CodeSonar Binary Code Analysis for Power Architecture

November 6, 2019 Mark Hermeling

powerarch

 

GrammaTech is expanding support for CodeSonar for Binaries to include support for the Power architecture in addition to the existing support for x86 and ARM architectures. Power architecture is popular in many deeply embedded devices, especially with devices that use the Freescale family of PowerPC (PPC) based processors and MCUs. These processors and MPUs are often used in avionics as well as automotive applications.

The Power architecture is especially popular in avionics systems that are flight certified. The new CodeSonar for Binaries support for Power is extremely useful to be able to perform cyber security assessments for existing certified systems that are being re-used in new, more connected scenarios. Often the teams doing the security evaluation do not have the ability to build the software. CodeSonar for Binaries can now be used by these teams to quickly detect cyber security weaknesses that could impact the flight safety of these systems.

 

Some Examples

This capability has now been extended to Power architecture object code and libraries. Here’s an example of two bugs found in the gnuchess open source project compiled for Power architecture. The first example is a buffer overrun:

Screen Shot 2019-11-06 at 8.34.46 AM

Screen Shot 2019-11-06 at 8.34.56 AM

Note traceback information is provided in the same manner as source analysis. In this case CodeSonar has detected a buffer overrun in the call to strcpy() with a description of the bug plus a traceback to the previous points in the code where the needed buffer size is incorrectly computed and allocated.

The next example is a double close (i.e. the fclose function is called twice with the same file handle.)

Screen Shot 2019-11-06 at 8.35.54 AMScreen Shot 2019-11-06 at 8.36.05 AM

The addition of Power architecture support for CodeSonar for Binaries widens the scope of the product to another key processor family used in embedded and server-based systems.

Availability

Power support for CodeSonar for Binaries is currently in beta test and will be available for CodeSonar for Binaries customers in the next release of CodeSonar.

Interested in learning more? Read our guide on Advanced Static Analysis for C++

Previous Article
GrammaTech Wins IEEE SCAM 2019 Distinguished Paper Award for Bug-Injector Research
GrammaTech Wins IEEE SCAM 2019 Distinguished Paper Award for Bug-Injector Research

During the International Working Conference on Source Code Analysis & Manipulation (SCAM), a Gra...

Next Article
Webinar Recording - Why Realizing Safe, Secure Software Requires Building on Strong Foundations
Webinar Recording - Why Realizing Safe, Secure Software Requires Building on Strong Foundations

    The challenge of designing safe and secure software systems has nev...