A Q&A with Paul Anderson, VP of Engineering, GrammaTech
This interview is the third in a series that we look to conduct during the course of 2012 with embedded software solution providers to share their views on their company, products, and state of the market.
VDC: GrammaTech has been in the source code analysis business for over 20 years; can you briefly introduce the company to our readers?
Anderson: We were founded as a spin-off from Cornell University to commercialize the results of research into interactive development environments. Since then we have done a lot of research into software analysis and manipulation. For the last five years or so our main product has been an advanced static analysis tool for C/C++. It does a whole-program path-sensitive analysis to find serious programming defects such as buffer overruns. We sell it mostly to companies doing embedded safety-critical work, but also to those doing serious security analysis.
VDC: What are the challenges engineers face today in designing and developing embedded devices and how are embedded software suppliers responding?
Anderson: For years we have been able to rely on increased clock speeds and integration to get better performance. That trend is running out of steam, so chip designers have turned to multiple cores to improve throughput. The problem is that developers usually need to rewrite their code to take maximum advantage of the potential. Writing efficient concurrent code requires new skills, and this introduces the risk of entirely new classes of programming defect such as deadlocks and data races. These are usually very difficult to detect and diagnose because they are highly sensitive to minute differences in timing. Dynamic analysis tools are beginning to emerge that can help with detection and diagnosis, and static-analysis tools can be used to prevent them from being introduced in the first place.
VDC: You recently announced CodeSonar for Java. Can you briefly describe this product and talk a little bit about the use of Java in embedded systems today?
Anderson: Java is a much more civilized language than C/C++ — a bug like a buffer overrun in C is potentially disastrous because it corrupts the memory in unpredictable ways, but the same bug in Java will trigger a well-defined exception that can be handled in a controlled manner. On the other hand Java programmers make much heavier use of general-purpose APIs and frameworks and it is possible to introduce bugs by misusing these. Consequently for Java there is less need for the sophisticated and expensive analysis needed for C programs. Our first version of the Java product does a fairly lightweight analysis, but the results are still managed through the same web-based user interface used for the C/C++ product.
In embedded systems development C is usually used for the embedded processors themselves, and Java (or other languages like C#) is most often used for the non-safety- or performance-critical components such as the desktop or handheld computers used to manage the devices.
Of course Java is the language primarily used for Android development for devices such as mobile phones and tablets, but such development has more in common with traditional data processing or UI programming than embedded programming.
It would be great if there were more of a move towards Java for real-time embedded, and there are some very good tools available, but it does not appear to be happening very fast. C and C++ will be with us for the foreseeable future.
VDC: Device security, which has long been an area of expertise for GrammaTech, has become a very buzzworthy topic in recent months. What are some of the vulnerabilities and other security issues that engineers need to guard against as they seek to develop secure devices in this increasingly connected world?
Anderson: Researchers have demonstrated that it is relatively easy to take control of many embedded devices. I recently saw a presentation that showed a successful attack on the control computer of an automobile that was launched by inserting an infected disk into the CD player. The attack surface of many devices is growing rapidly because of market demands for increasing connectivity. Nobody should assume that their devices are unlikely to be targets of attacks. Hackers can be incredibly creative at finding ways to exploit vulnerabilities for their own ends.
Consequently it is becoming clear that all embedded developers must be aware of security risks and that they should program to avoid them. Fortunately there are lots of publicly-available resources to help programmers understand security vulnerabilities. For example, the CWE/SANS Top 25 lists the most notorious programming defects that can lead to exploitations.
After getting educated and adopting the appropriate tools, the most important thing that developers can do is to cultivate the correct mindset. They should assume that their software will be scrutinized for vulnerabilities by extremely talented and determined adversaries, and program accordingly. It is most critical to pay attention to the interfaces between systems as this is where most weaknesses lurk.
VDC: GrammaTech is also heavily involved in cutting-edge research. What can you tell us about some of your recent or ongoing research efforts?
Anderson: We work on various program analysis tools and techniques including static and dynamic analysis for both source code and object code, with applications in software assurance, security and protection. One project is aimed at protecting users from potentially malicious code by monitoring it during execution and preventing it from doing harm. A related project combines static and dynamic techniques to do a sort of intelligent fuzzing to automatically generate test cases that yield very high code coverage.
VDC: If you were to take a look a look into your crystal ball, how do see the opportunities for the embedded software market shaping up as we head toward 2013?
Anderson: I have already mentioned two major trends: concurrency and security; demand for tools to help with these aspects of development will probably increase. The use of Eclipse— the open-source IDE — is growing rapidly; it has been the dominant IDE for Java for years, and support for C/C++ is now mature. It integrates tightly with debuggers, profilers, version control systems, and other tools so it can boost programmer productivity enormously. I would expect tool-chain vendors to improve their integration with Eclipse to take advantage of this great resource.
VDC: Thank you Paul.
Interested in participating in VDC’s “The Embedded Software Beat” series of interviews? Please reach out and let us know.
Paul Anderson is VP of Engineering at GrammaTech. He received his B.Sc. from Kings College, University of London and his Ph.D. in computer science from City University London. Paul manages GrammaTech's engineering team and is the architect of the company's static-analysis tools. He has helped a wide variety of organizations, including NASA, the FDA, the FAA, MITRE, Draper Laboratory, GE, Lockheed Martin, and Boeing, apply automated code analysis to critical projects. Paul has worked in the software industry for 16 years, with most of his experience focused on developing static-analysis, automated-testing, and program-transformation tools. A significant portion of his work has involved applying program analysis to improve security. His research on static analysis tools and techniques has been reported in numerous articles, journal publications, book chapters, and international conferences.