GrammaTech, Inc., has announced the commercial availability of the latest version of the software analysis tool for C/C++, machine code, and Java – CodeSonar 4. This newest version includes new capabilities for achieving standards compliance, analyzing third-party code, eliminating multi-core issues, and improving code security.
CodeSonar analyzes both binary and source code to identify security and quality liabilities that cause data races, leaks, memory corruption, system crashes, etc.
“The cost of failure in embedded systems is unlike that of any other industry due to the safety-critical role they play in our everyday lives – which is a main reason organizations who build embedded applications are early adopters of automated advanced code analysis tools like CodeSonar,” says Andre Girard, Senior Analyst at VDC Research.
New advances in CodeSonar 4 address:
- Software Supply Chain Risk Management (SCRM) – New Integrated Binary Analysis in CodeSonar 4 empowers developers to analyze externally produced software without access to its source code. This eliminates the dangerous quality and security blind spots created by using open source or third-party components and libraries in embedded applications.
- Standards Compliance – The increasing regulation of embedded software in the form of industry-specific standards for code quality/security continues to gain international momentum. CodeSonar 4 will include built-in analysis for MISRA C 2012, in addition to existing DO-178 analysis capabilities, to help organizations pursue and achieve relevant certifications.
- Multi-Core Development – With growing usage of multi-core processors and greater dependence on multi-threaded software, CodeSonar 4 delivers new Java-specific concurrency defect detection capabilities to defend against errors like race conditions, deadlocks, and livelocks.
- Embedded Security – As networking and internet-enabled capabilities continue to proliferate within embedded systems, the attack surface of traditionally isolated applications has expanded in new and unpredictable ways. In addition to robust existing security features, the new visual tainted-data analysis capability in CodeSonar 4 helps developers find and eliminate vulnerabilities caused by potentially dangerous information flows.
“CodeSonar 4 is the automated code analysis tool designed specifically for the rigorous security and quality demands of embedded software,” said Paul Anderson, Vice President of Engineering at GrammaTech. “CodeSonar 4 will address the most complex challenges facing embedded developers by using new analysis capabilities to eliminate the most costly and hard-to-find defects early in the application development lifecycle.”
For more information, visit www.grammatech.com.