CodeSonar 4.1 static analysis tool focusses on code security

January 16, 2015 // By Graham Prophet
The latest release of GrammaTech’’s Static Analysis Tool gives developers tools to ensure embedded software quality and security, and will feature 64-bit binary analysis, distributed and with check for tainted buffer accesses.

GrammaTech will formalise the release at February’s Embedded World exhibition in Nuremberg. CodeSonar 4.1 is the latest version of the company’’s software analysis tool for C/C++, Java, and machine code. Built to deliver depth of analysis, the latest version includes new distributed analysis capabilities, deeper tainted-data analysis, and binary analysis support for x64 processors. Combined, these advances will, its writers say, help developers build more stable and secure code in the Internet of Things era, where a growing number of devices are connected in unpredictable and often unsecure ways.

The product analyses both source and binary code to identify serious security and quality liabilities that cause system crashes, memory corruption, data races, and other unexpected vulnerabilities. The innovations in CodeSonar 4.1 include:

- Deeper Tainted Data Analysis - GrammaTech has increased the precision of its taint analysis capabilities, which includes new tainted buffer access and indirect function call checkers. Analysing indirect function calls more precisely is invaluable in discovering serious security vulnerabilities, such as the recent Heartbleed bug.

- New Distributed Analysis - Through research at GrammaTech, funded by the Department of Homeland Security, CodeSonar can now distribute static analysis work across a large number of heterogeneous machines (such as Linux, Windows, and Unix simultaneously). This capability increases analysis speed substantially, and gives developers the flexibility to turn up the depth of analysis to find more defects.

- Binary support for x64 – GrammaTech claims the position of being the only commercial static analysis tool with binary code analysis is strengthened by extending platform compatibility to the 64-bit Intel microprocessor family. As a result, more development teams will be able to use GrammaTech’’s leading binary analysis product to make sure the security and quality of the third-party code they use meets their own in-house standards. In tests of software applications where both source code and binary code were analysed using CodeSonar, GrammaTech found 35% more defects than when source code