Software:TrustInSoft Analyzer: Difference between revisions
Importwiki (talk | contribs) (import) |
Importwiki (talk | contribs) (import) |
||
Line 12: | Line 12: | ||
}} | }} | ||
'''TrustInSoft Analyzer''' | '''TrustInSoft Analyzer''' is a source code analyzer that analyzes code written in the C and [[C++]] programming languages. It implements a set of various [[Formal methods|formal methods]], which create mathematical proofs of the absence of [[Undefined behavior|undefined behavior]] in the analyzed code.<ref>{{cite web | ||
|url= https://www.electronicdesign.com/technologies/embedded/software/video/21278213/electronic-design-trustinsoft-helps-root-out-bugs-to-deliver-reliable-code. | |||
|title=TrustInSoft Helps Root out Bugs to Deliver Reliable Code. |website= www.electronicdesign.com |date=29 November 2023 }}</ref> | |||
absence | |||
|url=https:// | |||
| | |||
}}</ref> | |||
TrustInSoft Analyzer identifies undefined behavior including memory management issues such as [[Buffer overflow|buffer overflow]] and [[Uninitialized variable|uninitialized variable]]s, arithmetic operations including division by zero, [[Integer overflow|integer overflow]],and race conditions.<ref> {{cite web | |||
division by zero | |||
|url=https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers | |url=https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers | ||
|title=Source Code Security Analyzers | |title=Source Code Security Analyzers | ||
|website=National Institute for Standards and Technology, Software Quality Group|date=23 March 2021 | |website=National Institute for Standards and Technology, Software Quality Group|date=23 March 2021 | ||
}}</ref> | }}</ref> | ||
TrustInSoft Analyzer is commonly used for software analysis in embedded systems, and addresses safety and security issues within the source code. TrustInSoft Analyzer aids in establishing compliance with safety and security standards and norms<ref>{{cite journal | |||
|author=Benoit Jubin | |||
|title=Exhausting | |||
|year=2023 | |||
|journal=Vehicle Electronics | |||
|url= https://vehicle-electronics.biz/sites/default/files/VE118Oct23.pdf?mc_cid=14feb03339&mc_eid=3f3f5f6f4e | |||
}}</ref> | |||
including [[ISO 26262]] and [[MISRA C]]. | |||
It can also prove that a program conforms to a formal specification of its intended functional behavior including the ANSI/ISO C Specification Language (ACSL). | |||
== Development and Deployment == | |||
TrustInSoft Analyzer deploys in multiple environments (e.g. Mac OS, Linux, Windows) and integrates with various tools (e.g. Google Test and Jenkins).<ref>{{cite web | |||
|url= https://github.com/TrustInSoft | |||
|title= TrustInSoft | |||
|website=github.com}}</ref> All versions of C up to 18 and C++ up to 20 are supported.<ref>{{cite web | |||
|url= https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers | |||
|title= Source Code Security Analyzers | |||
|website=nist.gov|date= 23 March 2021 | |||
}}</ref> | |||
TrustInSoft Analyzer is available as a standalone software under a proprietary license for customers of the TrustInSoft company. It is also available, in a restricted form, as a freely accessible web application for experimenting and teaching.<ref>{{cite web | |||
TrustInSoft Analyzer is available as a standalone software under a proprietary license for customers of the TrustInSoft company. It is also available, in a restricted form, as a freely accessible web application | |||
|url=https://tsnippet.trust-in-soft.com/ | |url=https://tsnippet.trust-in-soft.com/ | ||
|title=The TSnippet free online analyzer, free demo version of TrustInSoft Analyzer | |title=The TSnippet free online analyzer, free demo version of TrustInSoft Analyzer | ||
|website=trust-in-soft.com}}</ref> Additionally, another free, fairly complete, version of the | |website=trust-in-soft.com}}</ref> Additionally, another free, fairly complete, version of the analyzer is available on the web, able to analyze code if the source is publicly hosted on Github.<ref>{{cite web | ||
|url=https://ci.trust-in-soft.com/ | |url=https://ci.trust-in-soft.com/ | ||
|title=The TrustInSoft CI free online platform to analyze C and C++ code | |title=The TrustInSoft CI free online platform to analyze C and C++ code | ||
|website=trust-in-soft.com}}</ref> | |website=trust-in-soft.com}}</ref> | ||
== Applications and Visibility == | == Applications and Visibility == | ||
TrustInSoft Analyzer’s technology, previously developed under Frama C, has industrial-scale applications to formally verify critical aeronautic applications such as DO-178C.<ref>{{cite journal | |||
|first1=Yannick|last1=Moy|first2=Emmanuel|last2=Ledinot|first3=Hervé|last3=Delseny | |first1=Yannick|last1=Moy|first2=Emmanuel|last2=Ledinot|first3=Hervé|last3=Delseny | ||
|first4=Virginie|last4=Wiels|first5=Benjamin|last5=Monate | |first4=Virginie|last4=Wiels|first5=Benjamin|last5=Monate | ||
Line 226: | Line 64: | ||
|volume=30|number=3|pages=50–57|year=2013 | |volume=30|number=3|pages=50–57|year=2013 | ||
|doi=10.1109/MS.2013.43|s2cid=12345793 }}</ref> | |doi=10.1109/MS.2013.43|s2cid=12345793 }}</ref> | ||
TrustInSoft has since expanded into markets such as consumer electronics and automotive.<ref>{{cite web | |||
|url=https://www.cea.fr/english/Pages/innovation/start-ups/trustinsoft.aspx | |||
|url=https:// | |title=Trustinsoft, quality and security for C & C++ software | ||
| | |date=December 15, 2022 | ||
|website= | |website= Le CEA}}</ref> In 2016, TrustInSoft Analyzer was accredited in a NIST report to the White House Office of Science and Technology Policy, for proving the absence of CWE vulnerabilities in the PolarSSL (now referred to as Mbed_TLS) stack.<ref>{{cite book | ||
House Office of Science and Technology Policy, for proving the absence of CWE vulnerabilities in the | |author=National Institute of Standards and Technology | ||
PolarSSL ( | |title=Dramatically Reducing Software Vulnerabilities: NiSTIR 8151 | ||
TrustInSoft was selected | |year=2016 | ||
autonomous | |isbn=978-1548477714 | ||
|url=https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8151.pdf | |||
|doi=10.6028/NIST.IR.8151 | |||
}}</ref> | |||
In 2021, TrustInSoft was selected for the UBIMobility development program, an accelerator for autonomous vehicle technologies.<ref>{{cite web | |||
|url=https://www.wardsauto.com/industry-news/elite-french-auto-tech-companies-tour-us-eye-ces | |url=https://www.wardsauto.com/industry-news/elite-french-auto-tech-companies-tour-us-eye-ces | ||
|title=Elite French Auto Tech Companies Tour U.S., Eye CES | |title=Elite French Auto Tech Companies Tour U.S., Eye CES | ||
|date=October 29, 2021 | |date=October 29, 2021 | ||
|website=Wards Automotive, Industry News}}</ref> | |website=Wards Automotive, Industry News}}</ref> | ||
== References == | == References == | ||
{{Reflist}} | {{Reflist}} | ||
{{Sourceattribution|TrustInSoft Analyzer}} | {{Sourceattribution|TrustInSoft Analyzer}} |
Latest revision as of 13:48, 26 April 2024
Logo of TrustInSoft Analyzer | |
Developer(s) | TrustInSoft company |
---|---|
Written in | OCaml |
Operating system | Microsoft Windows, FreeBSD, OpenBSD, Linux, Mac OS X |
Available in | English |
Type | Formal verification, static code analysis |
License | Proprietary |
Website | trust-in-soft |
TrustInSoft Analyzer is a source code analyzer that analyzes code written in the C and C++ programming languages. It implements a set of various formal methods, which create mathematical proofs of the absence of undefined behavior in the analyzed code.[1]
TrustInSoft Analyzer identifies undefined behavior including memory management issues such as buffer overflow and uninitialized variables, arithmetic operations including division by zero, integer overflow,and race conditions.[2]
TrustInSoft Analyzer is commonly used for software analysis in embedded systems, and addresses safety and security issues within the source code. TrustInSoft Analyzer aids in establishing compliance with safety and security standards and norms[3] including ISO 26262 and MISRA C.
It can also prove that a program conforms to a formal specification of its intended functional behavior including the ANSI/ISO C Specification Language (ACSL).
Development and Deployment
TrustInSoft Analyzer deploys in multiple environments (e.g. Mac OS, Linux, Windows) and integrates with various tools (e.g. Google Test and Jenkins).[4] All versions of C up to 18 and C++ up to 20 are supported.[5]
TrustInSoft Analyzer is available as a standalone software under a proprietary license for customers of the TrustInSoft company. It is also available, in a restricted form, as a freely accessible web application for experimenting and teaching.[6] Additionally, another free, fairly complete, version of the analyzer is available on the web, able to analyze code if the source is publicly hosted on Github.[7]
Applications and Visibility
TrustInSoft Analyzer’s technology, previously developed under Frama C, has industrial-scale applications to formally verify critical aeronautic applications such as DO-178C.[8] TrustInSoft has since expanded into markets such as consumer electronics and automotive.[9] In 2016, TrustInSoft Analyzer was accredited in a NIST report to the White House Office of Science and Technology Policy, for proving the absence of CWE vulnerabilities in the PolarSSL (now referred to as Mbed_TLS) stack.[10] In 2021, TrustInSoft was selected for the UBIMobility development program, an accelerator for autonomous vehicle technologies.[11]
References
- ↑ "TrustInSoft Helps Root out Bugs to Deliver Reliable Code.". 29 November 2023. https://www.electronicdesign.com/technologies/embedded/software/video/21278213/electronic-design-trustinsoft-helps-root-out-bugs-to-deliver-reliable-code..
- ↑ "Source Code Security Analyzers". 23 March 2021. https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers.
- ↑ Benoit Jubin (2023). "Exhausting". Vehicle Electronics. https://vehicle-electronics.biz/sites/default/files/VE118Oct23.pdf?mc_cid=14feb03339&mc_eid=3f3f5f6f4e.
- ↑ "TrustInSoft". https://github.com/TrustInSoft.
- ↑ "Source Code Security Analyzers". 23 March 2021. https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers.
- ↑ "The TSnippet free online analyzer, free demo version of TrustInSoft Analyzer". https://tsnippet.trust-in-soft.com/.
- ↑ "The TrustInSoft CI free online platform to analyze C and C++ code". https://ci.trust-in-soft.com/.
- ↑ Moy, Yannick; Ledinot, Emmanuel; Delseny, Hervé; Wiels, Virginie; Monate, Benjamin (2013). "Testing or Formal Verification: DO-178C Alternatives and Industrial Experience". IEEE Software 30 (3): 50–57. doi:10.1109/MS.2013.43.
- ↑ "Trustinsoft, quality and security for C & C++ software". December 15, 2022. https://www.cea.fr/english/Pages/innovation/start-ups/trustinsoft.aspx.
- ↑ National Institute of Standards and Technology (2016). Dramatically Reducing Software Vulnerabilities: NiSTIR 8151. doi:10.6028/NIST.IR.8151. ISBN 978-1548477714. https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8151.pdf.
- ↑ "Elite French Auto Tech Companies Tour U.S., Eye CES". October 29, 2021. https://www.wardsauto.com/industry-news/elite-french-auto-tech-companies-tour-us-eye-ces.
Original source: https://en.wikipedia.org/wiki/TrustInSoft Analyzer.
Read more |