CodeSonar


CodeSonar is a static code analysis tool from GrammaTech. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.
CodeSonar provides information for every weakness found, including the trace through the source code that would trigger the bug as well as a call-tree visualization that represents how the weakness is related to the wider application.

Functional safety compliance

CodeSonar supports compliance with functional safety standards like IEC 61508, ISO 26262, DO-178B/C, or ISO/IEC TS 17961. CodeSonar's warning classes also support several coding standard initiatives, including MITRE's CWE, JPL, Power of 10, MISRA C/C++ and SEI CERT C.

Applications

CodeSonar is used in the defense/aerospace, medical, industrial control, automotive, electronic, tele/datacommunications and transportation industries. Some well known use cases are FDA Center for Devices and Radiological Health uses it to detect defects in fielded medical devices. The NHTSA and NASA used CodeSonar to study on sudden unintended acceleration in the electronic throttle control systems of Toyota vehicles

Supported programming languages, host platforms and compilers

Supported Programming Languages:
Supported Platforms:
Supported Compilers: