News

GrammaTech Announces New Version of CodeSonar

Posted on

by

BOSTON, MA, Embedded Systems Conference — GrammaTech, Inc., a leading manufacturer of source-code analysis tools, today announced the next version of CodeSonar. The release incorporates sophisticated new program-analysis algorithms that identify data races and other serious concurrency defects. An additional new feature is code-level metrics.

“GrammaTech’s focus continues to be on developing the deepest program-analysis algorithms to identify the most program-crashing bugs, and our new concurrency analysis is a prime example,” said Paul Anderson, GrammaTech’s vice president of Engineering. The technology has already proven itself in beta trials, in which it detected significant concurrency defects in avionics and industrial-control applications. The technology is compatible with a wide range of compilers and operating systems, including most of the ones that are used in embedded and Enterprise applications.The concurrency analysis can be applied to multi-threaded software written for both single core and multi-core architectures. CodeSonar finds data races, deadlock, and process starvation by using innovative symbolic execution techniques to reason about many possible execution paths and interleavings simultaneously. The approach is an outgrowth of research that GrammaTech conducted under a $749k contract from the Defense Advanced Research Projects Agency (DARPA).

Another new feature, code-level metrics, is built on CodeSonar’s existing code-analysis and reporting framework. It enables project managers to track popular metrics such as cyclomatic complexity, or even define new metrics. Warnings can be generated automatically when metrics are outside an expected range.

“Providing popular code metrics, like cyclomatic complexity, was easy because we have more than enough information as a result of our more sophisticated analyses,” commented Anderson. “But it should be noted that there is some disagreement within the software-development community about how to best use metrics to guide testing efforts. We believe that a form of semi-automatic analysis that uses feedback from the user layered on top of code-level metrics could provide more concrete guidance. We view this as an interesting opportunity and currently have an R&D team exploring this new idea.”

More information about CodeSonar is available on the CodeSonar product pages.

About GrammaTech:
GrammaTech’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes fourteen researchers with PhDs in programming languages and program analysis.

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now