GrammaTech, Inc., a leading manufacturer of source-code analysis tools, announced that the next version of CodeSonar will ship in Q2 2009. The release includes checkers for the new Power of 10 coding standard, new facilities for integrating CodeSonar with defect-tracking systems and other tools, and significant performance improvements that reduce analysis time.
One of the newest features is support for enforcing The Power of 10: Rules for Developing Safety-Critical Code, a set of coding rules developed by Gerard Holzmann, director of NASA/JPL’s Laboratory for Reliable Software. Holzmann is well-known in the field of software verification, where his contributions include the invention of the SPIN model checker. In the paper in which he proposed the Power of 10 rules, Holzmann noted that, “Manually reviewing the hundreds of thousands of lines of code that are written for larger applications is often infeasible. Existing coding guidelines therefore offer limited benefit, even for critical applications. A verifiable set of well-chosen coding rules could, however, assist in analyzing critical software components for properties that go well beyond compliance with the set of rules itself. To be effective, though, the set of rules must be small and it must be clear enough that users can easily understand and remember it. In addition, the rules must be specific enough that users can check them thoroughly and mechanically.”
The new facilities for integrating CodeSonar with defect-tracking systems, version-control systems and other tools include an application programming interface (API) that enables customers to write scripts that examine and manipulate defect warning reports. “Customers have been integrating CodeSonar into their development process, so we took a detailed look at their needs and designed a new API to make integrations easy,” said Paul Anderson, vice president of engineering. The code that integrates CodeSonar with the Bugzilla defect-tracking system is provided as an example. The API can also be used to automate workflow on large projects.
Numerous performance improvements, such as incremental analysis have reduced analysis time. With incremental analysis, the first analysis performs a full examination of the software project. However, subsequent analyses only examine paths affected by code changes. “The time savings depend on how much of the code has changed and the effects of those changes on the rest of the code. The reduction in analysis time can be dramatic,” said Paul Anderson.
CodeSonar is a sophisticated static-analysis tool that performs a whole-program, interprocedural analysis on code and identifies complex programming bugs that can result in system crashes, memory corruption and other serious problems. CodeSonar has long been the software-analysis tool of choice for companies working on mission-critical applications like satellites, avionics, industrial controls and medical devices. Companies outside the safety-critical space are also adopting CodeSonar to improve software reliability and security. This includes organizations developing software for wireless devices, networking equipment and consumer electronics.
Pricing and Availability
CodeSonar 3.4 will have the same pricing as CodeSonar 3.3, which is available today with pricing starting at $4,000 USD for small projects. Licenses for larger projects are priced based on the size of the project. Interested parties can request a free trial of CodeSonar.
GrammaTech’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes ten researchers with PhDs in programming languages and program analysis. The company has offices in Ithaca, New York, and San Jose, California.