GrammaTech has announced the next version of CodeSonar, which incorporates program-analysis algorithms. CodeSonar is a static-analysis tool for embedded development that performs a whole-program, interprocedural analysis on code and identifies complex programming bugs that can result in system crashes and memory corruption. Like a compiler, the static-analysis tool does a build of the code using the existing build environment, says the company. But, instead of creating object code, the tool creates an abstract model of the entire program. Next, the tool's symbolic execution engine explores program paths, reasoning about program variables and how they relate, to identify tricky bugs that result from complex interactions among procedures, according to the company.
The tool has been adopted by organisations developing medical devices, spacecraft, industrial and automotive control systems, and electronics. It runs on Windows, Linux, Solaris, and Mac OSX operating systems.
The concurrency analysis can be applied to multi-threaded software written for both single core and multi-core architectures. The tool finds data races, deadlock, and process starvation by using recent symbolic execution techniques to reason about many possible execution paths and interleavings simultaneously, claims the company.
The technology has already proven itself in beta trials, in which it detected significant concurrency defects in avionics and industrial-control applications. The technology is compatible with many compilers and operating systems, including the ones that are used in embedded and enterprise applications.
Another feature, code-level metrics, is built on the tool's existing code-analysis and reporting framework. It can track popular metrics such as cyclomatic complexity, or even define latest metrics. Warnings can be generated automatically when metrics are outside an expected range.
