Diagnosing Medical Device Software Defects
During the past year, we have explored the use of static analysis software tools—and FDA’s requirements for detailed software verification. In this issue, FDA’s Raoul Jetley teams up with Coverity’s Ben Chelf to take an in-depth look at the key criteria that need to be considered when selecting a static analysis tool.
Automated static analysis can improve the reliability of medical device software. Jetley and Chelf explain what these tools are and why medical device manufacturers should give serious consideration to using them in their software development process. After a thorough examination into how to implement these tools, the authors show how they enable the testing of the software in medical devices in a way that has never been possible before. “This more-comprehensive analysis can help determine potential defects in the source code, while at the same time help ensure that no new defects are introduced during code modification,” say Jetley and Chelf.
The authors explain that the criteria listed in this article is intended to provide device manufacturers with a basic reference guide to selecting appropriate static analysis tools. They do say that “although static analysis offers a number of benefits to medical device developers, it may not address all of the needs or development concerns a manufacturer has regarding code quality. Manufacturers still need to investigate other development tools that can provide a complete tool chain for developers to use at different stages of the software development life cycle.”
In terms of the product life cycle, the authors offer this perspective: “Regardless of an organization’s development methodology, static analysis can serve as an early warning system to identify possible defects that may cost orders of magnitude more to correct later in development.“
Static analysis is most effective when used in combination with other development analysis tools and traditional verification and validation techniques. It must be viewed as a complement to, rather than a replacement for, traditional methodologies. In recent years, static analysis tools have evolved beyond simple pattern matching by focusing on path coverage, which allows them to uncover more defects with real run-time implications. To find out how, read on.