CodeSonar Binary Code Analysis for Power Architecture
GrammaTech is expanding support for CodeSonar for Binaries to include support for the Power architecture in addition to the existing support for x86 and ARM architectures. Power architecture is popular in many deeply embedded devices, especially with devices that use the Freescale family of PowerPC (PPC) based processors and MCUs. These processors and MPUs are often used in avionics as well as automotive applications.
The Power architecture is especially popular in avionics systems that are flight certified. The new CodeSonar for Binaries support for Power is extremely useful to be able to perform cyber security assessments for existing certified systems that are being re-used in new, more connected scenarios. Often the teams doing the security evaluation do not have the ability to build the software. CodeSonar for Binaries can now be used by these teams to quickly detect cyber security weaknesses that could impact the flight safety of these systems.
This capability has now been extended to Power architecture object code and libraries. Here’s an example of two bugs found in the gnuchess open source project compiled for Power architecture. The first example is a buffer overrun:
Note traceback information is provided in the same manner as source analysis. In this case CodeSonar has detected a buffer overrun in the call to strcpy() with a description of the bug plus a traceback to the previous points in the code where the needed buffer size is incorrectly computed and allocated.
The next example is a double close (i.e. the fclose function is called twice with the same file handle.)
The addition of Power architecture support for CodeSonar for Binaries widens the scope of the product to another key processor family used in embedded and server-based systems.
Power support for CodeSonar for Binaries is currently in beta test and will be available for CodeSonar for Binaries customers in the next release of CodeSonar.