Volvo Cars Software Factory Increases Pace and Quality of Development with Polyspace
Develop reliable, standards-compliant software for the next generation of cars
Run static code analysis with Polyspace throughout the software development lifecycle
- Critical run-time errors detected before field testing
- Improved productivity with better code reuse
- ASPICE, ISO 26262, and ISO/SAE 21434 certification requirements met
“With Polyspace, we can ensure software security and quality by identifying and fixing critical run-time errors before every code merge.”Johannes Foufas, Volvo Cars
In 2018, Volvo Cars implemented a continuous integration (CI) toolchain that can be used by any embedded software development team. Developers across multiple projects can now continuously build, test, and deploy iterative code changes.
The company integrated Polyspace® products into this automated software build process, providing static code checking for developers who code in C and C++ and those who generate code from Simulink® models.
“A few years ago, we started C++ development on a large-scale project," says Johannes Foufas, senior principal software engineer at Volvo. “C++ is a complex language, and we needed reliable tools for code verification. Of all the static code analysis tools we have tried, Polyspace products are among the very best.”
Many Volvo Cars software engineers develop in C or C++, but the intricacies of these languages can lead to errors that are hard to find and costly to fix. In the past, Volvo Cars used open-source tools to check and debug code. However, none of these tools were able to identify an underflow bug in source code that led to sporadic issues on vehicles.
To save development time and costs and comply with safety and security standards, the Volvo team needed a fail-safe way to identify critical run-time errors that are difficult to detect via robustness testing, including overflows and other numerical issues.
Johannes Foufas’s team evaluated multiple code analysis tools and services, selecting Polyspace products as the preferred solution. Volvo Cars software engineers worked closely with MathWorks Consulting Services to integrate Polyspace tools into every stage of the software development lifecycle.
The engineers incorporated Polyspace as base jobs into the Zuul CI system using Ansible and integrated Polyspace results into their code reviews system. Every Volvo Cars development team can create a new CI pipeline with Polyspace code-checking already installed and configured.
With the Polyspace as You Code plugin available in Polyspace Access™, several teams check adherence to CERT® C, CERT C++, MISRA C®, and AUTOSAR C++14 coding guidelines while they are coding in their IDEs. Before submitting their code modifications, developers run Polyspace Bug Finder™ and Polyspace Code Prover™ on their local computers to prequalify their changes.
When developers push their changes to the source code repository, it automatically triggers Polyspace Bug Finder Server™ and Polyspace Code Prover Server™ analysis. The Polyspace results are integrated into Gerrit to support code reviews. The CI system employs strict gating: every proposed change is verified before a code merge and is promoted into the central Git™ repository only if it meets safety and security requirements.
- Critical run-time errors detected before field testing. “Finding a software bug in the field is costly to fix,” says Foufas. “Polyspace Code Prover is the only tool that enables us to detect issues from the start.”
- Improved productivity with better code reuse. “Polyspace frees up development time,” Foufas says. “Once we have deployed Polyspace static code analysis tools on our base software, we have fewer debugging issues when we start a new project based on that legacy code.”
- ASPICE, ISO 26262, and ISO/SAE 21434 certification requirements met. “Software that fails to comply with industry standards has a direct impact on a company’s reputation and market share,” Foufas says. “With Polyspace tools, we are more confident that our code is free of run-time errors and that it meets safety and security requirements.”