CodeSonar Example of Data Race Warning |
GrammaTech, Inc., a leading manufacturer of source-code analysis tools, today announced the next version of CodeSonar. The release incorporates sophisticated new program-analysis algorithms that identify data races and other serious concurrency defects. An additional new feature is code-level metrics.
The concurrency analysis can be applied to multi-threaded software written for both single core and multi-core architectures. CodeSonar finds data races, deadlock, and process starvation by using innovative symbolic execution techniques to reason about many possible execution paths and interleavings simultaneously. The approach is an outgrowth of research that GrammaTech conducted under a $749k contract from the Defense Advanced Research Projects Agency (DARPA).
“GrammaTech’s focus continues to be on developing the deepest program-analysis algorithms to identify the most program-crashing bugs, and our new concurrency analysis is a prime example,” said Paul Anderson, GrammaTech’s vice president of Engineering. The technology has already proven itself in beta trials, in which it detected significant concurrency defects in avionics and industrial-control applications. The technology is compatible with a wide range of compilers and operating systems, including most of the ones that are used in embedded and Enterprise applications.
Another new feature, code-level metrics, is built on CodeSonar’s existing code-analysis and reporting framework. It enables project managers to track popular metrics such as cyclomatic complexity, or even define new metrics. Warnings can be generated automatically when metrics are outside an expected range.
“Providing popular code metrics, like cyclomatic complexity, was easy because we have more than enough information as a result of our more sophisticated analyses,” commented Anderson. “But it should be noted that there is some disagreement within the software-development community about how to best use metrics to guide testing efforts. We believe that a form of semi-automatic analysis that uses feedback from the user layered on top of code-level metrics could provide more concrete guidance. We view this as an interesting opportunity and currently have an R&D team exploring this new idea.”
About CodeSonar
CodeSonar is a sophisticated static-analysis tool that performs a whole-program, interprocedural analysis on code and identifies complex programming bugs that can result in system crashes, memory corruption and other serious problems. Like a compiler, CodeSonar does a build of the code using the existing build environment. But, instead of creating object code, CodeSonar creates an abstract model of the entire program. Next, CodeSonar’s symbolic execution engine explores program paths, reasoning about program variables and how they relate, to identify tricky bugs that result from complex interactions among procedures.
CodeSonar is backed by years of research and is the most powerful source code analysis tool available for embedded development. It is distinguished by its ability to find more serious defects than any other tool on the market. For this reason, it has been adopted by leading organizations developing medical devices, spacecraft, industrial and automotive control systems, electronics and similar applications. CodeSonar runs on Windows, Linux, Solaris, and Mac OSX operating systems and supports most compilers.
About GrammaTech
GrammaTech’s customers create software for avionics, medical, industrial control, and other mission-critical applications. Since its inception as a spin-off of Cornell University, GrammaTech has focused on providing static analysis for applications where reliability and security are paramount. The staff includes thirteen PhD-level experts in static analysis and a superb engineering team, all focused on creating the most innovative and in-depth analysis algorithms. More information about GrammaTech can be found at www.grammatech.com.