ESC, San Jose, Ca. – GrammaTech, Inc., here revealed that the next version of its CodeSonar static analysis tool chain will begin shipping sometime in the next two to three months.
The release includes checkers for the new Power of 10 coding standard, new facilities for integrating CodeSonar with defect-tracking systems and other tools, and significant performance improvements that reduce analysis time.
One of the newest features is support for enforcing The Power of 10: Rules for Developing Safety-Critical Code, a set of coding rules developed by Gerard Holzmann, director of NASA/JPL's Laboratory for Reliable Software.
Holzmann is well-known in the field of software verification, where his contributions include the invention of the SPIN model checker. In the paper in which he proposed the Power of 10 rules, Holzmann noted thatm Manually reviewing the hundreds of thousands of lines of code that are written for larger applications is often infeasible.
“Existing coding guidelines therefore offer limited benefit, even for critical applications,” he wrote. “A verifiable set of well-chosen coding rules could, however, assist in analyzing critical software components for properties that go well beyond compliance with the set of rules itself.
“To be effective, though, the set of rules must be small and it must be clear enough that users can easily understand and remember it. In addition, the rules must be specific enough that users can check them thoroughly and mechanically.”
According to Paul Anderson, vice president of engineering, the new facilities for integrating CodeSonar with defect-tracking systems, version-control systems and other tools include an application programming interface (API) that enables customers to write scripts that examine and manipulate defect warning reports.
He said the code that integrates CodeSonar with the Bugzilla defect-tracking system is provided as an example. The API can also be used to automate workflow on large projects.
Numerous performance improvements, such as incremental analysis have reduced analysis time. With incremental analysis, the first analysis performs a full examination of the software project. However, subsequent analyses only examine paths affected by code changes.
“The time savings depend on how much of the code has changed and the effects of those changes on the rest of the code. The reduction in analysis time can be dramatic,” said Anderson.
CodeSonar 3.4 will have the same pricing as CodeSonar 3.3, which is available today with pricing starting at $4,000 USD for small projects. Licenses for larger projects are priced based on the size of the project. A free trail of CodeSonar can be obtained by contacting the company. To learn more, go to www.grammatech.com.