GrammaTech is a software-development tools vendor based in

Bethesda, Maryland Bethesda () is an unincorporated, census-designated place in southern Montgomery County, Maryland. It is located just northwest of Washington, D.C. It takes its name from a local church, the Bethesda Meeting House (1820, rebuilt 1849), which in ...

with a research center based in

Ithaca, New York Ithaca is a city in the Finger Lakes region of New York, United States. Situated on the southern shore of Cayuga Lake, Ithaca is the seat of Tompkins County and the largest community in the Ithaca metropolitan statistical area. It is named a ...

. The company was founded in 1988 as a technology spin-off of Cornell University. GrammaTech is a provider of application security testing products (

static application security testing Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers ...

Software Composition Analysis Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...

) and software research services.

Products

CodeSonar CodeSonar is a static code analysis tool from GrammaTech. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++ ...

is a source code and binary code

static analysis Static analysis, static projection, or static scoring is a simplified analysis wherein the effect of an immediate change to a system is calculated without regard to the longer-term response of the system to that change. If the short-term effect i ...

tool that performs a whole-program, interprocedural analysis on C,

C++ C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...

, C#,

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...

, and

binary executables In computing, executable code, an executable file, or an executable program, sometimes simply referred to as an executable or binary, causes a computer "to perform indicated tasks according to encoded instructions", as opposed to a data file ...

. It identifies programming bugs and security vulnerabilities in software. CodeSonar is used in the Defense/Aerospace, Medical, Industrial Control, Electronic, Telecom/Datacom and Transportation industries. The U.S.

Food and Drug Administration The United States Food and Drug Administration (FDA or US FDA) is a List of United States federal agencies, federal agency of the United States Department of Health and Human Services, Department of Health and Human Services. The FDA is respon ...

(FDA) Center for Devices and Radiological Health uses it to detect defects in fielded medical devices. The U.S.

National Highway Traffic Safety Administration The National Highway Traffic Safety Administration (NHTSA ) is an agency of the U.S. federal government, part of the Department of Transportation. It describes its mission as "Save lives, prevent injuries, reduce vehicle-related crashes" rela ...

(NHTSA) and

NASA The National Aeronautics and Space Administration (NASA ) is an independent agency of the US federal government responsible for the civil space program, aeronautics research, and space research. NASA was established in 1958, succeeding t ...

used it in its Study on Sudden Unintended Acceleration in the electronic throttle control systems of Toyota vehicles. CodeSentry is derived from GrammaTech’s binary code analysis research. This technology performs deep analysis of object, library and executable files without the need for source code in order to identify known software security vulnerabilities. Binary analysis is an efficient method for software composition analysis with high

precision and recall In pattern recognition, information retrieval, object detection and classification (machine learning), precision and recall are performance metrics that apply to data retrieved from a collection, corpus or sample space. Precision (also called ...

results and fewer false positives.

Research

GrammaTech's research division undertakes projects for private contractors, including several U.S. government agencies, such as

, the

NSF NSF may stand for: Political organizations *National Socialist Front, a Swedish National Socialist party *NS-Frauenschaft, the women's wing of the former German Nazi party *National Students Federation, a leftist Pakistani students' political gr ...

, and many branches of the

Department of Defense Department of Defence or Department of Defense may refer to: Current departments of defence * Department of Defence (Australia) * Department of National Defence (Canada) * Department of Defence (Ireland) * Department of National Defense (Philipp ...

. GrammaTech's research is focused on both

and dynamic analysis, on both source code and binaries. GrammaTech participated and came in 2nd place in

DARPA The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Adv ...

's 2016 Cyber Grand Challenge, earning $1 million as Team TECHx. GrammaTech led Team TECHx, a collaboration with the University of Virginia, using their co-developed cyber-reasoning system called Xandra.

History

GrammaTech is a 1988 spin-off from

Cornell University Cornell University is a private statutory land-grant research university based in Ithaca, New York. It is a member of the Ivy League. Founded in 1865 by Ezra Cornell and Andrew Dickson White, Cornell was founded with the intention to teach an ...

, where its founders had developed an early

Integrated Development Environment An integrated development environment (IDE) is a software application that provides comprehensive facilities to computer programmers for software development. An IDE normally consists of at least a source code editor, build automation tools a ...

in 1978 (the Cornell Program Synthesizer) and a system for generating language-based environments from attribute-grammar specifications in 1982 (the Synthesizer Generator). Commercial systems that have been implemented using the Synthesizer Generator include ORA's

Ada Ada may refer to: Places Africa * Ada Foah, a town in Ghana * Ada (Ghana parliament constituency) * Ada, Osun, a town in Nigeria Asia * Ada, Urmia, a village in West Azerbaijan Province, Iran * Ada, Karaman, a village in Karaman Province, ...

verification Verify or verification may refer to: General * Verification and validation, in engineering or quality management systems, is the act of reviewing, inspecting or testing, in order to establish and document that a product, service or system meets ...

system (Penelope), Terma's Rigorous Approach to Industrial Software Engineering (Raise), and Loral's checker of the SPC Quality and Style Guidelines for Ada. GrammaTech co-founders Tom Reps and

Tim Teitelbaum (Ray) Tim Teitelbaum (born April 12, 1943, United States) is an American computer scientist known for his early work on Integrated development environment, integrated development environments (IDEs), Structure editing, syntax-directed editing, an ...

received the 2010 ACM

SIGSOFT The Association for Computing Machinery's Special Interest Group on Software Engineering provides a forum for computing professionals from industry, government and academia to examine principles, practices, and new research results in software en ...

Retrospective Impact Awar

for their work on the Synthesizer Generator. GrammaTech commercialized the Wisconsin Program slicing, Program-Slicing Tool as CodeSurfer for C and C++ in 1999.

for C and C++, a

tool, has been available since 2005. GrammaTech co-founder

Reps Reps is a small town in the Lezhë County, northwestern Albania. At the 2015 local government reform it became part of the municipality Mirditë. It was the seat of the former municipality Orosh Orosh (or ) is a small village in Mirditë within ...

and two other company affiliates shared in a 2011 ACM

Retrospective Impact Awar

for their paper describing the Wisconsin slicing research. GrammaTech and the University of Wisconsin have been collaborating since 2001 to develop Program analysis (computer science), analysis,

reverse-engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...

, and anti-tamper tools for

. Byproducts of this research are CodeSurfer/x86 (a version of CodeSurfer for the

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...

x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...

instruction set), CodeSonar/x86 (a bug and vulnerability finding tool for stripped executables), and an approach to creating such systems automatically from formal semantic descriptions of arbitrary

instruction set architectures In computer science, an instruction set architecture (ISA), also called computer architecture, is an abstract model of a computer. A device that executes instructions described by that ISA, such as a central processing unit (CPU), is called an ' ...

. This research was later commercialized into

for Binaries and CodeSentry, a software composition analysis tool. In 2019, GrammaTech was acquired by Five Points Capital.

References

External links

* {{DEFAULTSORT:Grammatech Static program analysis tools Software companies based in New York (state) Software companies of the United States