Tech Preview of CodeSonar and VectorCAST Integration

July 31, 2018 Mark Hermeling


We've built a powerful integration between GrammaTech CodeSonar and Vector Informatik VectorCAST/C++ that provides advanced static analysis within the VectorCAST/C++ environment. Currently a tech preview, the integration will be be available to CodeSonar customers in the near future.

VectorCAST/C++ is a an automated unit and integration test solution used by embedded developers to validate safety and business critical embedded systems. This dynamic test solution is widely used in the avionics, medical device, automotive, industrial controls, railway, and financial industries.

So, how does static analysis complement automated unit testing? Static analysis highlights areas of code that pose the highest potential for bugs and security vulnerabilities. Areas of code that have high warning densities than others need more attention for unit testing to ensure these problems don't manifest later in the product development. In addition, static analysis can detect bugs that are hard to detect with testing, in particular security vulnerabilities that only occur with malformed data, for example. CodeSonar has unique  checkers that can detect subtle concurrency issues that are difficult to find in regular testing. Lastly, static analysis can find dead code easily and through that, help increase your dynamic test coverage. Static analysis is a critical complement to a disciplined unit testing practice.

Highlights of the Integration

The CodeSonar integration with VectorCAST/C++ provides static analysis warnings directly in the VectorCAST environment. Accessing these warnings provides details on the types of error and location in the source code. Links within these warnings jump to the CodeSonar web interface for even more details as required.

CodeSonar's whole program analysis provides full details on the call tree and scenario that precipitate a warning. This can be useful in debugging the problem but also useful in deciding what units require more testing coverage, including a complete call tree.

The following video shows the CodeSonar and VectorCAST/C++ integration in operation:


Previous Article
The Dangers of Copy and Paste
The Dangers of Copy and Paste

INTRODUCTION: Copying and pasting code (“copy-paste”) is a primitive but very common form of s...

Next Article
Integrating Static Analysis into Continuous Integration/Continuous Deployment
Integrating Static Analysis into Continuous Integration/Continuous Deployment

Continuous integration (CI) and continuous delivery (CD) are gaining traction in software develo...