Automated static analysis designed for zero-tolerance defect environments.
CodeSonar, GrammaTech's flagship product, identifies programming bugs that can result in system crashes, memory corruption, and other serious problems.
- Run the Deepest Source Code Analysis.
CodeSonar is the result of years of continuous research and development. It finds more serious defects than any other source code analysis tool.
- Increase Confidence and Reduce Risk.
CodeSonar's advanced static analysis of code is designed to find a wide range of defects, including new and unusual defects.
- Try it For Free.
Get a fully-functional evaluation copy and try CodeSonar on your own code.
CodeSonar's powerful static analysis engine works out-of-the-box, requiring no changes to your existing build system or code. It performs whole-program analysis on codebases over 10 million lines of code.
CodeSonar also includes workflow automation features, like an API for custom integrations and support for extensions that add custom checks.
Source Code Analysis
CodeSonar's source code analysis engine identifies problems that developers care about finding, like data races, deadlock, buffer overruns, leaks, null-pointer dereferences, and uninitialized variables.
Binary Code Analysis
CodeSonar's binary analysis finds vulnerabilities and defects in machine code (both whole executables and libraries), so you can perform a security analysis even if source code is unavailable.
How We Are Different
The inspiration for GrammaTech's static analysis tool came when there were static analysis systems for improving software quality, but not for matching the demands of zero-tolerance development organizations. In industries like avionics and medical devices, the demands were much higher than the available static-analysis tools could meet. Out of that uncompromising environment came GrammaTech's static analysis engine.
CodeSonar typically catches twice as many critical defects as other static analysis tools, while maintaining reasonable false-positive rates. CodeSonar catches those additional defects by having a single, unified dataflow analysis that models the underlying computation of the entire program. This analysis enables GrammaTech to find the most complex bugs, including bugs that follow new or unusual patterns. In contrast, traditional static analysis of code has used an approach that is based on multiple pattern-matching checkers. As a result, traditional static analysis only catches defects that happen to match the pattern of one of the checkers, while GrammaTech's more general symbolic execution catches a broad range of problems.
In short, we offer: