CodeSonar
   HOME

TheInfoList



Click Here for Items Related To - CodeSonar
OR:
CodeSonar on:   [Wikipedia]   [Google]   [Amazon]

CodeSonar is a
static code analysis In computer science, static program analysis (or static analysis) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution. The term i ...
tool from
GrammaTech GrammaTech is a software-development tools vendor based in Bethesda, Maryland with a research center based in Ithaca, New York. The company was founded in 1988 as a technology spin-off of Cornell University. GrammaTech is a provider of application ...
. CodeSonar is used to find and fix bugs and
security vulnerabilities Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
in source and binary code. It performs whole-program, inter-procedural analysis with
abstract interpretation In computer science, abstract interpretation is a theory of sound approximation of the semantics of computer programs, based on monotonic functions over ordered sets, especially lattices. It can be viewed as a partial execution of a computer prog ...
on C,
C++ C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...
, C#,
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
, as well as
x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...
and
ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between the ...
binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
,
BSD The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berk ...
,
FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
,
NetBSD NetBSD is a free and open-source Unix operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is a ...
,
MacOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
and
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
hosts and embedded operating systems and compilers. CodeSonar provides information for every weakness found, including the trace through the source code that would trigger the bug as well as a call-tree visualization that represents how the weakness is related to the wider application.


Functional safety compliance

CodeSonar supports compliance with functional safety standards like
IEC 61508 IEC 61508 is an international standard published by the International Electrotechnical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled ''Functio ...
,
ISO 26262 ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles (excluding mopeds), defined by the Interna ...
, DO-178B/C, or ISO/IEC TS 17961. CodeSonar's warning classes also support several coding standard initiatives, including MITRE's CWE, JPL, Power of 10, MISRA C/C++ and
SEI CERT C The SEI CERT Coding Standards are software coding standards developed by the CERT Coordination Center to improve the safety, reliability, and security of software systems. Individual standards are offered for C, C++, Java, Android OS, and Perl. G ...
.


Applications

CodeSonar is used in the defense/aerospace, medical, industrial control, automotive, electronic, tele/datacommunications and transportation industries. Some well known use cases are FDA Center for Devices and Radiological Health uses it to detect defects in fielded medical devices. The
NHTSA The National Highway Traffic Safety Administration (NHTSA ) is an agency of the U.S. federal government, part of the Department of Transportation. It describes its mission as "Save lives, prevent injuries, reduce vehicle-related crashes" relat ...
and NASA used CodeSonar to study on
sudden unintended acceleration Sudden unintended acceleration (SUA) is the unintended, unexpected, uncontrolled acceleration of a vehicle, often accompanied by an apparent loss of braking effectiveness. Such problems may be caused by driver error (e.g., pedal misapplication), ...
in the electronic throttle control systems of Toyota vehicles


Supported programming languages, host platforms and compilers

Supported Programming Languages: C, C++, C#, Java,
Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (pro ...
, binary code analysis supports Intel
x86-32 IA-32 (short for "Intel Architecture, 32-bit", commonly called i386) is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the 80386 microprocessor in 1985. IA-32 is the first incarnation of x ...
,
amd64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
and
ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between the ...
. Supported Platforms: Microsoft Windows, Linux, FreeBSD, NetBSD, MacOS Supported Compilers:
Apple Xcode Xcode is Apple's integrated development environment (IDE) for macOS, used to develop software for macOS, iOS, iPadOS, watchOS, and tvOS. It was initially released in late 2003; the latest stable release is version 14.2, released on December 13, ...
, ARM RealView,
CodeWarrior CodeWarrior is an integrated development environment (IDE) published by NXP Semiconductors for editing, compiling, and debugging software for several microcontrollers and microprocessors (Freescale ColdFire, ColdFire+, Kinetis, Qorivva, PX, Free ...
, GNU C/C++, Green Hills Compiler, HI-TECH Compiler, IAR Compiler,
Intel C++ Compiler Intel oneAPI DPC++/C++ Compiler and Intel C++ Compiler Classic are Intel’s C, C++, SYCL, and Data Parallel C++ (DPC++) compilers for Intel processor-based systems, available for Windows, Linux, and macOS operating systems. Overview Intel o ...
,
Microsoft Visual Studio Visual Studio is an integrated development environment (IDE) from Microsoft. It is used to develop computer programs including websites, web apps, web services and mobile apps. Visual Studio uses Microsoft software development platforms such a ...
, Renesas Compiler, Sun C/C++, Texas Instruments CodeComposer, Wind River Compiler


See also

*
List of tools for static code analysis This is a list of notable tools for static program analysis (program analysis is a synonym for code analysis). Static code analysis tools Languages Ada * * * * * * * * * * * C, C++ * * * * * * * * * * * * ...


References

{{Reflist


External links


CodeSonar product page
Static program analysis tools