Handling index-out-of-bounds in safety-critical embedded C code using model-based development

Embedded C code for safety critical systems faces some substantial challenges: like every other embedded SW code it must be efficient in terms of code size, data size and execution time, but it must also behave safely under all circumstances, without a user or operator who could handle the errors. One kind of problem is array accesses where the index is outside the specified value range. The C language does not specify the behaviour in such cases, which clearly violates the requirements for safe code. In this paper, the approach of the model-based development tool ASCET is explained, and the experiences of three case studies that describe the adoption of index protection by the users are presented.