GrammaTech
Private | |
Industry | Software Quality |
Headquarters | Ithaca, New York |
Key people | Founders: Tim Teitelbaum and Thomas Reps |
Products | CodeSonar, CodeSurfer |
Website |
www |
GrammaTech is a software-development tools vendor based in Ithaca, New York. The company was founded in 1988 as a technology spin-off of Cornell University. They now develop CodeSonar, a static analysis tool for source code and binaries, and perform cyber-security research.
Products
CodeSonar is a source code and binary code analysis tool that performs a whole-program, interprocedural analysis on C, C++, Java, and binary executables. It identifies programming bugs and security vulnerabilities in software. CodeSonar is used in the Defense/Aerospace, Medical, Industrial Control, Electronic, Telecom/Datacom and Transportation industries. The U.S. Food and Drug Administration (FDA) Center for Devices and Radiological Health uses it to detect defects in fielded medical devices.[1][2] The U.S. National Highway Traffic Safety Administration (NHTSA) and NASA used it in its Study on Sudden Unintended Acceleration in the electronic throttle control systems of Toyota vehicles.
CodeSurfer is a program-understanding tool. Program constructs—including preprocessor directives, macros, and C++ templates—are analyzed. CodeSurfer calculates a variety of representations that can be explored through the graphical user interface or accessed through the optional programming interface.
Research
GrammaTech's research division undertakes projects for private contractors, including several U.S. government agencies, such as NASA, the NSF, and many branches of the Department of Defense. GrammaTech's research is focused on both static analysis and dynamic analysis, on both source code and binaries.
GrammaTech recently participated and came in 2nd place in DARPA's Cyber Grand Challenge, earning $1 million as Team TECHx.[3] GrammaTech led Team TECHx, a collaboration with the University of Virginia, using their co-developed cyber-reasoning system called Xandra.[4]
History
GrammaTech is a 1988 spin-off from Cornell University, where its founders had developed an early Integrated Development Environment in 1978 (the Cornell Program Synthesizer[5]) and a system for generating language-based environments from attribute-grammar specifications in 1982 (the Synthesizer Generator[6][7]). Commercial systems that have been implemented using the Synthesizer Generator include ORA's Ada verification system (Penelope[8]), Terma's Rigorous Approach to Industrial Software Engineering (Raise[9]), and Loral's checker of the SPC Quality and Style Guidelines for Ada[10] GrammaTech co-founders Reps and Teitelbaum received the 2010 ACM SIGSOFT Retrospective Impact Award for their work on the Synthesizer Generator.[11]
GrammaTech commercialized the Wisconsin Program-Slicing Tool as CodeSurfer for C and C++ in 1999. CodeSonar for C and C++, which is an application of CodeSurfer/C, has been available since 2005. GrammaTech co-founder Reps and two other company affiliates shared in a 2011 ACM SIGSOFT Retrospective Impact Award for their paper describing the Wisconsin slicing research.[12]
GrammaTech and the University of Wisconsin have been collaborating since 2001 to develop analysis, reverse-engineering, and anti-tamper tools for binary executables. Byproducts of this research are CodeSurfer/x86[13] (a version of CodeSurfer for the Intel x86 instruction set), CodeSonar/x86 (a bug and vulnerability finding tool for stripped executables), and an approach to creating such systems automatically from formal semantic descriptions of arbitrary instruction set architectures.[14]
References
- ↑ Quinnell, Richard A. (2008-03-06). "Static analysis stomps on bugs". EETimes. Retrieved 2009-01-23.
- ↑ Jetley, Raoul; Paul Anderson (April 2008). "Using static analysis to evaluate software in medical devices" (PDF). Embedded Systems Design. United Business Media.
- ↑ https://www.cybergrandchallenge.com/event#results
- ↑ https://www.wired.com/2016/08/security-bots-show-hacking-isnt-just-humans/
- ↑ Teitelbaum, T.; T. Reps (September 1981). "The Cornell Program Synthesizer: A syntax-directed programming environment". Communications of the ACM. 24 (9): 563–573. doi:10.1145/358746.358755.
- ↑ Reps, T. (1984). Generating Language-Based Environments. Cambridge, MA: The M.I.T. Press. ISBN 0-262-18115-0. (Awarded the 1983 ACM Doctoral Dissertation Award.).
- ↑ Reps, Thomas W.; Teitelbaum, Tim (1988). The Synthesizer Generator: A System for Constructing Language-Based Editors. Cambridge, MA: Springer-Verlag. ISBN 0-387-96857-1.
- ↑ Guaspari, D. (1989). "Penelope, an Ada verification system". TRI-Ada '89: Proceedings of the conference on Tri-Ada '89. Pittsburgh, PA: ACM. pp. 216–224. doi:10.1145/74261.74277.
- ↑ The RAISE Language Group, CORPORATE (1993). The RAISE specification language. Upper Saddle River, NJ: Prentice-Hall, Inc. ISBN 0-13-752833-7.
- ↑ Software Productivity Consortium (1995). Ada 95 Quality and Style Guide: Guidelines for Professional Programmers (SPC-94093-CMC Version 01.00.10 ed.). Herndon, VA: SPC.
- ↑ Reps, T.; Teitelbaum, T. (1984). "The Synthesizer Generator ". In SDE 1 Proc. of the first ACM SIGSOFT/SIGPLAN Software Engineering Symposium on Practical Software Development Environments.
- ↑ Reps, T.; Horowitz, S.; Sagiv, M.; Rosay, G. (December 1994). "Speeding Up Slicing ". Proc. Second ACM SIGSOFT Symposium on Foundations of Software Engineering. New Orleans, LA, USA.
- ↑ Balakrishnan, G.; Reps, T. (2004). "Analyzing memory accesses in x86 executables ". Proc. Int. Conf. on Compiler Construction. New York, NY: Springer-Verlag. pp. 5–23. (Awarded the EAPLS Best Paper Award at ETAPS 2004.).
- ↑ Lim, J.; Reps, T. (April 2008). "A system for generating static analyzers for machine instructions ". Proc. Int. Conf. on Compiler Construction (CC). New York, NY: Springer-Verlag. (Awarded the EAPLS Best Paper Award at ETAPS 2008.).