Design

Software analysis tool builds code suitable for IoT era

16th January 2015
Siobhan O'Gorman
0

At Embedded World 2015, which takes place from 24th to 26th February in Nuremburg, Germany, GrammaTech will be announcing the release of CodeSonar 4.1, the latest version of its software analysis tool for C/C++, Java and machine code. To allow engineers to build more stable and secure code in the IoT era, the software features new distributed analysis capabilities, deeper tainted data analysis and binary analysis support for x64 processors. 

Designed for zero tolerance embedded environments, the CodeSonar 4.1 analyses both source and binary code to identify serious security and quality liabilities that cause system crashes, memory corruption, data races and other unexpected vulnerabilities. 

CodeSonar can now distribute static analysis work across a large number of heterogeneous machines (such as Linux, Windows, and Unix simultaneously), increasing analysis speed and providing developers with the flexibility to increase the depth of analysis and find more defects.

The software’s taint analysis capabilities now include tainted buffer access and indirect function call checkers. To discover serious security vulnerabilities, such as the recent Heartbleed bug, analysing indirect function calls more precisely is critical.

Due to CodeSonar’s compatibility to the 64-bit Intel MPU, development teams can now use it to make sure the security and quality of the third-party code they use meets their own in-house standards. In tests of software applications where both source code and binary code were analysed using CodeSonar, GrammaTech found 35% more defects than when source code alone was analysed. (75% of the programmes tested was source code and 25% was binary code).

“Embedded systems continue to require better protection against security attacks and quality lapses,” commented Paul Anderson, Vice President of Engineering, GrammaTech. “With CodeSonar 4.1’s visual dataflow analysis, advanced tainted data checks and binary analysis capability, developers can more easily identify bugs that are buried deep within complex codebases or hidden in third-party code.”

Featured products

Upcoming Events

View all events
Newsletter
Latest global electronics news
© Copyright 2024 Electronic Specifier