CodeSonar Overview

CodeSonar® Static Analysis Tool

Automated static analysis designed for zero-tolerance defect environments.

CodeSonar, GrammaTech's flagship static analysis software, identifies programming bugs that can result in system crashes, memory corruption, leaks, data races, and security vulnerabilities.

By analyzing both source code and binaries, CodeSonar empowers developers to eliminate the most costly and hard-to-find defects early in the application development lifecycle.

Why CodeSonar?

  • Run the Deepest Source Code Analysis.
    CodeSonar is the result of years of continuous research and development. It finds more serious defects than any other source code analysis tool.
  • Increase Confidence and Reduce Risk.
    CodeSonar's advanced static analysis of code is designed to find a wide range of defects, including new and unusual defects.
  • Try it For Free.
    Get a fully-functional evaluation copy and try CodeSonar on your own code.

CodeSonar's powerful static analysis engine works out-of-the-box, requiring no changes to your existing build system or code. It performs whole-program analysis on codebases over 10 million lines of code.

CodeSonar also includes workflow automation features, like an API for custom integrations and support for extensions that add custom checks.

  • Source Code Analysis

    The deepest source code analysis available.

    CodeSonar's advanced static analysis engine typically catches twice as many critical defects as other static analysis tools, while maintaining user-friendly false-positive rates. CodeSonar catches those additional defects by having a single, unified dataflow analysis that models the underlying computation of the entire program.

    This method of analysis enables GrammaTech to find the most complex bugs, including bugs that follow new or unusual patterns. Other static analysis tools use an approach based on multiple pattern-matching checkers, which only catches defects that happen to match the pattern of one of the checkers. GrammaTech's more general symbolic execution catches a broader range of problems and provides significantly better detection of the toughest defects.

    » Learn more about static analysis in CodeSonar

  • Integrated Binary Analysis

    Analyze libraries and other third-party code.

    CodeSonar's integrated binary analysis extracts the semantics of the binary code and uses it to present warnings in the parts of your source code that interact with the binary. This mixed analysis mode allows you to find defects coming from third-party code while protecting against security vulnerabilities like command injections or format string attacks.

    » Learn more about analyzing binaries with CodeSonar

  • Advanced Multi-Core Checks

    Eliminate complex concurrency bugs early in development.

    With continually growing usage of multi-core processors and a greater dependence on multi-threaded software, the ability to detect complex concurrency defects is necessary for the safety of your code. To add to CodeSonar's robust C/C++ concurrency checks, CodeSonar delivers new Java-specific concurrency defect detection capabilities to defend against errors like race conditions, deadlocks, and livelocks

    » Learn more about CodeSonar's advanced concurrency checkers

  • Embedded Security Analyses

    Protect against powerful cyber attacks.

    As networking and internet-enabled capabilities continue to proliferate within embedded systems, the attack surface of traditionally isolated applications has expanded in new and unpredictable ways. In addition to robust existing security features and support for US-CERT’s Build Security In and MITRE’S CWE, the new Visual Taint Analysis capability in CodeSonar 4 helps developers find and eliminate vulnerabilities caused by potentially dangerous information flows.

    » Learn more about Visual Taint Analysis

  • Software Visualization

    Gain a high-level understanding of your code.

    CodeSonar's award-winning software visualization engine provides you with a quick way to look at code to learn how it's organized and how it works. Visualization doesn't just look at a single piece of software – it shows how the different components in a software system work together. When looking at machine code, visualization provides a unique advantage by helping developers get a quick picture of their code without digging into the semantics of the machine code.

    » Learn more about code visualization in CodeSonar

  • Compliance with Coding Standards

    CodeSonar simplifies your certification process.

    The increasing regulation of embedded software in the form of industry-specific standards for code quality/security continues to gain international momentum. CodeSonar delivers checkers for MISRA C 2012, and other standards. CodeSonar has also been independently certified for use in development of safety-critical software up to the highest safety integrity levels for ISO 26262, EN 50128, IEC 61508.

    » Learn more about code compliance

Sample CodeSonar Defect Checks:

  • Data Races
  • Deadlocks
  • Thread Starvation
  • Buffer Overruns
  • Leaks
  • Null Pointer Dereferences
  • Divides By Zero
  • Uses After Free
  • Frees of Non-Heap Variable
  • Uninitialized Variables
  • Returns of Pointers to Local
  • Returns of Pointers to Free
  • Frees of Null Pointers
  • Unreachable Code
  • Try-locks that Cannot Succeed
  • Misuse of Memory Allocation
  • Misuse of Memory Copying
  • Misuse of Libraries
  • Command Injection
  • User-Defined Bug Classes