Static Source Code Analysis Tools

Vulnerability and runtime error detection

CodeSonar

CodeSonar allows to check the adherence of the source code to "Safety" and "Security" software coding standards, as required by the main Functional Safety standards.

Programming languages

Safety standards

C 2012

C++ 2008

C++ 14, 2018

Security standards

C 2016

C++ 2016

CodeSonar includes different programs that detect potential errors at runtime.
CodeSonar allows you to check that the developed source code complies with the selected security standards. For each standard you can select the rules you want to verify.
The final result guarantees a safe use of the programming language and the portability of the application.

Runtime error detection

Use of null pointers
Buffer overflow
Dynamic memory not released
Type conversion problems
Variable initialization errors
Improper use of library functions
Detection of invalid loops and cycles
Dead code detection
Concurrency errors
And many others

CodeSonar distinguishing features

Depth of Analysis

One of the differentiating factors of CodeSonar is it's ability to perform deep code analysis, including control flow and data flow analysis, allowing to obtain errors that affect different functions in different files.
CodeSonar distinguishes between errors and warnings of different severity. Once an error is identified, the sequence of function calls that cause it and the statement and condition where the error occurs are displayed. This is marked as a sequence of events.
CodeSonar finds errors that other static code analysis tools are unable to locate.

The paths and the tree of calls leading to the error can also be displayed.
In this example of a local variable initialization error to a function, CodeSonar detects that the error occurs in four execution paths out of the six possible ones.

The control flow of function calls can also be displayed graphically.

Scalability: Distributed analysis

CodeSonar enables the analysis of very large source code repositories at a very high level of analysis depth through the ability to distribute the analysis among multiple processes running on different servers.

CodeSonar manages a primary Hub process for web analysis and visualization and, optionally, several satellite Hub processes. The primary and secondary processes share the same database.

DevSecOpcs Integration

CodeSonar integrates with various continuous integration environments: Jenkings, GitLab, GitHub, etc.
The developer can visualize and fix security issues within the CI/CD environment and access more detailed information in the Hub with a simple mouse click. In case of error detection, defects can be opened in specialized tools such as Jira. The project manager or quality managers can check the security status using the reports included within the CI/CD environment. The analysis load can be distributed among multiple processes running on different servers.
CodeSonar manages a primary Hub process for web analysis and visualization and, optionally, several satellite Hub processes. The primary and secondary processes share the same database.

Integration with other tools

CodeSonar integrates with native development environments such as MS Visual Studio or MS Visual Studio Code and with cross-development environments based on Eclipse.

CodeSonar allows using different cross-compilers for PowerPC and ARM architectures. In addition, it provides a graphical wizard to define the different analysis parameters and capture all the information needed to build the executable using each vendor's build method.
Once the compiler and linker information, compilation options, include directories and preprocessor macros are captured, CodeSonar is able to analyze the source code using all that information.

Compilers supported by CodeSonar

ARM Real View & Clang
Borland
Clang
CodeVision
Cosmic

CodeWarrior
Green Hills C/C++
GNU C/C++
Keil
Hi-Tech

IAR
Intel
Microsoft
MPLAB
QNX

Renesas
SHARC, Blackfin
Tasking
Texas Instruments
Wind River

CodeSonar for Java and C#

In the case of Java and C#, the developed applications have security requirements that are specific to the platform, the operating system, the database and the communications and distributed objects middleware.

Detection of security errors

Injections
Cookies
Passwords
LDAP
Cryptographic errors
Reference to external entities
And many others

Supported C# platforms

MVC
Unity
Web Forms
Windows Forms

Supported Java platforms

Apache-CXF
AspectJ
EJB
JAX-RS
JAX-WS
JPA
JSF
Jersey
RESTeasy
RESTlet
Servlet
Spring
Android

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional safety certification training

Requirements and design training

Software and hardware verification