Developing in Ada? - static-analysis and dynamic-analysis tools get an update

February 06, 2014 // By Graham Prophet
AdaCore has released what it the company terms a major new version of its CodePeer static analysis tool, for automatic code review and validation; and of its dynamic analysis tool.

CodePeer 2.3 for the automated review and validation of Ada source code assesses potential bugs before program execution to find errors early in the development life cycle. It also performs impact and vulnerability analysis when existing code is modified, and, using control-flow, data-flow, and other advanced static analysis techniques, the tool detects problems that would otherwise only be found through labour-intensive debugging.

The latest update to CodePeer delivers more precise diagnostic messages and fewer “false positives”. It also includes an independent Ada front end, and provides better integration with AdaCore’s two IDEs: GNAT Programming Studio (GPS) and GNATbench (the GNAT Pro Ada plug-in for Eclipse and Wind River Systems Workbench). Other enhancements include support for floating point overflow on unconstrained types, the ability to supply target configuration files, and improved support for existing codebases in Ada 83. Improved message review capabilities are now available through pragma Annotate, and the tool provides new warnings when a formal parameter could be declared with a more restrictive mode.

CodePeer is fully integrated into the GNAT Pro development environment and comes with a number of complementary static analysis tools common to the technology – a coding standard verification tool (GNATcheck), a source code metric generator (GNATmetric), a semantic analyzer, and a document generator.

Serving as an efficient and accurate code reviewer, CodePeer identifies constructs that are likely to lead to run-time errors such as buffer overflows, and it flags legal but suspect code, typical of logic errors. Going well beyond the capabilities of typical static analysis tools, CodePeer also produces a detailed analysis of each subprogram, including pre- and post-conditions. Such an analysis makes it easier to find potential bugs and vulnerabilities early: if the implicit specification deduced by CodePeer does not match the component’s requirements, a reviewer is alerted immediately to a likely logic error. During system development, CodePeer can help prevent errors from being introduced, and it can also be used as