Growing of IC returns due to software failures
• Can lead to project delay, cost of non-quality or
  unsatisfied customers
• High quality drive from customers
• High quality requirements especially from the
  Automotive industry
• Requesting TS16949, Zero Defect, MISRA,
  Automotive Spice,
• Use of advanced tooling at customer site to check
  incoming software
• E.g. QAC, Coverity, Klocwork,

5
Examples from Automotive industry

• Prevention of SW problem (un-initialized memory)
  in Car Radio chip
• Estimated cost in case of recall 5 million Cars
  x 100 / car
• Fortunately this could be solved by SW workaround
• Automotive customers require Quality Agreement
  signed
• SW quality agreement needed as prerequisite for
  new business
• Very high quality requirements
• Automotive Spice level 3 (CMMi like, but more
  strict)
• MISRA, metrics, review suppliers, PR support
  guarantees, etc.
• If these requirements are not met, product is not
  accepted

6
What is this ?

• / Woooops... /
• define RLC_MOD_N_COMPARE(__n1, __n2, __b1, __b2,
  __N) \
• ( ((__n1) (__n2))
  \
• ? 0 ((__b1) lt (__b2))
  \
• ? ((__n1)-(__n2)) (((__b1) lt (__n1)
  (__b1) lt (__n2)) \
• ((__b1) lt (__n2)
  (__b1) lt (__n1)) \
• ((__b1) gt (__n2)
  (__b1) gt (__n1))) \
• ? ((__n1) -(__n2))
  ((__n1) gt (__n2)) \
• ?
  -((__n2) (__N) - (__n1)) \
• 
  ((__n1) (__N) - (__n2)) \
• )

7
Explanation

• This is a C macro
• This macro belongs to one of the key NXP products
  
• This macro contained (at least) one bug
• The effect of this bug has troubled a large NXP
  customer recently
• After a waste of time of several people in
  integration and development teams, two full days
  of analysis from an architect have been necessary
  to discover the root cause of the issue
  (signedness issue) and then the bug
• It appeared that this bug was related to a MISRA
  violation, and could have been prevented if
  Static Code Analysis would have been applied
• NXP Rule QL3MISRA.12.9   The unary minus
  operator shall not be applied to an expression
  whose underlying type is unsigned.

8
Outline

• Introducing NXP Semiconductors
• Trends
• SW Quality do we have an issue?
• Current initiatives in NXP
• SW Quality landscape
• SW Certification
• Conclusions

8
8
9
Reference Model to address SW topics
Focus of this presentation
10
Currently running initiatives

• NXP-wide deployment management attention
• MISRA-C Coding guidelines
• NXP dashboard with SW Quality metrics
• Expert reviews e.g. w.r.t. SW architecture and
  Project management
• Requirements coverage and traceability
• Test/decision coverage
• Post-release Defect Density
• Enablers and pilots
• SW Design Environment based on Eclipse
• Standardized configuration mgt approach
• Diversity Management ready for roll-out
• Root cause analysis of problem reports
• Formal methods
• Research topics
• Model driven engineering

11
Static Code analysis in NXP

• Deployed at all SW development teams in NXP that
  develop software in C
• The following standards and tools are being
  introduced
• MISRA coding standards
• industry standard, widely used and accepted in
  the embedded system domain
• QAC static code analysis tool
• this will check the SW for MoReUse/MISRA
  compliance
• TICS quality database and reporting infrastructure

12
MISRA Code Quality Levelsas defined within NXP
6 Advisory MISRA Rules
Level-5 is equivalent tofull MISRA compliance
5 Good Practices
4 Maintainability Issues
3 Hard to Debug
2 Dangerous Constructs
Focus on elimination of Level-1 and 2 violations
1 Undefined Behaviour
13
Next step Introduce Advanced Static Code Checker

• Rationale
• New generation of Static Code Analysis tools has
  emerged in the past years
• These tools are known to be very effective in
  finding actual bugs in the SW such as memory
  corruption and locking errors. Some can also
  detect security vulnerabilities
• Customers such as Samsung use these tools as
  incoming inspection
• Approach
• Select preferred tool for NXP (evaluation
  currently ongoing)
• Assess applicability for bug hunting, data
  control flow analysis, security rules checking,
  MISRA compliance checking
• Deploy in 2009

14
Metrics related to SW Quality

• Centrally collected
• Source Lines of Code
• MISRA compliance
• McCabes Cyclomatic complexity
• Centrally collected (being introduced )
• Test coverage / Decision coverage
• Requirements coverage
• Post-release Defect Density
• Local NXP initiatives
• Compiler warnings
• Dead code and Code duplication
• Code reviews
• PR/CR status

15
Outline

• Introducing NXP Semiconductors
• Trends
• SW Quality do we have an issue?
• Current initiatives in NXP
• SW Quality landscape
• SW Certification
• Conclusions

15
15
16
Zero-Defect SW Methods Landscapeversion 1.6, 26
August 2008
Legend
Already addressed
Proposed extension
Model Checking
Run-Time /Security Rules analysis
TimingAnalysis (on SoC)
Not done(centrally)
Reverse Engineering / Model Extraction /SW
Documentation
Data ControlFlow analysis
System TestingRequirements, Load Stress
Code Generation
RequirementManagement, EngineeringTraceability
Design Verification Methods
Coding Rulesanalysis (MISRA)
ArchitectureGuidelines
ResourceUsage Leak analysis
Integration Testing Interoperability
Interfaces
CompilationWarningsanalysis

• Modeling
• UML
• Model Driven Engineering
• Domain Spec Languages
• Formal Methods

Unit TestingCode Coverage Specs
Formal Analysis during run-time
Code reviews
Coding
Testing
Design
Requirements
SoftwareDevelopmentLifecycle
Enablers Diversity, Build Config. Mgt, SWDE,
Debugging, Automation, CMMi TMMi, DfX/SW
reviews, Numetrics, ...
Human factor
17
SW certification

• Plan is to certify SW before it is used in NXP
  products, as part of the Design-for-Excellence
  program in NXP
• Certification based on expert review including
  data collection for
• SW code quality (e.g. code reviews, static code
  analysis)
• Test Quality (e.g. test coverage, test effort)
• Test results (e.g. of new PRs (almost) 0,
  customer test results)
• Release quality (e.g. release notes, customer
  support in place)
• Requirements and Architecture review
  follow-up(reviews held early in the project life
  cycle)

towards Zero-defect SW
18
Outline

• Introducing NXP Semiconductors
• Trends
• SW Quality do we have an issue?
• Current initiatives in NXP
• SW Quality landscape
• SW Certification
• Conclusions

18
18
19
Conclusions

• NXP needs high SW quality
• explicitly demanded by customers
• issues with SW quality are very costly
• Many SW Quality initiatives deployed and
  monitored NXP-wide
• MISRA, reviews, Test coverage, Defect density, .
• Top management attention via NXP metrics
  dashboard
• SW Quality Methods landscape
• Must make choices to deploy most effective
  methods
• SW certification program being set up

towards Zero-defect SW
20
Questions
?
?
?
?
?