Software analysis tool builds code suitable for IoT era

Designed for zero tolerance embedded environments, the CodeSonar 4.1 analyses both source and binary code to identify serious security and quality liabilities that cause system crashes, memory corruption, data races and other unexpected vulnerabilities. 

CodeSonar can now distribute static analysis work across a large number of heterogeneous machines (such as Linux, Windows, and Unix simultaneously), increasing analysis speed and providing developers with the flexibility to increase the depth of analysis and find more defects.

The software’s taint analysis capabilities now include tainted buffer access and indirect function call checkers. To discover serious security vulnerabilities, such as the recent Heartbleed bug, analysing indirect function calls more precisely is critical.

Due to CodeSonar’s compatibility to the 64-bit Intel MPU, development teams can now use it to make sure the security and quality of the third-party code they use meets their own in-house standards. In tests of software applications where both source code and binary code were analysed using CodeSonar, GrammaTech found 35% more defects than when source code alone was analysed. (75% of the programmes tested was source code and 25% was binary code).

“Embedded systems continue to require better protection against security attacks and quality lapses,” commented Paul Anderson, Vice President of Engineering, GrammaTech. “With CodeSonar 4.1’s visual dataflow analysis, advanced tainted data checks and binary analysis capability, developers can more easily identify bugs that are buried deep within complex codebases or hidden in third-party code.”