CASE Curiosity’s Software Upgrades Upon landing on Mars, Curiosity under- STUDY went a four-day major update to delete the landing software, and install the Mars Curiosity Rover Searches for Signs of Life surface operations programs designed The most technologically with the Help of GrammaTech’s CodeSonar for roaming the red planet. NASA advanced rover ever built, the designed the mission to be able to Curiosity Rover is a mobile laboratory about the size of a After its eight month journey spanning 352 million miles, NASA’s Mars Curiosi- upgrade the software as needed for small SUV. ty Rover completed a spectacular landing with the help of a giant parachute, a different phases of the mission. Software Curiosity’s 17 cameras, robotic jet-controlled descent vehicle, and a bungee-like apparatus called a “sky upgrades are necessary in part because arm, and suite of specialized Curiosity’s computing power is relatively laboratory-like tools and crane.” Due to the time required for messages to travel from Mars to Earth In developing the coding guidelines, JPL instruments are controlled by low compared with what we’re used to and back, the landing procedure was completely controlled by software. To looked at the types of software related more than 2 million lines of on Earth. However, the RAD750 Power- software. boost the reliability of the software, NASA needed advanced static analysis. anomalies that had been discovered in PC microprocessor built into the rover’s missions during the last few decades and redundant flight computers was chosen came up with a short list of problems because it is virtually impervious to that seem to be common across almost high-energy cosmic rays that would every mission. This led to the idea of quickly cripple a smart phone or laptop defining a very small set of rules that computer. Additionally, the rover’s main could easily be remembered, that clearly computers have only about 4 gigabytes related to risk, and for which compliance of storage capacity, compared with 32 could mechanically be verified. The 10 gigs or so for a smartphone. rules are designed to reduce risk for New software for upcoming phases of mission critical software, and have the mission is being developed on an evolved into the JPL Institutional Coding on-going basis. Because a single error Standard for the Development of Flight could result in loss of contact with the Software. Rule ten specifies that rover and jeopardize the mission, every OTHER CUSTOMERS Developing Zero-Defect Software senior scientist at GrammaTech, who advanced static analysis tools should be IN THE AEROSPACE & DEFENSE software upgrade must work perfectly worked closely with NASA. used aggressively throughout the devel- INDUSTRY INCLUDE: Spacecraft have become increasingly the first time it runs. opment process. reliant on software to carry out mission Advanced static analysis finds serious Coding Standard for Mission AIRBUS France operations. Curiosity relies on more software errors such as buffer overruns, “I’m extremely proud of the part Gram- Critical Software maTech played in the successful landing BAE Systems software than all the previous missions to race conditions, null pointer dereferences, Mars combined. Even the fault protec- and resource leaks. It also finds subtle NASA has an excellent track record for of Curiosity,” said McDougall. “For Boeing tion systems on a spacecraft are inconsistencies such as redundant condi- producing high quality software and NASA, this was a huge engineering Booz Allen Hamilton software-based. tions, useless assignments and unreach- follows a number of best practices. As accomplishment and we’re pleased that GE Aviation able code. “Because static analysis is a part of its rigorous development process, we were able to contribute to their For the two years leading up to the compile-time process, it can find bugs the Mars Curiosity mission follows “The success.” Honeywell launch, NASA focused on developing while the software is being developed,” Power of 10: Rules for Developing Lockheed Martin mission critical, zero-defect software. Curiosity continues to make new discov- said Paul Anderson, Vice President of Safety-Critical Code,” developed at the Every single line of code was analyzed eries. Each day 100 engineers and Northrop Grumman Engineering at GrammaTech. “The tools Laboratory for Reliable Software (LaRS) at and scrubbed using advanced static researchers write commands to keep the Raytheon examine paths and consider conditions NASA’s JPL. GrammaTech worked with analysis tools, including CodeSonar® rover productive and gathering science. and program states in the abstract. By NASA to extend its CodeSonar static Sypris from GrammaTech. “NASA’s Jet Propul- With the ability to reliably upgrade doing so, they can achieve much higher analysis tool to automatically enforce the sion Laboratory used CodeSonar to check software as needed, NASA can answer coverage of code than is usually feasible Power of 10 rules, as wellas automatical- for bugs in the Curiosity software on a new questions about Mars and expand with testing alone.” ly flag generic programming defects. nightly basis,” said Michael McDougall, our understanding of the planet.

NASA CASE STUDY | 1 Curiosity’s Software Upgrades Upon landing on Mars, Curiosity under- went a four-day major update to delete the landing software, and install the Curiosity’s landing surface operations programs designed procedure was for roaming the red planet. NASA controlled entirely “For NASA, this by software. was a huge designed the mission to be able to accomplishment upgrade the software as needed for and we’re pleased different phases of the mission. Software that we were able upgrades are necessary in part because Curiosity’s computing power is relatively to contribute to In developing the coding guidelines, JPL low compared with what we’re used to their success.” looked at the types of software related on Earth. However, the RAD750 Power- anomalies that had been discovered in Michael McDougall PC microprocessor built into the rover’s missions during the last few decades and Senior Scientist, redundant flight computers was chosen “― GrammaTech came up with a short list of problems because it is virtually impervious to that seem to be common across almost high-energy cosmic rays that would ” every mission. This led to the idea of quickly cripple a smart phone or laptop defining a very small set of rules that computer. Additionally, the rover’s main could easily be remembered, that clearly computers have only about 4 gigabytes related to risk, and for which compliance of storage capacity, compared with 32 could mechanically be verified. The 10 gigs or so for a smartphone. rules are designed to reduce risk for New software for upcoming phases of mission critical software, and have the mission is being developed on an evolved into the JPL Institutional Coding on-going basis. Because a single error Standard for the Development of Flight could result in loss of contact with the Software. Rule ten specifies that rover and jeopardize the mission, every Developing Zero-Defect Software senior scientist at GrammaTech, who advanced static analysis tools should be software upgrade must work perfectly worked closely with NASA. used aggressively throughout the devel- Spacecraft have become increasingly the first time it runs. opment process. reliant on software to carry out mission Advanced static analysis finds serious Coding Standard for Mission operations. Curiosity relies on more software errors such as buffer overruns, “I’m extremely proud of the part Gram- Critical Software software than all the previous missions to race conditions, null pointer dereferences, maTech played in the successful landing Mars combined. Even the fault protec- and resource leaks. It also finds subtle NASA has an excellent track record for of Curiosity,” said McDougall. “For tion systems on a spacecraft are inconsistencies such as redundant condi- producing high quality software and NASA, this was a huge engineering software-based. tions, useless assignments and unreach- follows a number of best practices. As accomplishment and we’re pleased that able code. “Because static analysis is a part of its rigorous development process, we were able to contribute to their For the two years leading up to the compile-time process, it can find bugs the Mars Curiosity mission follows “The success.” launch, NASA focused on developing while the software is being developed,” For more information: Power of 10: Rules for Developing Curiosity continues to make new discov- mission critical, zero-defect software. www.grammatech.com said Paul Anderson, Vice President of Safety-Critical Code,” developed at the Every single line of code was analyzed Email: [email protected] eries. Each day 100 engineers and Engineering at GrammaTech. “The tools Laboratory for Reliable Software (LaRS) at and scrubbed using advanced static GrammaTech Headquarters: researchers write commands to keep the examine paths and consider conditions NASA’s JPL. GrammaTech worked with analysis tools, including CodeSonar® 531 Esty Street rover productive and gathering science. and program states in the abstract. By Ithaca, NY 14850 NASA to extend its CodeSonar static With the ability to reliably upgrade from GrammaTech. “NASA’s Jet Propul- U.S. sales: 888-695-2668 doing so, they can achieve much higher analysis tool to automatically enforce the software as needed, NASA can answer sion Laboratory used CodeSonar to check International sales: coverage of code than is usually feasible Power of 10 rules, as wellas automatical- for bugs in the Curiosity software on a +1-607-273-7340 new questions about Mars and expand with testing alone.” ly flag generic programming defects. nightly basis,” said Michael McDougall, Email: [email protected] our understanding of the planet.

© 2014 GrammaTech, Inc. All rights reserved. CodeSonar is a registered trademark of GrammaTech, Inc.