Boston Scientific, one of the world’s largest medical device companies, manufactures over 13,000 products worldwide. Among these offerings are safety-critical medical devices, including implantable cardiac rhythm management products.
“It doesn’t just free up engineers’ time, it also means we can analyze our entire code base more often to ensure that our standards are continuously upheld, and to receive more frequent feedback on our code quality.”
Boston Scientific Software Engineering Fellow
Boston Scientific and GrammaTech Streamline Analysis of Medical Device Software
Recognizing the importance of static analysis as a complement to dynamic analysis and traditional software testing techniques, Boston Scientific included static analysis in their product development lifecycle; however, many of their static analyses were performed manually. Manual analysis is labor-intensive, but it was their only option because commercially available analysis tools that they had looked at didn’t offer the complex analysis functionalities needed. They required analyses to cover specific product design constraints alongside more general software quality checks.
Automating Static Analysis
Eager to automate more of their static analysis activities, Boston Scientific‘s engineers explored various options. They weren’t satisfied with the prospect of adopting an “off-the-shelf” tool and using its general-purpose analyses while waiting for the state-of-the-art in domain-specific analysis to evolve. Investigations with one analysis tool seemed to suggest that certain enhancements could be made, but its vendor was not interested in making those changes.
A solution came when they commissioned GrammaTech to develop a customized analysis suite. “Instead of waiting for the future to come, we recommend active participation in making it happen,” explains Boston Scientific Software Engineering Fellow Gerald Rigdon. “We partnered with GrammaTech because they combine a focus on innovation in static analysis with the expertise needed to turn innovation into a workable reality.”
Customizing the Analyses
Boston Scientific elected to automate the analyses that were most manually intensive, and whose reliability and repeatability were most important. One of the highest priority analyses for automation was their Shared Data Analysis (SDA), a meticulous examination of global data usage within the devices’ preemptive, multi-threaded operating environment.
A number of other static checks were also automated, including stack usage analysis and recursion identification. GrammaTech delivered the customized analyses, together with supporting reporting mechanisms, as extensions to CodeSonar.
The automated analysis now runs in mere hours, compared to the person-weeks it took previously. “The automated analysis provides a huge amount of leverage in a cost-effective way,” notes Rigdon. “It doesn’t just free up engineers’ time, it also means we can analyze our entire code base more often to ensure that our standards are continuously upheld, and to receive more frequent feedback on our code quality.”