To Run or Not to Run? The Case for Automated Static Analysis in Embedded Systems

Testing and other forms of dynamic analysis are essential for understanding program behavior, yet they remain inherently incomplete due to the infinite nature of possible inputs. Static program analysis offers a complementary approach, gathering comprehensive knowledge without execution. While manual code reviews are a valuable form of static analysis, they are labor-intensive and difficult to scale.

This presentation explores the vast spectrum of automated static analysis, ranging from simple code metrics (such as the seemingly straightforward lines of code) to advanced semantic techniques such as abstract interpretation to detect potential defects. We will compare these automated methods against dynamic analysis and manual reviews, with a specific focus on their added value in embedded software.

Although the discussion remains primarily conceptual and methodological, we will mention some exemplary tools to ground the theory. Finally, we will discuss how to effectively integrate these analyses into a Continuous Integration (CI) pipeline to ensure lasting code and process quality.