CodeSonar

CodeSonar is a static code analysis tool from CodeSecure, Inc. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.

CodeSonar provides information for every weakness found, including the trace through the source code that would trigger the bug as well as a call-tree visualization that represents how the weakness is related to the wider application.

Functional safety compliance
CodeSonar supports compliance with functional safety standards like IEC 61508, ISO 26262, DO-178B/C, or ISO/IEC TS 17961. CodeSonar's warning classes also support several coding standard initiatives, including MITRE's CWE, JPL, Power of 10, MISRA C/C++ and SEI CERT C.

Applications
CodeSonar is used in the defense/aerospace, medical, industrial control, automotive, electronic, tele/datacommunications and transportation industries. Some well known use cases are FDA Center for Devices and Radiological Health uses it to detect defects in fielded medical devices. The NHTSA and NASA used CodeSonar to study on sudden unintended acceleration in the electronic throttle control systems of Toyota vehicles

Supported programming languages, host platforms and compilers
Supported Programming Languages: C, C++, C#, Java, Python, binary code analysis supports Intel x86-32, amd64 and ARM.

Supported Platforms: Microsoft Windows, Linux, FreeBSD, NetBSD, MacOS

Supported Compilers: Apple Xcode, ARM RealView, CodeWarrior, GNU C/C++, Green Hills Compiler, HI-TECH Compiler, IAR Compiler, Intel C++ Compiler, Microsoft Visual Studio, Renesas Compiler, Sun C/C++, Texas Instruments CodeComposer, Wind River Compiler