Important information

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies.

ARM websites use two types of cookie: (1) those that enable the site to function and perform as required; and (2) analytical cookies which anonymously track visitors only while using the site. If you are not happy with this use of these cookies please review our Privacy Policy to learn how they can be disabled. By disabling cookies some features of the site will not work.

CodeSonar by GrammaTech

Software Validation and Verification

Product Description

CodeSonar™ performs a deep static analysis on C/C++ code and identifies a variety of serious bugs. These include null-pointer dereferences, divides-by-zero, and buffer overruns. CodeSonar does a whole-program interprocedural analysis, taking into account effects arising from the interaction of different functions in different files. It is able to detect hard-to-find bugs that can take weeks to identify with traditional testing.

Like a compiler, CodeSonar does a build of your code, but instead of creating object code it creates an abstract representation of the program. After the individual files are built, a synthesis phase combines the results into a whole-program model. The model is symbolically executed and the analysis keeps track of variables and how they are related. Warnings are generated when anomalies are encountered. CodeSonar does not need test cases.

CodeSonar creates a report in easy-to-navigate HTML format. The path to the flaw, along with the conditions that must hold, are shown to help the user understand the seriousness of the flaw and its implications. Program-understanding features are provided to help the user navigate complex and unfamiliar code. HTML descriptions make it easy to share results with colleagues.

All static-analysis tools generate some false positives, but CodeSonar has a very low false-positive rate. In addition, false positives can be suppressed so they do not show up in subsequent analysis runs. It is also possible to configure CodeSonar so it only displays new results. This differential analysis pinpoints recently-introduced bugs.

The set of checks can be extended easily by the end user. Just write some C code using the simple API, and CodeSonar will automatically include it in the analysis. The API supports the definition of a wide range of custom checks.

CodeSonar works with existing build systems.

CodeSonar

Market Segment(s)

  • Embedded
  • Enterprise
  • Mobile

Target Platform(s)

  • Linux
  • Nucleus
  • Other OS
  • Palm OS
  • QNX
  • Symbian
  • VxWorks

ARM Processor(s)

  • Cortex-A53
  • Cortex-A57
  • ARMv8
 
» 

Quick Links

  Partner News
  IQ Online
  ARM Powered Products
  Keil Device Database
» 

Partners

collapseSearch Options
*Partner Content Submission
expandWhy Join ARM CC?


ARM Connected