The big advantage of the standard library is that most library functions are independent of the other functions in the library, both in their specification and implementation. This lowers software complexity and simplifies verification, thereby reducing qualification effort. There are, however, two main caveats to this statement. The first, and most commonly recognized one, is that library functions must be qualified by execution on the target. The second caveat, which is far less well appreciated, is that library qualification must take into account the fact that library functions are not simply binaries, they are also very dependent on header files.

Because this second caveat is less well understood, let’s explore it in more detail. In many SDKs (Software Development Kits) for C and C++, the standard libraries are pre-compiled and delivered as a binary archive. This could lead you to conclude that it makes them largely insensitive to your use-case, because whatever options you use during compilation, the linked library code remains the same. So you might well be under the impression that if your library has been pre-qualified, you must be safe.

But wait! The binary archive is not the whole story
In the C standard library (libc), the definition of types, global variables, and macros is implemented in the form of header files, which are as much a part of the library as the pre-compiled functions. In addition, many functions are implemented both as a real function and as a macro. For speed and efficiency it is common practice to use the macro implementation. However, unlike the corresponding binaries, these macros are not pre-compiled! They are compiled by the SDK’s compiler using your configuration settings. So it is also essential that you verify the macro implementation and the other content in the header file with the actual use-case for your safety-critical application. Simply accepting that the library has been pre-qualified by your supplier is not enough.

What about C++?
In the C++ library, the idea of macros is elevated to a completely different level through the use of templates. Type-generic template functions only exist in the headers and they play a very important role in C++ container classes. They are always compiled with your application and your use-case.

So two things to remember
A lot of code that implements the C and C++ standard libraries is in the header files and cannot be pre-compiled. When you pick a test suite for the standard library, you need to make sure that it understands and fully verifies both functions and their macro definitions.

Dr. Marcel Beemster, CTO

Contact us

Subscribe to our monthly blog!