Using CodeSonar with FreeRTOS: An Example

December 2, 2019 Mark Hermeling

freertos

The Crazyflie is a programmable drone sold by Bitcraze that was designed to be “hacked” and runs open source software for its control and operating system. In particular, this drone uses FreeRTOS as it’s real time operating system.

I recently purchased a Crazyflie and decided to run the code through CodeSonar to see what I found. One error I found was an uninitialized variable in the Crazyflie application code which is then passed on to the FreeRTOS API. Luckily, since both code for the application and RTOS are available, I can diagnose the error.

This brings up an interesting point: An advantage of using an RTOS where the source is freely available is that all of the application can be analyzed, including calls into the RTOS API. Often OS are a black hole in which parameters are sent and static analysis won’t understand what happens (CodeSonar for Binaries has a solution for this too!) Having the source for the underlying OS has advantages for detecting and analyzing bugs and vulnerabilities.

Check out this video illustrating the detection and diagnoses of the error in CodeSonar:

 

 

Interested in learning more? Read our guide "Advanced Static Analysis for C++"

Previous Article
Case Study: LACROIX Sofrel Partners with GrammaTech to Secure Water Networks
Case Study: LACROIX Sofrel Partners with GrammaTech to Secure Water Networks

Next Article
Copy and Paste Errors Afflict FFmpeg
Copy and Paste Errors Afflict FFmpeg

Copy and paste errors are bugs caused by misuse of local reuse of code by simple editor copy and...