http://www.adacore.com/home/products/codepeer/

CodePeer assesses a program for potential bugs before it is executed, in effect serving as an automated peer review. Using control-flow, data-flow, and other advanced static analysis techniques, CodePeer detects errors that would otherwise only be found through labor-intensive debugging.

CodePeer’s advanced static error detection solutions find bugs in programs before programs are run. By mathematically analyzing every line of software, considering every possible input, and every path through the program, CodePeer can be used very early in the development life-cycle to identify problems when defects are exponentially less costly to repair.

CodePeer was developed in partnership with SofCheck Inc, and may be used either as a standalone tool or fully integrated into the GNAT Pro development environment to significantly improve the soundness of code.
How can CodePeer help your software project?

    * Finds potential bugs and vulnerabilities early, when they are less expensive to correct
    * Expedites code review and significantly increases the productivity of human review
    * Detects and removes latent bugs when used retrospectively on existing code
    * Reduces effort needed for safety or security certification
    * Improves code quality
    * Works on partially complete programs
    * Exploits multi-core CPUs for efficiency and allows performance tuning based on memory and speed of developer’s machine

What makes the CodePeer approach unique?

When it comes to code review and analysis, CodePeer stands alone. It’s comprehensive capabilities go far beyond similar tools on the market. Here are just some the advantages that CodePeer has over other tools:

    * Tight integration with the compiler GNAT Pro, so that no special setup is needed to run CodePeer on a project compiled with GNAT Pro. Also, the analyzer knows all about the compiler internals.
    * Scalability given by the compiler-like inner working of CodePeer, which generates subprogram summaries to be used in callers.
    * The ability to analyze a subprogram or a package in isolation: no need for a driver that gives a calling context, whether manually written or generated, thanks to a bottom-up processing of subprograms.
    * The ability to detect logic errors such as assigning to a variable that is never subsequently referenced or testing a condition that always evaluates to the same true or false value.
    * It automatically generates both human-readable and machine-readable component specifications: preconditions and postconditions, inputs and outputs, heap allocations. Critically helpful for automated code reviews!
    * Warnings ordered by ranking, so that more severe and likely errors are treated first. The ranking heuristics are fully customizable by the user.

Share