Product Datasheet Codesonar

Product Datasheet Codesonar

CODESONAR PRODUCT DATASHEET Static Analysis and Static Application Security Testing “CodeSonar does a better job of CodeSonar empowers teams to quickly analyze and validate the code – source and/or binary – finding the more serious problems, identifying serious vulnerabilities or bugs that cause system failures, poor reliability, system which are often buried deep in the breaches, or unsafe conditions. code and sometimes hidden by unusual programming constructs that CodeSonar finds more significant defects than other tools, through our innovations in are hard for other static-analysis tools concurrency analysis, tainted dataflow analysis, and comprehensive checkers. to parse.” – GE Aviation Enjoy the Benefits of the Deepest Static Analysis “We were impressed by the depth of Employ Sophisticated Algorithms Analyze Millions of Lines of Code CodeSonar’s analysis.” CodeSonar performs a unified dataflow and CodeSonar can perform a whole-program – Vivante symbolic execution analysis that examines the analysis on 10M+ lines of code. Once an initial computation of the entire program. The baseline analysis has been performed, approach does not rely on pattern matching or CodeSonar’s incremental analysis capability similar approximations. CodeSonar’s deeper makes it fast to analyze daily changes to your “The automated analysis provides a analysis naturally finds defects with new or codebase. The anlaysis can run in parallel to take huge amount of leverage in a unusual patterns. best advantage of multi-core environments. cost-effective way.” – Boston Scientific Comply with Coding Standards Analyze Third-Party Code CodeSonar supports compliance with standards CodeSonar’s Integrated Binary Analysis finds like MISRA C:2012, IS0-26262, DO-178B, security vulnerabilities from libraries or other US-CERT’s Build Security In, and MITRE’S CWE. third-party code without access to source code. “We tried the leading static-analysis tools. CodeSonar performed the deepest analysis and provided the most useful information.” Improve Your Efficiency – Adaptive Digital Systems Collaborate with Teams Software Architecture Visualization Automation features enable large teams to work Visualizing your code makes it easy to uncover together in a coordinated way. For example, it’s and understand relationships between different “Especially good at inter-procedural easy to manage warnings across different project elements in the code. Visual Taint Analysis allows versions or development branches. A Python API you to quickly spot the source of potentially analysis. It can be slow on large code supports customization & integration with other dangerous information flows. bases, but is quite thorough and tools. accurate. Highly recommended.” Reduce the Cost of Development – Gerard Holzmann View Quality Trends Identifying and eliminating defects throughout SPIN Model Checker Creator Graphs display data to help you manage the development cycle will help you ship on-time development and testing efforts. without business risks and liabilities. “In the last six years, we assessed and used several static-analysis tools. We Customize Your Analysis assessed CodeSonar and we decided Custom Checks Custom Metrics to purchase it because it gives New checks can be created easily with the Out of the box, CodeSonar can compute N valuable results easily and quickly.” included C API. Many built-in checks can be different code metrics. You can also use the API – Électricité de France configured according to local requirements. to define custom metrics. CODESONAR® System Requirements Supported languages Code Analysis for Zero-Tolerance Defect Environments C C++ Java Binaries Supported platforms Windows Linux Solaris Machine requirements See quality trends by comparing analysis runs. Find 2 GHz CPU out what types of defects are being introduced. 2 GB of RAM* 15+ GB of free disk space Supported compilers Apple xcode ARM RealView CodeWarrior GCC G++ Green Hills HI-TECH Understand your code with GrammaTech’s IAR See the path to each flaw and how it can occur. award-winning software architecture visualization. Intel C/C++ MS Visual Studio Renesas Some of the Checks Technical Highlights Sun C/C++ Texas Instruments Security Vulnerabilities Reliability Issues Symbolic execution engine CodeComposer Buffer Overrun Data Race Scalable Wind River Uninitialized Variable Deadlock Incremental analysis capability Most other compilers easily Free Non-Heap Variable Null-Pointer Dereference Browser-based user interface supported Use After Free Division by Zero Management reports Double Free/Close Double Close Extensible analysis engine Output formats Format String Vulnerability Dangerous Function Cast Integrates with other tools HTML Return Pointer to Local Resource Leak Easy setup requires no changes XML to build environment Text (plain text and CSV) *Requirements to run in serial mode. Free Trial Parallel mode requires 512MB plus 512MB (and one core) per process. GrammaTech provides a cost-free means to evaluate CodeSonar on your own code so you can compare the results with those reported by other vendors. Request an evaluation copy at http://www.grammatech.com/free-trial About GrammaTech GrammaTech’s tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally spun out of Cornell’s computer science labs, FOR MORE INFORMATION GrammaTech is now both a leading research center for software security and a commercial vendor of www.grammatech.com software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis U.S. SALES 888-695-2668 tools that analyze source code as well as binary executables, GrammaTech continues to advance the INTERNATIONAL SALES +1-607-273-7340 EMAIL [email protected] science of superior software analysis, providing technology for developers to produce safer software. CodeSonar is a registered trademark of GrammaTech, Inc..

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    2 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us