CodeSonar Overview

CodeSonar® Static Analysis Tool

Automated static analysis designed for zero-tolerance defect environments.

CodeSonar, GrammaTech's flagship product, identifies programming bugs that can result in system crashes, memory corruption, and other serious problems.

Why CodeSonar?

  • Run the Deepest Source Code Analysis.
    CodeSonar is the result of years of continuous research and development. It finds more serious defects than any other source code analysis tool.
  • Increase Confidence and Reduce Risk.
    CodeSonar's advanced static analysis of code is designed to find a wide range of defects, including new and unusual defects.
  • Try it For Free.
    Get a fully-functional evaluation copy and try CodeSonar on your own code.

CodeSonar's powerful static analysis engine works out-of-the-box, requiring no changes to your existing build system or code. It performs whole-program analysis on codebases over 10 million lines of code.

CodeSonar also includes workflow automation features, like an API for custom integrations and support for extensions that add custom checks.

Source Code Analysis

CodeSonar's source code analysis engine identifies problems that developers care about finding, like data races, deadlock, buffer overruns, leaks, null-pointer dereferences, and uninitialized variables.

Technical Highlights:

  • Symbolic execution engine
  • Highly scalable
  • Incremental analysis capability
  • Browser-based user interface
  • Management reports
  • Extensible analysis engine
  • Integration with other tools
  • Easy setup requires no changes to build environment
Find out more

Binary Code Analysis

CodeSonar's binary analysis finds vulnerabilities and defects in machine code (both whole executables and libraries), so you can perform a security analysis even if source code is unavailable.

Technical Highlights:

  • Analyzes third-party code
  • Works without debug info or the symbol table
  • Is highly scalable and easily extensible
  • Provides a comprehensive API
  • Supports a team of users
  • Provides high-level reports
  • Integrates with other tools
  • Provides navigation features
Find out more

How We Are Different

The inspiration for GrammaTech's static analysis tool came when there were static analysis systems for improving software quality, but not for matching the demands of zero-tolerance development organizations. In industries like avionics and medical devices, the demands were much higher than the available static-analysis tools could meet. Out of that uncompromising environment came GrammaTech's static analysis engine.

CodeSonar typically catches twice as many critical defects as other static analysis tools, while maintaining reasonable false-positive rates. CodeSonar catches those additional defects by having a single, unified dataflow analysis that models the underlying computation of the entire program. This analysis enables GrammaTech to find the most complex bugs, including bugs that follow new or unusual patterns. In contrast, traditional static analysis of code has used an approach that is based on multiple pattern-matching checkers. As a result, traditional static analysis only catches defects that happen to match the pattern of one of the checkers, while GrammaTech's more general symbolic execution catches a broad range of problems.

In short, we offer:

  • Unified dataflow and symbolic execution analysis that examines the computation of the program.
  • An approach that does not rely on pattern matching or similar approximations.
  • A more general analysis that naturally finds defects with new or unusual patterns.
  • Significantly better detection of the toughest defects (e.g., race conditions).
Free Trial of CodeSonar

Watch a 4-minute
demo of Codesonar:

CodeSonar Demo