Developing secure applications with

tools from IAR Systems

David Källberg, FAE, IAR Systems

Agenda

Company overview

Solutions from IAR Systems

Code quality

Security features and concept

Functional safety

Demo

Future-proof software tools and services for embedded

development, enabling companies worldwide to create

the products of today and the innovations of tomorrow.

• 34 years in the industry

• Listed on NASDAQ Stockholm

2016

Sales SEK 328,4 m

Operating profit 96,5 m

Net cash 96,5 m

Dedicated team of support,

sales and service worldwide

46,000 customers

32% of revenue invested in

R&D

+ Distributor

representation

in 40+ countries

Uppsala

Munich

Paris

Tokyo

Seoul

Shanghai

Dallas

Boston

Los Angeles

San Francisco

Powerful development tools

The world’s most widely used development

tools for embedded applications

11,779 SUPPORTED

DEVICES,

62,000 USERS

WORLDWIDE,

34 YEARS OF EXPERIENCE

Be free! Build what you want in

the platform of your choice.

IAR Embedded Workbench Complete C/C++ compiler and debugger toolchain

Outstanding performance through sophisticated

optimization technology–proven in benchmarks!

Comprehensive

debugger

User-friendly features

and broad ecosystem

integration

Global support services

and training

One toolbox, one view, one uninterrupted workflow

What’s included?

Powerful C/C++ compiler

The linker

can remove

unused code

Multiple levels of optimizations for

code size and execution speed

Major functions

of the optimizer

can be controlled

individually

Balance between

size and speed

by setting

different

optimizations for

different parts of

the code

Multi-file compilation allows

the optimizer to operate on a

larger set of code

Option to

maximize

speed with

no size

constraints

Well-tested Commercial test suites

• Plum-Hall

• Perennial

• Dinkumware library test

In-house developed test suite

>500,000 lines of C/C++ test

code run multiple times

• Processor modes

• Memory models

• Optimization levels

Language standards • ISO/IEC 14882:2015, known

as C++14

• ISO/IEC 9899:2012, known as

C11

• ANSI X3.159-1989, known as

C89

Comprehensive debugger

RTOS

awareness

Timeline

window

Integrated

debugger for

source and

disassembly

debugging Edit source files

without leaving

the debug

session

Dockable

windows and

tab groups

Performance

analysis

Power

vizualization

Integrated profiling tools

Function profiling Based on simulator, sampled trace or full trace

Execution time per function

Select time interval

Timeline window shows the

application’s profile Interrupt log, Data log, Event log, Call stack

Code coverage analysis Which code has been executed?

Stack analysis calculates maximum stack usage, helps find the optimal stack size, and checks stack integrity at runtime to detect overflow

I-scope adds current

and voltage measurement

capabilities to I-jet and I-jet

Trace.

Powerful, quick, and user-friendly

Download speed of up to 1MB/sec

Enables high-resolution measurements of

target power consumption

Equipped with Embedded Trace Macrocell (ETM)

Large trace memory capacities

High-speed communication via SuperSpeed USB 3.0

Debugging and trace probes for Arm

I-jet Trace I-jet

Code quality

Integrated analysis tools

We enable developers to take full control of their development and gain efficient,

adaptable workflows delivering dependable products. ”

Editor

Project manager

Library tools

Simulator driver

Hardware debugging

Power debugging

RTOS plugins

IAR C/C++ Compiler

Assembler

Linker

C-SPY

Debugger Build tools

Fully

integrated

runtime

and static

analysis

Maximized performance by compiler experts

IDE tools

• Code analysis prioritized customer request

• Runtime analysis C-RUN launched in 2014

• Static analysis C-STAT launched in 2015

C-STAT static analysis

Intuitive and easy-to-use

settings with flexible rule

selection

Support for export/import of

selected checks

Support for command line

execution

Complete static analysis tool fully integrated in

IAR Embedded Workbench

C-STAT static analysis

• Extensive and detailed documentation

• List of messages and data base file available

• Checks compliance with MISRA C:2004,

MISRA C++:2008 and MISRA C:2012

• Includes ~250 checks mapping to hundreds

of issues covered by CWE and CERT C/C++

CWE (the Common Weakness Enumeration): http://cwe.mitre.org/

CERT (Computer Emergency Response Team): http://www.cert.org/

C-RUN runtime analysis

• Find actual errors at runtime

• Bounds checking to ensure accesses to arrays

and other objects are within boundaries

• Arithmetic checking

• Heap and memory leaks checking

Intuitive and easy-to-use settings with flexible rule selection

Code correlation and graphical feedback in editor

Comprehensive and detailed feedback

Very efficient instrumentation of compiled code

Complete runtime analysis tool fully integrated in

IAR Embedded Workbench

Let C-RUN analyze your project

Requirements Design Implementation Verification Maintenance

Build and debug the application

Take full control of your development

Implement your design in code

Investigate

runtime

errors

Review

potential

issues

Let C-STAT analyze your code

Security

Stack smash protection

Stack protection in the compiler

• __stack_chk_guard()

• _stack_chk_fail()

Security concept

Secure Boot Manager

Mastering Tool / Keys

Secure Debugging

Functional safety

Validated according to: IEC 61508

ISO 26262

EN 50128 (Arm and RH850)

IEC 62304 (RX)

Solutions for safety-critical applications

Certified toolchain

• A special functional safety edition of

IAR Embedded Workbench

Simplified validation

• Functional Safety certificate from TÜV SÜD

• Safety report from TÜV SÜD

• Safety guide

Guaranteed support through the product life cycle

• Prioritized support

• Validated service packs

• Regular reports of known problems

Available for Arm, Renesas RX,

Renesas RL78, Renesas RH850

Support services

Worldwide extensive support services

Don’t worry about fighting

with learning curves, issues

or bugs on your own. With

support from us, you’re

never alone. You get help

and guidance when you

need it and can stay focused

on your project.

Get help from technical experts in your time zone. Support

centers covering 9 languages in the US, Japan, China,

Korea, Germany and Sweden.

Summary

Powerful compiler and debugger

Code quality control

Stack protection

Security concept

Functional safety

Secure development with future-proof

development tools and services

www.iar.com

Thank you for your attention!