Detecting Runtime Errors in NASA Core Flight Systems Code with TrustInSoft Analyzer
May 9, 2025
Runtime Errors in NASA's mission-critical systems present a significant risk to mission success and software reliability.
TrustInSoft Analyzer provides a powerful solution for detecting and preventing these critical software errors through formal verification and helps immunize them against potential attacks.
This blog post details how TrustInSoft Analyzer identified multiple instances of runtime errors (invalid memory access, signed integer overflow) in NASA’s Core Flight System code published on GitHub, highlighting the tool's capabilities and the importance of proactive code analysis.
NASA’s Core Flight Systems is a flight software framework used across multiple space missions: LRO - Lunar Reconnaissance Orbiter (map the lunar surface - 2009), Lucy Mission (Jupiter’s Trojan asteroids tour - 2021), James Webb Space Telescope (2021), Landsat 9 (Earth observation satellite - 2021) DART (Double Asteroid Redirection test – 2022), NISAR (NASA-ISRO Synthetic Aperture Radar – 2024).
Introduction
NASA’s mission-critical systems demand the highest levels of software reliability and safety. Even seemingly minor coding errors can lead to significant consequences, potentially jeopardizing mission success. Runtime errors, a class of software defects that can cause unpredictable and erroneous program execution, pose a serious threat. TrustInSoft Analyzer offers a robust solution for identifying and eliminating these risks. Recently, TrustInSoft Analyzer detected four instances of runtime errors in NASA’s Core Flight Systems code available on GitHub. This blog post will explore these findings, explaining how TrustInSoft Analyzer works and why detecting such errors is crucial.
The Importance of Software Reliability In NASA Missions
Software plays a pivotal role in nearly every aspect of NASA’s operations, from controlling spacecraft and analyzing scientific data to managing ground-based systems. NASA emphasizes software assurance due to the potential for software problems to cause failures, incidents, and anomalies on projects. When software fails, the results can be catastrophic, leading to mission failure, loss of valuable scientific data, and even loss of life. Therefore, ensuring the reliability and safety of software is paramount.
What Are Runtime errors?
Runtime errors are problems that occur while a computer program is running, rather than when it is being written.They can cause the program to suddenly crash with a surprising message, or sometimes just make it do the wrong thing without you even realizing. These errors often happen because the program encounters a situation it wasn't prepared for, like trying to divide by zero, open a file that isn't there, or running out of computer memory. Because they depend on what you're doing with the program or the environment it's running in, they can be tricky to find and fix. To solve them, you usually have to carefully look at what the program was doing right before it went wrong to figure out why it happened and then add better ways for the program to handle those situations.
These types of errors can be extremely difficult, often impossible, to detect through traditional testing methods because they may only manifest under specific conditions or on certain hardware platforms. They’re consequently increasing significantly the development risk in any project. This makes formal verification tools like TrustInSoft Analyzer essential for ensuring code quality and reliability.
Detecting Runtime Errors with TrustInSoft Analyzer
A large part of runtime errors, including buffer overflow, array overflow, invalid pointer handling, invalid arithmetic handling, fall into the category of undefined behaviors. TrustInSoft Analyzer uses formal verification techniques to mathematically prove the absence of undefined behavior in C and C++ code. Unlike traditional static analysis tools that rely on pattern matching and heuristics, TrustInSoft Analyzer performs a complete and exhaustive analysis of all possible execution paths. This ensures that no potential error is overlooked, providing a higher level of assurance.
Examples Of Runtime Errors in NASA Code
TrustInSoft Analyzer recently identified three instances of undefined behavior (2 of those being the same undefined behavior) in NASA’s Core Flight Systems code published on GitHub.
Link to uninitialized data usage UB: https://github.com/nasa/cFE/issues/2581
Link to invalid memory access: https://github.com/nasa/cFE/issues/2583
The importance of these findings is that these undefined behaviors, if left undetected, could potentially lead to critical failures in NASA’s mission-critical systems. By identifying these errors early in the development process, TrustInSoft Analyzer helps prevent costly and potentially catastrophic consequences.
Mitigation Strategies and Best Practices
Mitigating the risks associated with runtime errors requires a multi-faceted approach that includes:
- Code Reviews: Thoroughly reviewing code to identify potential sources of runtime errors.
- Code Analysis: Using code analysis tools to automatically detect potential errors.
- Formal Verification: Employing formal verification techniques to mathematically prove the absence of undefined behavior.
- Testing: Performing extensive testing to verify that the code behaves as expected under various conditions.
NASA's Software Assurance Technology Center (SATC) actively works to improve the safety, reliability, and quality of NASA's software. Organizations can adapt and apply these practices to their own software development processes to reduce the risk of runtime errors.
TrustInSoft’s Role
TrustInSoft provides formal verification tools and services that help organizations like NASA mitigate the risks associated with undefined behavior and other software defects. TrustInSoft Analyzer mathematically guarantees the absence of memory vulnerabilities and runtime errors, ensuring that software is safer, more reliable, and more secure. By integrating TrustInSoft Analyzer into their development workflows, organizations can proactively identify and eliminate potential sources of runtime errors, reducing the risk of costly and potentially catastrophic failures.
Conclusion
Runtime errors pose a significant threat to the reliability and safety of NASA’s mission-critical systems. TrustInSoft Analyzer offers a powerful solution for detecting and preventing these errors through formal verification. By identifying 4 instances of undefined behavior in NASA code, TrustInSoft Analyzer demonstrated its advanced runtime error detection capabilities and the importance of proactive code analysis. Investing in software assurance tools and practices is essential for ensuring the success of critical missions and the safety and security of those involved. Request a demo of TrustInSoft Analyzer.