How Static Analysis Works

By using the existing build environment CodeSonar does a build of your code and creates an abstract model of your entire program. In the next step CodeSonar´s symbolic execution engine explores program paths, reasoning about program variables and how they relate. During this process infeasible program paths are pruned from the exploration by theorem-proving technology.

Click to enlarge To find defects and violations of policies, checkers perform an analysis on the code. They operate by querying or traversing the model, looking for particular properties or patterns that indicate defects. Sophisticated symbolic execution techniques explore paths through a control-flow graph. The data structure representing paths that might be traversed by a program during its execution. A warning is generated, if the path exploration notices an anomaly.

To model and explore the astronomical number of combinations of circumstances, CodeSonar employs a variety of strategies to ensure scalability. For example, procedures summaries are refined and compacted during the analysis, and paths are explored in an order that minimizes paging.

Scalable and sophisticated Analysis

CodeSonar performs a whole-program analysis on 10M+ lines of code, which run in parallel to take advantages of multi-core environments. More over the incremental analysis makes the tool fast to analyze daily changes to a codebase.

The unified dataflow and symbolic execution analysis of CodeSonar examines the computation of entire program, and doesn´t rely solely on pattern matching or similar approximations. The more general analysis finds defects with new or unusual patterns, too.

Workflow Automation Features

CodeSonar includes automation features that enable large teams to work together in a coordinated way. The tool makes it easy to manage warnings across different development branches or project versions. Moreover an API enables the customization and integration with other tools.

Customization Capabilities

The architecture of CodeSonar is flexible and open. Results that the tool generates can be exported as well as results generated by other tools can be imported. With the provided API it is possible to add custom checkers to the provided checkers. You can also augment the set of code metrics calculated with custom metrics.