Automated Code Review and Validation

CodePeer is an Ada source code analyzer that detects run-time and logic errors. It assesses potential bugs before program execution, serving as an automated peer reviewer, helping to find errors efficiently and early in the development life-cycle.

It can also be used to perform impact analysis when introducing changes to the existing code, as well as helping vulnerability analysis. Using control-flow, data-flow, and other advanced static analysis techniques, CodePeer detects errors that would otherwise only be found through labor-intensive debugging.

Detects errors before they grow into expensive problems

CodePeer’s advanced static error detection finds bugs in programs before programs are run. By mathematically analyzing every line of software, considering every possible input, and every path through the program, CodePeer can be used very early in the development life-cycle to identify problems when defects are much less costly to repair. It can also be used retrospectively on existing code bases, to detect latent vulnerabilities.

CodePeer is a standalone tool that may be used with any Ada compiler or fully integrated into the GNAT Pro development environment. It can detect several of the “Top 25 Most Dangerous Software Errors” in the Common Weakness Enumeration: CWE-120 (Classic Buffer Overflow), CWE-131 (Incorrect Calculation of Buffer Size), and CWE-190 (Integer Overflow or Wraparound).

Qualified for usage in safety-critical industries

CodePeer has been qualified as a Verification Tool under DO-178B, a software standard for commercial airborne systems, automating a number of activities associated with that standard’s objectives for software accuracy and consistency. CodePeer has also been qualified for EN50128, the highest international standard for safety integrity concerning software for railway control and protection. The EN50128 qualification material addresses boundary value analysis (detecting errors such as buffer overflow), control flow analysis (detecting errors such as unreachable code), and data flow analysis (detecting errors such as references to uninitialized variables).

Qualification material for both DO-178B and EN50128 is available as a product option.

Learn more about CodePeers' features »

How can CodePeer help your software project?

  • Finds potential bugs and vulnerabilities early, when they are less expensive to correct
  • Expedites code review and significantly increases the productivity of human review
  • Detects and removes latent bugs when used retrospectively on existing code
  • Reduces effort needed for safety or security certification
  • Improves code quality
  • Works on partially complete programs
  • Exploits multi-core CPUs for efficiency and allows performance tuning based on memory and speed of developer’s machine

What makes the CodePeer approach unique?

When it comes to code review and analysis, CodePeer stands alone. Its comprehensive capabilities go far beyond similar tools on the market. Here are just some the advantages that CodePeer has over other tools:

  • Tight integration with the compiler GNAT Pro, so that no special setup is needed to run CodePeer on a project compiled with GNAT Pro.
  • Scalability given by the compiler-like inner working of CodePeer, which generates subprogram summaries to be used in callers.
  • The ability to analyze a subprogram or a package in isolation: no need for a driver that gives a calling context, whether manually written or generated, thanks to a bottom-up processing of subprograms.
  • The ability to detect logic errors such as assigning to a variable that is never subsequently referenced or testing a condition that always evaluates to the same true or false value.
  • It automatically generates both human-readable and machine-readable component specifications: preconditions and postconditions, inputs and outputs, heap allocations. Critically helpful for automated code reviews!
  • Warnings ordered by ranking, so that more severe and likely errors are treated first. The ranking heuristics are fully customizable by the user.