One of the differentiating factors of CodeSonar is its ability to perform deep code analysis, including control flow and data flow analysis, allowing to obtain errors that affect different functions in different files. CodeSonar distinguishes between errors and warnings of different severity. Once an error is identified, the sequence of function calls that cause it and the statement and condition where the error occurs are displayed. This is marked as a sequence of events. CodeSonar finds errors that other static code analysis tools are unable to locate.

In this example of a local variable initialization error to a function, CodeSonar detects that the error occurs in four execution paths out of the six possible ones.

Binary executables can either include the symbol-table/debugging information ("unstripped") or not ("stripped"). Software producers may strip their binaries for a range of reasons, from benign (saving space), to proprietary (protecting trade secrets against reverse engineering), to hostile (obfuscating the code to hide a virus).

To find bugs, security vulnerabilities, or malicious code (backdoors, time bombs, or logic bombs) in an application delivered as stripped machine code, developers must be able to analyze stripped executables.

Static analysis of stripped executables is beyond the capabilities of most static analysis products. CodeSonar, on the other hand, can perform static analysis on both stripped and unstripped executables. Through this evolution in static code analysis, developers can inspect and evaluate all externally produced code used in their applications. Binary analysis results can also be used to compare the relative safety of different third-party components, so teams can make the best possible decision when choosing components to include in their applications.

CodeSonar has detected a null pointer dereference in an analyzed binary.

CodeSonar enables the analysis of very large source code repositories at a very high level of analysis depth through the ability to distribute the analysis among multiple processes running on different servers. CodeSonar manages a primary Hub process for web analysis and visualization and, optionally, several satellite Hub processes. The primary and secondary processes share the same database.

CodeSonar enables the analysis of very large CodeSonar includes different programs that detect potential errors at runtime. CodeSonar allows you to check that the developed source code complies with the selected security standards. For each standard you can select the rules you want to verify. The result guarantees safe use of the programming language and the portability of the application.