- +44 1293 403636
- This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
- Follow us on Twitter
- Google+
CodeSonar - Differentiators
What makes CodeSonar different
All static-analysis tools make approximations, resulting in two types of inaccuracies:
- False positive: a warning about a defect that cannot actually happen
- False negative: a real bug that the analysis does not report
With any technology, there is a fundamental tradeoff between minimising false positives and minimising false negatives. Some tools focus on minimising false positives. However, this can mean a large number of real defects are not flagged and so make their way into testing cycles and into production code.
CodeSonar design philosophy
The design philosophy behind CodeSonar is different from other tools. It is often forgotten that the real point of using a tool like CodeSonar is to eliminate critical defects before they cause a failure in the field. A false positive can be managed and suppressed in the analysis. However, there is no way to manage a false negative; it is a defect that slips into production.
Feedback that GrammaTech has received indicates that GrammaTech typically catches about twice as many critical defects, while maintaining a fairly low false-positive rate.
