CodeSonar - How It Works

CodeSonar's Analysis Engine

Like a compiler, CodeSonar does a build of your code using your existing build environment. But, instead of creating object code, CodeSonar creates an abstract model of your program, capturing its syntax, call graphs, and control-flow graphs (CFGs). Then a synthesis phase, analogous to linking, generates a model of the whole program, which is executed symbolically by CodeSonar's analysis engine.

CodeSonar's analysis engine performs an interprocedural exploration of program paths, reasoning about feasible paths, program variables and how they relate. CodeSonar models the behaviour of each procedure, data, and side effects and then performs an interprocedural path exploration to catch tricky bugs that can result from complex interactions among procedures.

The exploration is path-sensitive, context-sensitive, and object-sensitive. When the path exploration encounters an anomaly, a warning is generated. The representations maintained by CodeSonar can become quite large, so a variety of strategies are employed to ensure scalability.

• CodeSonar - How It Works

• CodeSonar - Differentiators

• CodeSonar - What defects are checked?