EEJournal

industry news
Subscribe Now
March 1, 2018

GrammaTech Extends the Reach of Static Analysis

Combining static analysis for source and binary with dynamic analysis

February 2018 / Nuremberg, Germany / Engineers, engineering managers and executives involved in building safety and security critical embedded systems will soon have two new tools available to find more bugs earlier, and fix them quicker. GrammaTech, a leading provider of software assurance tools and cybersecurity solutions, today announced two new products: CodeSonar/Libraries and CodeSonar/X.

CodeSonar is the first static analysis tool that can extend source code static analysis into libraries that are only available in binary form through its CodeSonar/Libraries plugin. Other static analysis tools for source code ignore calls into binary libraries — effectively treating those calls as if they were not there. With 25% of embedded projects utilizing third party libraries, according to VDC Research, this simplification easily leads to undetected problems (false negatives). Proper reasoning about the source code requires interpreting effects of the library code. This simplification also misses problems caused by misuse of the library API. CodeSonar/Libraries adds the capability to seamlessly switch between source and binary analysis as it examines possible paths through the program. This results in a net increase of the number of problems detected in the user’s source code. Many software development projects use binary libraries with content from third party vendors, or from existing legacy code. Examples of these include firmware, operating system libraries, graphical user interface subsystems, or middleware layers such as CORBA, DDS, MQTT or others.

CodeSonar/X is a ground-breaking new capability connecting static analysis with dynamic analysis to help software developers improve efficiency, further reduce risk and decrease time-to-market. This plug-in for GrammaTech’s CodeSonar reports state corruptions during host-based testing by monitoring memory access. It combines static and dynamic violations and reports them in the CodeSonar User Interface, helping engineers correlate and prioritize.

“The use of libraries as well as state corruption due to buffer overruns are often blind spots for software development teams,” says Mark Hermeling, Senior Director Product Marketing at GrammaTech, Inc. “Incorrect use of libraries can lead to difficult to detect run-time errors, while a missed buffer overrun can lead to a cyber vulnerability, which can have a severe impact on safety and security critical devices. CodeSonar/Libraries and CodeSonar/X demonstrate GrammaTech’s innovation and thought leadership in the field of static analysis for devices where failure is not an option.”

CodeSonar/Libraries is available now, with CodeSonar/X following later this year. Existing customers can contact GrammaTech for access to these ground-breaking technologies. For more information, visit GrammaTech and partner VerifySoft at Booth 4-423, or attend their exhibitor presentation “Static Analysis++” on 28.02.2018 at 10.00-10.30 in Hall 4, stand 4-328.

This material is based upon work supported by the U.S. Department of Homeland Security under Contract No. HSHQDC-16-C-00099.  Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the U.S. Department of Homeland Security.

About GrammaTech

GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit www.grammatech.com or follow us on LinkedIn.

Leave a Reply

featured blogs
Human Artifacts Discovered on Mars!
Apr 24, 2026
A thought experiment in curiosity, confusion, and cosmic consequences....
More from Max's Cool Beans...

featured paper

Quickly and accurately identify inter-domain leakage issues in IC designs

Sponsored by Siemens Digital Industries Software

Power domain leakage is a major IC reliability issue, often missed by traditional tools. This white paper describes challenges of identifying leakage, types of false results, and presents Siemens EDA’s Insight Analyzer. The tool proactively finds true leakage paths, filters out false positives, and helps circuit designers quickly fix risks—enabling more robust, reliable chip designs. With detailed, context-aware analysis, designers save time and improve silicon quality.

Click to read more

featured chalk talk

GaN for Humanoid Robots
Sponsored by Mouser Electronics and Infineon
In this episode of Chalk Talk, Eric Persson and Amelia Dalton explore why power is the key driver for efficient and reliable robot movements and how GaN technologies can help motor control solutions be more compact, integrated and efficient. They also investigate the role of field-oriented control in humanoid robotic applications and why the choice of a GaN power transistor can make all the difference in your next humanoid robot project!
Click here for more information about Infineon Technologies Motor Control Solutions for Humanoid Robots
Apr 20, 2026
6,146 views