Integrating Static Code Analysis with Multilingual Medical Software

Universität Ulm

BA Abschlussvortrag, Jonathan Eichenhofer, Ort: O27/545, Datum: 06.03.2018, Zeit: 11:30 Uhr

Medical software is a substantial part of the worldwide health care system. Since patients’
lives depend on the proper functioning, underlies the development of modern
medical software system the highest security and quality standards. Nowadays large
amounts of verification processes are required to fulfill these standards, which results
in high resource and time consumption for the software developing companies. An approach
to reduce this effort are static analysis tools. These tools detect software defects,
problematic code constructs and critical vulnerabilities in early development stages by
examining the code without actually executing it. As static code analysis is widely used
today and provides deeper analysis that find more defects and produces less false positives,
static code analysis becomes beneficial for medical software with large multilingual
code bases as well. The aim of this work is to integrate such a static analysis tool into the
development process of a medical software system. Different approaches to maximize
the efficiency of the analysis and to minimize the time and resource consumption are
introduced. Therefore, not only the large code base consisting of the multiple languages
and the high requirements of the medical software, but also the proper integration into
the agile development process is considered. For this purpose, concepts for analyzing
the present code base with the corresponding development process are introduced and
demonstrated. This is followed by a comparison of techniques for partitioning the source
code and selection of checkers, which suggests an aggregation of small build-able parts
into one build job, if shared files are used, while selecting the maximum number of
applicable checkers. Finally, a proof of concept implementation of a static code analysis
tool is provided, adapted to the agile development of a CentricityTM RISi, which revealed
a big discrepancy in the support of different coding languages.