GrammaTech, Inc. has announced the release of supplementary documentation to its CodeSonarstatic-analysis tool that details how static analysis can be used tosupport an organization's ISO 26262 initiatives. The International Organization for Standardization (ISO) Draft International Standard (DIS) 26262, titled “Road vehicles — Functional safety,” is a Functional Safety standard that is currently in the final draft. This standard is an adaptation of the Functional Safety standard IEC 61508 for Automotive Electric/Electronic Systems.
CodeSonar is a static-analysis tool that performs a whole-program, interprocedural analysis on code and identifies complex programming bugs that can result in system crashes, memory corruption and other serious problems. Like a compiler, CodeSonar does a build of the code. However, instead of creating object code, CodeSonar creates an abstract model of the program, capturing information about the program's control flow and the relationships between data. The program model is executed symbolically by CodeSonar's analysis engine. Automated reasoning about feasible paths and program variables is used to identify tricky defects, including defects that result from complex interactions among procedures.
CodeSonar has a long history of being used to improve reliability in critical industries like avionics. CodeSonar performs the deepest analysis of any commercial tool, providing a higher level of assurance. More recently, GrammaTech's static analysis technology has been adopted by some of the largest automotive manufacturers.
“In the competitive automotive industry, manufacturers are under pressure to create new features,” continued Mark Zarins. “Some of these features improve safety while others provide better comfort or entertainment. Software plays a key role in most of these new features, underscoring the importance of software quality. In addition, some of the software-enabled features employ networking, which can expose the automobile to potential security threats like worms or malicious code. Yet the growing code size of the software makes it increasingly difficult to test and verify. Manufacturers are adopting static analysis as part of the test plan to increase reliability.”
In a prominent example, NASA recently used static analysis to examine the software in Toyota vehicles as part of an investigation into unintended acceleration in Toyota vehicles. GrammaTech CodeSonar was one of the tools used by NASA. In the report, NASA described CodeSonar as a “strong static source code analysis tool from GrammaTech that uses a different technology for detailed inter-procedural source code analysis.” The full NASA Engineering and Safety Center Technical Assessment Report can be located at www.nhtsa.gov/staticfiles/nvs/pdf/NASA-UA_report.pdf.
For more information visit www.grammatech.com/codesonar/.
Toni McConnel can be reached at .