Source Code Analysis with CodeSonar
CodeSonar employs a unified dataflow and symbolic execution analysis that examines the computation of the complete application. By not relying on pattern matching or similar approximations, CodeSonar's source code analysis engine is extraordinarily deep, finding 3-5 times more defects on average than other static analysis tools.
Unlike many software development tools, such as testing tools, compilers, configuration management, etc., SAST tools can be integrated into a team's development process at any time with ease. SAST technologies like CodeSonar simply attach to your existing build environments to add analysis information to your verification process.
How does static analysis work?
Like a compiler, CodeSonar does a build of your code using your existing build environment, but instead of creating object code, CodeSonar creates an abstract model of your entire program. From the derived model, CodeSonar’s symbolic execution engine explores program paths, reasoning about program variables and how they relate. Advanced theorem-proving technology prunes infeasible program paths from the exploration.
Checkers perform analyses on the code to find common defects, violations of policies, etc. Checkers operate by traversing or querying the model, looking for particular properties or patterns that indicate defects. Sophisticated symbolic execution techniques explore paths through a control-flow graph, the data structure representing paths that might be traversed by a program during its execution. When the path exploration notices an anomaly, a warning is generated.
An astronomical number of combinations of circumstances must be modeled and explored, so CodeSonar employs a variety of strategies to ensure scalability. For example, procedure summaries are refined and compacted during the analysis, and paths are explored in an order that minimizes paging.
Customize Your Analysis
New custom checks can be created easily with the included C API. Many built-in checks can be configured according to local requirements. You can also use the API to define custom metrics.
Eradicate defects that impact security, quality, and reliability of your software.
- Data Races
- Thread Starvation
- Buffer Overruns
- Null Pointer Dereferences
- Divides By Zero
- Uses After Free
- Frees of Non-Heap Variables
- Uninitialized Variables
- Returns of Pointers to Local
- Returns of Pointers to Free
- Frees of Null Pointers
- Unreachable Code
- Try-locks that Cannot Succeed
- Misuse of Memory Allocation
- Misuse of Memory Copying
- Misuse of Libraries
- Command Injection
- User-Defined Bug Classes
Detecting Domain-Specific Coding Errors
with GrammaTech Static Analysis
An often under-appreciated aspect of advanced static analysis tools is that they are extensible. They can be configured or programmed to find violations of domain-specific rules, in addition to programming defects such as buffer overruns or closing the same file descriptor twice. Programmers can, with fairly little programming effort, dramatically increase the value they get from static analysis.
This paper describes how custom domain-specific checkers can be used to improve software quality in complex embedded systems using GrammaTech's CodeSonar.