Source Code Analysis
CodeSonar's source code analysis engine identifies problems that developers care about finding, like data races, deadlock, buffer overruns, leaks, null-pointer dereferences, and uninitialized variables.
Technical Highlights:
- Symbolic execution engine
- Highly scalable
- Incremental analysis capability
- Browser-based user interface
- Management reports
- Extensible analysis engine
- Integration with other tools
- Easy setup requires no changes to build environment
Binary Code Analysis
CodeSonar's binary analysis finds vulnerabilities and defects in machine code (both whole executables and libraries), so you can perform a security analysis even if source code is unavailable.
Technical Highlights:
- Analyzes third-party code
- Works without debug info or the symbol table
- Is highly scalable and easily extensible
- Provides a comprehensive API
- Supports a team of users
- Provides high-level reports
- Integrates with other tools
- Provides navigation features
Built-In Basic Counting Metrics
CodeSonar ships with an assortment of metrics at function, file, and analysis granularity. An 'x' in the following table indicates that the corresponding metric is computed at the specified granularity.
Click any metric name to learn more about the metric.
METRIC |
GRANULARITIES |
Project |
File |
Procedure |
Blank Lines »The number of blank lines, excluding blank lines in comments. |
x |
x |
x |
Code Lines »The number of lines that contain code only, with no comments. |
x |
x |
x |
Comment Lines »The number of lines that contain comments only, with no code. |
x |
x |
x |
Include file instances »The number of include-file instances in the analyzed project, excluding system include files. |
x |
|
|
Lines with Code »The number of lines that contain code. |
x |
x |
x |
Lines with Comments »The number of lines that contain comments. |
x |
x |
x |
Mixed Lines »The number of lines that contain both code and comments. |
x |
x |
x |
Top-level file instances »The number of compilation units in the analyzed project. |
x |
|
|
Total Lines »The total number of lines. |
x |
x |
x |
User-defined functions »The total number of user-defined functions. |
x |
|
|
Custom Counting Metrics
With CodeSonar's highly customizable static analysis engine, you can extend both the set of metrics computed and the set of uses for those metrics.
- Define derived metrics based on these count metrics. For example, if you want to know the ratio of Code Lines to Total Lines, you can instruct CodeSonar to compute and report it.
- Specify custom metrics that count other code phenomena. With API access to the various internal representations computed by CodeSonar's analysis engine, you can count just about anything, from global variables to loops.
- Design custom warning classes so that CodeSonar warnings are issued whenever the value of a particular metric is outside a specified range. This can help enforce coding standards that govern factors like maximum function size, or minimum commenting level.