SAN JOSE, CA, Embedded Systems Conference–April 27, 2010–GrammaTech, Inc., a leading manufacturer of source-code analysis tools, today announced the next version of CodeSonar. The release includes a radically improved graphical user interface to streamline developer interaction and boost productivity.
Critical industries need better software assurance, but growth in program complexity has made creating defect-free software more challenging than ever. Traditional approaches to testing can no longer provide adequate path coverage. CodeSonar’s program path analysis identifies major issues at compile time so they don’t crash an application in the field.
Over the last few years, many new static checkers have been added to CodeSonar that target emerging threats to reliability. Some of the new checkers find serious software quality problems. Others enforce safety-critical coding practices. Still others look for major security vulnerabilities.
Paul Anderson, GrammaTech’s vice president of Engineering, commented, “GrammaTech has always focused on providing high-value information, such as highlighting program-crashing defects and serious security vulnerabilities. A big strength of CodeSonar is that it identifies far more of these critical issues than competing static-analysis tools. With the interface redesign, we wanted to ensure that CodeSonar would still present all the information, but do it a way that would minimize the amount of time and effort a developer spends on reviewing results. We tasked an engineering team, headed by one of our user-interface experts, to develop a new approach to displaying results. After a lot of research and work, we came up with a fresh design that will enable developers to quickly digest key information, understand and identify the most important issues, and prioritize their fixes.”
CodeSonar is a sophisticated static-analysis tool that performs a whole-program, interprocedural analysis on code and identifies complex programming bugs that can result in system crashes, memory corruption and other serious problems. Like a compiler, CodeSonar does a build of code using the existing build environment. But, instead of creating object code, CodeSonar creates an abstract model of the program, capturing its syntax, call graphs, and control-flow graphs. Then a synthesis phase, analogous to linking, generates a program model, which is executed symbolically by CodeSonar’s analysis engine. Automated reasoning about feasible paths, program variables and how they relate, is used to identify tricky bugs that result from complex interactions among procedures.
CodeSonar is backed by years of research and is the most powerful source code analysis tool available for embedded development. It is distinguished by its ability to find more serious defects than any other tool on the market. For this reason, it has been adopted by leading organizations developing medical devices, spacecraft, industrial and automotive control systems, electronics, and similar applications. CodeSonar runs on Windows, Linux, Solaris, and Mac OSX operating systems and supports most compilers.
Price and Availability
CodeSonar 3.6 will have the same pricing as CodeSonar 3.5, which is available today starting at $18,000 USD for small projects. Licenses for larger projects are based on the size of the project. Interested parties can request a free trial of CodeSonar. CodeSonar 3.6 will ship in Q3 2010.
GrammaTech’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes twelve PhD-level experts in programming languages and program analysis. The company has headquarters in Ithaca, NY. More information about GrammaTech can be found at www.grammatech.com.