Ok, so you’ve got your 5G iPod, your third-gen iPhone, and a new Core 2 Duo Mac running OS X 10.5. Oh, yes – and you’ve got a target system destined for a 19-inch VME rack. It’d be a real bummer to have to spark up that old Windows XP machine just to verify some source code. Well, you don’t have to. Check out GrammaTech’s CodeSonar 3.1 Enterprise, now available for desktop and server versions of Apple’s Mac OS X operating system. You can surely get on your “inner Steve” (Jobs) with this product. Designed to identify complex programming bugs via whole-program, interprocedural analysis, CodeSonar 3.1 intentionally targets code destined for safety-critical applications.
The tool uses an interprocedural, context-, path-, and object-sensitive analysis method. It ç. Infeasible paths are pruned, false positives suppressed, and the results yield anomalies for the programmer to check. The tool works with the existing source and build system, “watches” how you compile code, and “learns” what it needs in order to perform an analysis. CodeSonar can work on the entire program or on partial programs, and is ideal for zeroing in on buffer overruns or format string vulnerabilities – two common exploits in safety-critical systems. There are more than 20 other code checks besides these, and the tool presents results in HTML.