GrammaTech, Inc. used the venue of the Embedded Systems Conference at EE Live! to let developers know that the latest version of its CodeSonar 4 software analysis tool for C/C++, Java, and machine code is now available. According to Paul Anderson, Vice President of Engineering at GrammaTech, it has been improved to meet the growing challenges of embedded app developers related to analyzing third-party code, achieving standards compliance, eliminating challenging multi-core issues, and improving code security by addressing dangerous information flows. Designed for zero-tolerance embedded defect environments, he said the tool analyzes binary code and source code, to identify serious security and quality liabilities that cause system crashes, memory corruption, leaks, data races, and other unexpected vulnerabilities. New advances in CodeSonar 4 address: Software Supply Chain Risk Management (SCRM), standards compliance, multicore development, and embedded security.He said new Integrated Binary Analysis capabilities will allow developers to analyze externally produced software without access to its source code. “This eliminates the dangerous quality and security blind spots created by using open source or third-party components and libraries in embedded applications,” said Anderson.CodeSonar 4 also now includes built-in analysis for MISRA C 2012, in addition to existing DO-178 analysis capabilities, to help organizations pursue and achieve relevant certifications. It also incorporates new Java-specific concurrency defect detection capabilities to defend against errors like race conditions, deadlocks, and livelocks.”As networking and internet-enabled capabilities continue to proliferate within embedded systems,” said Anderson, “the attack surface of traditionally isolated applications has expanded in new and unpredictable ways.”In addition to robust existing security features, the new visual tainted-data analysis capability in CodeSonar 4 helps developers find and eliminate vulnerabilities caused by potentially dangerous information flows.“The cost of failure in embedded systems is unlike that of any other industry due to the safety-critical role they play in our everyday lives – which is a main reason organizations who build embedded applications are early adopters of automated advanced code analysis tools,” said Andre Girard, Senior Analyst at VDC.
“Teams that leverage innovative technology to tackle the pressing challenges of embedded software development today such as the use of third-party code, compliance with standards, and the complexity of concurrency can realize significant business and competitive advantages.”