ITHACA, N.Y., Feb. 12, 2015 /PRNewswire/ -- GrammaTech, Inc., a leading maker of tools that improve and accelerate embedded software development, today announced that CodeSonar has been ranked first overall in a study titled Quantitative Evaluation of Static Analysis Tools, performed by the Toyota InfoTechnology Center. The study was conducted to determine which static analysis tools excel at finding safety problems in code, and its findings and accompanying benchmarks were just made available by John Regehr, Associate Professor of Computer Science at the University of Utah.
The report compares six different static analysis tools against benchmarks in eight safety-related categories of software defect types: Static Memory, Dynamic Memory, Numerical, Resource Management, Pointer-Related, Concurrency, Inappropriate Code, and Miscellaneous. The tools are then ranked in each category using a productivity metric that captures the ability of the tool to find real problems and simultaneously suppress false positives.
"Static analysis is an important, innovative, and powerful technique for finding and preventing critical problems in software," said Shinichi Shiraishi, Senior Researcher and lead author of the study. "We're excited to share these benchmarks with the global community of software developers, to help them find the right static analysis tool to ensure the safety of their code."
In addition to being ranked best overall, CodeSonar received the following rankings:
- First in finding: Dynamic Memory, Concurrency, and Inappropriate Code
- Second in finding: Static Memory, Resource Management, and Miscellaneous safety issues
- Third in finding: Pointer-Related Defects
- Fourth in finding: Numerical Defects
"As far as we are aware, this is the first empirical head-to-head comparison of static analysis tools that has been openly published, and for which the benchmarks are available for users to download," said Paul Anderson, Vice President of Engineering at GrammaTech. "Our high marks in each category underscore the breadth and depth of CodeSonar's capabilities to identify hard-to-find safety issues in embedded software, and I am so pleased to see that our tool is leading the pack."
Designed for zero-tolerance embedded defect environments, CodeSonar analyzes both source code and binary code, to identify serious bugs that cause system crashes, memory corruption, leaks, data races, security breaches, and other serious problems.
GrammaTech tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. To learn more about GrammaTech, visit www.grammatech.com.
The URL for this release is located at: http://www.grammatech.com/news/releases/independent-study-names-codesonar-best-in-class
SOURCE GrammaTech, Inc.