CodePeer – Automated Code Review and Validation

The Most Comprehensive Static Analysis Toolsuite for Ada


CodePeer is an Ada source code analyzer by AdaCore that detects run-time and logic errors. It assesses potential bugs before program execution, serving as an automated peer reviewer, helping to find errors easily at any stage of the development life-cycle. CodePeer helps you improve the quality of your code and makes it easier for you to perform safety and/or security analysis.

CodePeer has been qualified as a Verification Tool under the DO-178B and EN 50128 software standards and may be used with any standard Ada compiler or fully integrated into the GNAT Pro development environment.



CodePeer will detect the following potential errors:

  • Use of uninitialized variables
  • Unreachable, redundant, or useless code
  • Concurrency faults (data race conditions)
  • Failure of predefined run-time checks, including buffer overflow, numeric overflow, null pointer dereference, and division by zero
  • Failure of user-defined checks, including pre/postconditions, assertions, type invariants, and subtype predicate

CodePeer is a multidisciplinary tool for the whole team.

While coding, to detect and prevent problems prior to integration

To annotate code where problems are detected

Project Managers
To track the evolution of vulnerabilities on a day-by-day basis

Software Auditors
To conduct “one-shot” analyses that assess overall vulnerabilities, hot spots, or compliance with quality standards

Certification Engineers
To reduce the effort needed for safety or security certification

CodePeer has been designated as CWE-Compatible by the MITRE Corporation’s Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program. It detects a variety of code weaknesses, including several that are among the CWE’s Top 25 Most Dangerous Software Errors, such as:

  • CWE-120 (Classic Buffer Overflow)
    “The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.”
  • CWE-131 (Incorrect Calculation of Buffer Size)
    “The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.”
  • CWE-190 (Integer Overflow or Wraparound)
    “The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.”