Automated static analysis designed for zero-tolerance defect environments.
CodeSonar is GrammaTech's flagship static analysis software, designed for zero-tolerance defect environments. CodeSonar analyzes source code and binaries, identifying programming bugs that can result in system crashes, memory corruption, leaks, data races, and security vulnerabilities.
CodeSonar addresses the most complex challenges facing embedded developers by using new analysis capabilities to eliminate the most costly and hard-to-find defects early in the application development lifecycle.
Source Code Analysis
The deepest source code analysis available.
CodeSonar's advanced static analysis engine typically catches twice as many critical defects as other static analysis tools, while maintaining user-friendly false-positive rates. CodeSonar catches those additional defects by having a single, unified dataflow analysis that models the underlying computation of the entire program.
This method of analysis enables GrammaTech to find the most complex bugs, including bugs that follow new or unusual patterns. Other static analysis tools use an approach based on multiple pattern-matching checkers, which only catches defects that happen to match the pattern of one of the checkers. GrammaTech's more general symbolic execution catches a broader range of problems and provides significantly better detection of the toughest defects.
Integrated Binary Analysis
Analyze libraries and other third-party code.
CodeSonar's integrated binary analysis extracts the semantics of the binary code and uses it to present warnings in the parts of your source code that interact with the binary. This mixed analysis mode allows you to find defects coming from third-party code while protecting against security vulnerabilities like command injections or format string attacks.
Advanced Multi-Core Checks
Eliminate complex concurrency bugs early in development.
With continually growing usage of multi-core processors and a greater dependence on multi-threaded software, the ability to detect complex concurrency defects is necessary for the safety of your code. To add to CodeSonar's robust C/C++ concurrency checks, CodeSonar delivers new Java-specific concurrency defect detection capabilities to defend against errors like race conditions, deadlocks, and livelocks
Embedded Security Analyses
Protect against powerful cyber attacks.
As networking and internet-enabled capabilities continue to proliferate within embedded systems, the attack surface of traditionally isolated applications has expanded in new and unpredictable ways. In addition to robust existing security features and support for US-CERT’s Build Security In and MITRE’S CWE, the new Visual Taint Analysis capability in CodeSonar 4 helps developers find and eliminate vulnerabilities caused by potentially dangerous information flows.
Gain a high-level understanding of your code.
CodeSonar's award-winning software visualization engine provides you with a quick way to look at code to learn how it's organized and how it works. Visualization doesn't just look at a single piece of software – it shows how the different components in a software system work together. When looking at machine code, visualization provides a unique advantage by helping developers get a quick picture of their code without digging into the semantics of the machine code.
Compliance with Coding Standards
CodeSonar simplifies your certification process.
The increasing regulation of embedded software in the form of industry-specific standards for code quality/security continues to gain international momentum. CodeSonar delivers checkers for MISRA C 2012, and other standards. CodeSonar has also been independently certified for use in development of safety-critical software up to the highest safety integrity levels for ISO 26262, EN 50128, IEC 61508.
Sample CodeSonar Defect Checks: