logo
GrammaTech Static Code Analysis

CodeSonar®
CodeSonar 4 for Embedded Systems

Finding defects early in the application development lifecycle prevents costs and consequential errors. CodeSonar addresses this most complex challenge facing embedded developers.

CodeSonar 4 Embedded GrammaTech Mars Curiosity Rover CodeSonar 4 Embedded GrammaTech FDA Reliable Analysis CodeSonar 4 Embedded GrammaTech Ensure Reliability

Deepest source code analysis best

Compared with other static analysis tools, CodeSonar´s static analysis engine typically finds twice as many critical defects, while maintaining user-friendly false-positive rates. These additional bugs are found by a single, unified dataflow analysis that analyzes the underlying computation of the entire program.

Dank einer Datenfluss-Analyse der gesamten Software findet CodeSonar eine Vielzahl zusätzlicher Fehler. Mit dieser Analysemethode findet CodeSecure auch komplexe Bugs, die neue oder ungewöhnliche Fehlermuster haben.

Other static analysis tools are based on multiple pattern-matching checkers, which only catch defects that happen to match the pattern of one of the checkers. The more general symbolic execution of CodeSecure identifies a broader range of problems and provides much better detection of the most grievous defects, including bugs which follow unusual or new patterns.

Integrated Binary Analysis:
Review of libraries and other third-party code

The integrated binary analysis of CodeSonar extracts the semantics of the binary code. They are used to present warnings in the parts of the source code that interact with the binary. The identification of defects in the third-party code can protect all of your code against security vulnerabilities such as format string attacks and command injections. > learn more

Expanded Multi-Core Checks:
Remove complex bugs as early as possible

The ability to detect complex concurrency defects is increasingly important because there is a growing dependence on multi-threaded software and usage of multi-core processors. In addition to CodeSonar´s robust C/C++ concurrency checks, the Java-specific defect detection from ThreadSafe defends your code against errors like race conditions, deadlocks, and livelocks, ensuring the safety of your code. > learn more

Integrated Security Analysis:
Safeguard against dangerous cyber attacks

The attack surface of traditionally isolated applications has expanded in new and unpredictable ways. Responsible for this development are the networking and internet-enabled capabilities which contine to proliferate within embedded systems. The embedded security analysis complements the security features of CodeSonar and support US-CERT´s Build Security In and MITRE´s CWE. An additional, the Visual Taint Analysis capability enhances the detection and elimination of vulnerabilities caused by potentially dangerous information flows. > learn more

Compliance with Coding Standards:
Simplification of your certification process

Industry-specific standards for code quality and security drive the regulation of embedded software. To pursue and achieve relevant certifications CodeSonar has in addition to existing DO-178 analysis capabilities checkers for MISRA C 2012. > learn more
Free Trial Video News Press Customers Testimonials
CodeSonar Logo GrammaTech Static Code Analysis Screenshot 03 GrammaTech CodeSonar Screenshot 01 CodeSonar®main page
CodeSonar 4 for Embedded Systems
[PDF]CodeSonar for C/C++ (PDF, 1.5 MB)
[PDF]CodeSonar for Java (PDF, 1.1 MB)
Development Testing
Defect Detection
Concurrency Checks
Security Checks
Software metrics
Automate the Verification of Your Code
CodeSonar for Java

Compliant to standards
    DO-178
    ISO 26262
    FDA-standards
    MISRA
    CWE- and BSI-regulations
    "Power of Ten" and JPL-regulations
    IEC 62443
How Static Code Analysis works
Workflow-Features
Binary-Analysis
Visual-Taint-Analysis
Whitepapers
References
University program
Case studies
[PDF] Slide-presentation