NUREMBERG, GERMANY — Embedded World Conference GrammaTech, manufacturer of the most in-depth source-code analysis technology, has expanded its leadership in the automotive vertical market. The company’s static analysis technology has been selected by major automotive manufacturers in Europe, the U.S. and Asia to improve both reliability and security. A key reason cited for the adoption is that GrammaTech is able to identify more critical defects in both single-core and multi-core applications. This makes the technology ideal for software-development organizations that have zero tolerance for defects.
Initially designed for avionics applications, GrammaTech’s CodeSonar has a proven history in safety-critical systems and is currently used by the world’s largest aerospace manufacturers. CodeSonar’s first application within the automotive industry was analyzing software that controls welding robots. Based on the success of that project, and similar industrial-control applications, automotive manufacturers now use CodeSonar to examine software within automotive systems, such as powertrain and chassis control, safety, and in-vehicle infotainment. Regulatory agencies also use CodeSonar for forensic investigations. For example, CodeSonar was used in the high-profile U.S. National Highway Traffic Safety Administration/NASA investigation into potential electronic causes of unintended acceleration in Toyota vehicles.
Two trends are fueling the company’s growth in the automotive market. The first trend is the increase of in-vehicle infotainment systems. The rapid innovation and large codebases associated with in-vehicle infotainment systems make traditional software-assurance methods difficult to apply. The second trend is the growing complexity of critical control software that is much more difficult to test and analyze.
“A modern automobile can easily contain more than ten million lines of code,” stated Paul Anderson, GrammaTech’s vice president of Engineering. “In such environments, the limitations and expense of traditional testing become evident. Companies are adopting automated testing technologies, such as the CodeSonar static-analysis tool, as an efficient way to boost reliability and solve complex problems.”
Looking forward, Paul sees a further challenge emerging for the industry: security. “As automobiles become more network-enabled, they are more susceptible to cyberattack. Researchers at the University of California, San Diego, and the University of Washington demonstrated an attack in which they were able to gain control of a car’s security system. Security is a multi-faceted problem and requires doing many things right. Good security architecture is obviously essential. But it turns out that a large percentage of attacks exploit programming defects. Static analysis has the ability to identify many of the programming defects that commonly create vulnerabilities, such as buffer overruns.”Another factor contributing to software complexity is the adoption of multi-core processors. “Multi-core improves performance, but it also makes reliability more challenging because software written for multi-core is very susceptible to concurrency bugs,” continued Anderson. “Dynamic testing finds defects that occur for particular executions of a program with a fixed set of inputs, whereas static analysis finds concurrency errors by exploring all or most possible executions-this exercises the program much more thoroughly than is feasible with dynamic testing. Another advantage of static analysis is that test cases are not required because the program is never actually executed.”
About GrammaTech:
GrammaTech’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes fourteen researchers with PhDs in programming languages and program analysis.