Modernizing legacy military systems with top-grade static analysis

Story

October 27, 2009

Tom Schultz

Coverity

Outdated legacy code bases in warfare and defense systems create vulnerabilities to safety and prohibit the introduction of new, network-centric technology. With static analysis, these systems can be retrofitted to be high integrity, making devices more technologically competitive.

The world of warfare and defense has changed. In the past 10 years alone, the main factor in ranking the best military has changed from merely possessing the largest and most powerful fighting force to having the best possible communication between personnel and military machines on the battlefield. These military machines are no longer as hardware-centric as they were decades ago; most employ embedded software systems to perform essential functions. The Abrams M1 tank currently deployed in Iraq and Afghanistan, for example, has a computer-aided targeting system that allows precise aiming in conjunction with a thermal imaging system.

These types of embedded systems are designed to be as robust and reliable as possible since lives depend on their effectiveness. These systems are highly specialized and – once built and deployed to the field – are generally meant to be used without further retrofitting for the lifetime of the unit. Unfortunately, such a design philosophy does not take into account the increasing roles these systems are required to perform eventually, as technology progresses, and safety can become an issue.

In the same way, increasingly, networking has taken on an expanded role in military devices over the past few decades. Modernizing legacy systems to take advantage of new networking functionalities, which rely on software, has become mandatory. Today, tanks and other vehicles are now nodes in a larger interconnected system that continually shares information. Each node in the system can work with other nodes in its network (or even nodes in other networks) to solve problems that could not be handled by any one system.

Software-driven systems like Mine-Resistant Ambush Protected (MRAP) vehicles containing Communication-On-The-Move (COTM) systems depend on software architecture and must be modernized to become network-centric, for example. And modernization is a good strategy, even when optional, because doing so can reduce software maintenance costs in the long run. Once built, legacy applications should theoretically last forever, but they seldom do because routine maintenance ultimately causes the code base to deteriorate. Maintaining old code is very expensive (as high as 10 percent of the initial development budget per year) because it involves patching vulnerabilities and improving reliability. This is usually done by expensive developers possessing a rare right skill set. In contrast, new code is much cheaper. Although modernizing code has a higher price up front, it is often better to do so because regular long-term maintenance of legacy code costs more in the long run.

Legacy systems are generally modernized (but not fully replaced with new units due to cost) because many currently deployed military systems have at least another decade of planned functional lifetime left. Since safety and reliability are paramount, it is essential to modernize software to include the desired new capabilities without compromising previous quality or going over budget. Static analysis makes this task easier than it would be otherwise.

Static analysis for modernizing legacy code

Retrofitting legacy code for new functionality or to bring it up to new standards should not be done lightly. Since legacy systems are often mission critical and already deployed in the field, revisions should introduce minimal new coding defects into existing code. As a code base becomes more complicated, it becomes more difficult to isolate and eliminate defects since there are more variables that might interact with and stack on top of other defects in unforeseen ways.

While older tools use syntax and style-based testing, modern static analysis uses path simulation through dataflow analysis in conjunction with Boolean satisfiability. Path simulation works by emulating what a program will do once it has been compiled and executes each function in its code base. This allows for the added detection of resource allocation issues, pointer mismanagement, improper buffer and string usage, and tainted data handling. Boolean satisfiability translates every operation in a program into Boolean variables and uses this data to test for potential runtime problems like integer overflows. These methods generate a false-positive rate as low as 15 percent.

To the rescue, however, is static analysis, which helps developers refactor and restructure the code bases of legacy programs to bring them up to modern standards. Static analysis reveals the steps performed at the creation of a legacy project so developers can understand the current architecture and original intention of the program. This feature innovation alleviates much of the guesswork of detecting resource allocation issues, pointer mismanagement, improper buffer, string usage, and tainted data handling when trying to upgrade code. Static analysis tools, such as those offered by Coverity, are also able to display information about any defect in question and show how it adversely affects the overall program.

Defense, similar to other software dependent industries, cannot afford to allow its technology to lag behind the times. The modernization of legacy code is inevitable, but advanced static analysis provides a sure remedy.

Tom Schultz brings 30 years’ experience to his role as Director of Products at Coverity. Previously, Tom was founder and CTO of Codefast, which Coverity acquired in 2007. Tom also spent more than 10 years at Rational Software and later IBM Rational. He holds a B.S. in Biology-Geology from the University of Rochester. He can be contacted at [email protected].