Developing Secure Applications with Tools from IAR Systems

Developing secure applications with tools from IAR Systems

David Källberg, FAE, IAR Systems Agenda

. Company overview . Solutions from IAR Systems . Code quality . Security features and concept . Functional safety . Demo

Future-proof software tools and services for embedded development, enabling companies worldwide to create the products of today and the innovations of tomorrow.

. Dedicated team of support, 2016 sales and service worldwide . Sales SEK 328,4 m . 46,000 customers . Operating profit 96,5 m . 32% of revenue invested in . Net cash 96,5 m R&D

• 34 years in the industry • Listed on NASDAQ Stockholm Uppsala Shanghai + Distributor Munich Dallas representation Paris Boston in 40+ countries Tokyo Los Angeles Seoul San Francisco

Powerful development tools The world’s most widely used development tools for embedded applications

Be free! Build what you want in the platform of your choice.

62,000 11,779 34 USERS SUPPORTED YEARS OF WORLDWIDE, DEVICES, EXPERIENCE IAR Embedded Workbench Complete C/C++ compiler and debugger toolchain One toolbox, one view, one uninterrupted workflow

Outstanding performance through sophisticated optimization technology–proven in benchmarks!

Comprehensive debugger

User-friendly features and broad ecosystem integration

Global support services and training What’s included? Powerful C/C++ compiler Multi-file compilation allows the optimizer to operate on a Multiple levels of optimizations for larger set of code code size and execution speed Well-tested Commercial test suites • Plum-Hall • Perennial Major functions • Dinkumware library test

The linker of the optimizer In-house developed test suite >500,000 lines of C/C++ test can remove can be controlled individually code run multiple times unused code • Processor modes • Memory models Option to Balance between • Optimization levels maximize size and speed Language standards speed with by setting • ISO/IEC 14882:2015, known no size different as C++14 constraints optimizations for • ISO/IEC 9899:2012, known as different parts of C11 the code • ANSI X3.159-1989, known as C89 Comprehensive debugger

Integrated Dockable debugger for windows and source and tab groups disassembly debugging Edit source files without leaving the debug session Timeline Power window vizualization

RTOS Performance awareness analysis Integrated profiling tools

Function profiling Based on simulator, sampled trace or full trace Execution time per function Select time interval

Timeline window shows the application’s profile Interrupt log, Data log, Event log, Call stack

Stack analysis calculates maximum stack Code coverage analysis usage, helps find the Which code has been executed? optimal stack size, and checks stack integrity at runtime to detect overflow

Debugging and trace probes for Arm

I-jet I-jet Trace

Powerful, quick, and user-friendly Equipped with Embedded Trace Macrocell (ETM) Download speed of up to 1MB/sec Large trace memory capacities Enables high-resolution measurements of High-speed communication via SuperSpeed USB 3.0 target power consumption

I-scope adds current and voltage measurement capabilities to I-jet and I-jet Trace. Code quality Integrated analysis tools

• Code analysis prioritized customer request • Runtime analysis C-RUN launched in 2014 • Static analysis C-STAT launched in 2015

Maximized performance by compiler experts Fully integrated C-SPY runtime IDE tools Build tools Debugger and static

Simulator driver analysis Editor IAR C/C++ Compiler Hardware debugging Project manager Assembler Power debugging Library tools Linker RTOS plugins

We enable developers to take full control of their development and gain efficient, ” adaptable workflows delivering dependable products. C-STAT static analysis Complete static analysis tool fully integrated in IAR Embedded Workbench

Intuitive and easy-to-use settings with flexible rule selection

Support for export/import of selected checks

Support for command line execution C-STAT static analysis

• Extensive and detailed documentation

• List of messages and data base file available

• Checks compliance with MISRA C:2004, MISRA C++:2008 and MISRA C:2012

• Includes ~250 checks mapping to hundreds of issues covered by CWE and CERT C/C++

CWE (the Common Weakness Enumeration): http://cwe.mitre.org/

CERT (Computer Emergency Response Team): http://www.cert.org/ C-RUN runtime analysis Complete runtime analysis tool fully integrated in IAR Embedded Workbench

• Find actual errors at runtime

• Bounds checking to ensure accesses to arrays and other objects are within boundaries

• Arithmetic checking

• Heap and memory leaks checking

Intuitive and easy-to-use settings with flexible rule selection

Code correlation and graphical feedback in editor

Comprehensive and detailed feedback

Very efficient instrumentation of compiled code Take full control of your development Implement your design in code Build and debug the application

Let C-STAT analyze your code Let C-RUN analyze your project

Review potential Investigate issues runtime errors

Requirements Design Implementation Verification Maintenance Security Stack smash protection

Stack protection in the compiler

• __stack_chk_guard()

• _stack_chk_fail() Security concept

Secure Boot Manager Mastering Tool / Keys Secure Debugging Functional safety Solutions for safety-critical applications

Certified toolchain • A special functional safety edition of IAR Embedded Workbench

Simplified validation • Functional Safety certificate from TÜV SÜD • Safety report from TÜV SÜD • Safety guide

Guaranteed support through the product life cycle • Prioritized support • Validated service packs • Regular reports of known problems Validated according to:

IEC 61508 Available for Arm, Renesas RX, ISO 26262 Renesas RL78, Renesas RH850 EN 50128 (Arm and RH850) IEC 62304 (RX) Support services

Worldwide extensive support services

Don’t worry about fighting with learning curves, issues or bugs on your own. With support from us, you’re never alone. You get help and guidance when you need it and can stay focused on your project.

Get help from technical experts in your time zone. Support centers covering 9 languages in the US, Japan, China, Korea, Germany and Sweden. Summary Secure development with future-proof development tools and services

. Powerful compiler and debugger . Code quality control . Stack protection . Security concept . Functional safety www.iar.com

Thank you for your attention!