CodePeer Features

CodePeer identifies constructs that are likely to lead to run-time errors such as buffer overflows, and it flags legal but suspect code typical of logic errors. Going well beyond the capabilities of typical static analysis tools, CodePeer also produces a detailed analysis of each subprogram, including pre and postconditions.

Uses static control-flow, data-flow, and possible-value-set propagation techniques to detect errors before program execution


Mathematically analyzes every line of code without executing the program, considering all combinations of program input across all paths within the program


Analyzes programs for a wide range of flaws including

  • use of uninitialized data
  • pointer misuse
  • buffer overflow
  • numeric overflow
  • division by zero
  • dead code
  • concurrency faults (race conditions)

Identifies not only where a failure could occur, but also where the bad values originate

  • within the current subprogram
  • from some non-local subprogram that reached the point of failure through a series of calls

Detects code that, although syntactically and semantically correct, is performing a suspect computation such as:

  • assigning to a variable that is never subsequently referenced
  • testing a condition that always evaluates to the same true or false value

Automatically generates both human-readable and machine-readable component specifications:

  • preconditions and postconditions
  • inputs and outputs
  • heap allocations

CodePeer also includes a number of complementary static analysis tools common to the GNAT Pro technology – a coding standard verification tool (GNATcheck), a program metric generator (GNATmetric), a semantic analyzer, and a document generator – that can be invoked through the GNAT Programming Studio (GPS) IDE.


Codepeer has been designated as CWE-Compatible by the MITRE Corporation's Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program. It detects the following code weaknesses, which are among the CWE’s Top 25 Most Dangerous Software Errors

  • CWE-120 (Classic Buffer Overflow)
    “The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.”
  • CWE-131 (Incorrect Calculation of Buffer Size)
    “The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.”
  • CWE-190 (Integer Overflow or Wraparound)
    “The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.”
Check CWE weakness
Array index out of bounds CWE 124, 125-127, 129, 130-131, 135, 170, 193
Division by zero CWE 189
Dereferencing a null pointer CWE 252-253, 476
Numeric overflow CWE 128, 190-192, 197
Range constraint violation CWE 118
Variant record field violation CWE 136-137
Use of incorrect type in inheritance hierarchy CWE 136-137
Dead (unreachable) code CWE 561
Reference to uninitialized variable CWE 232, 236, 475
Test predetermined (redundant conditional) CWE 561
Loop runs forever or fails to complete normally CWE 835
Unused (redundant) or useless assignment, or unused “out” parameter CWE 563
Unprotected access to shared variable CWE 362, 366-367, 374, 820