Data Flow Defect Detection

Slider

Backed by sophisticated technology to perform deep-flow dataflow analysis, the analysis toolsets identify critical coding issues relating to control-flow, variable state and library usage.

The Dataflow analysis engine incorporates an advanced, industry-proven Satisfiability Modulo Theories (SMT) solver engine* – a technology first for deep-flow static analysis products. A combination of SMT solver and in-house language and parsing expertise result in exceptionally accurate dataflow and semantic modeling of C and C++ code – a foundation for a set of unique analysis checks.

Security Issues:

  • Buffer under- and overflow
  • Arithmetic overflow and wraparound
  • Format string mis-use

Crash-Inducing Defects:

  • Null pointer operations, invalid pointer values, operations on unrelated pointers
  • Divide-by-zero
  • Uncaught exceptions, throw-catch specification mismatches, improper exception use

Flawed Logic Issues:

  • Invariant (always true/false) logic and unreachable code
  • Unset variables
  • Redundant expressions, initializations and assignments
  • Infinite loops
  • Return value mismatches

Memory Issues:

  • Memory allocation mismatches
  • Memory leaks

API Mis-use:

  • Standard library pre- and post-condition verification

The dataflow solution builds from the ground up, leveraging precise knowledge of program state during symbolic execution. Inter-function analysis involves tight binding of call arguments to function parameters, thus continuing the precision of the analysis. Path and value traces to each discovered defect are provided through sub-messages.

The global software community is becoming laser-focused on defect detection as a preliminary step towards a coding standards prevention approach. QA-C/QA-C++ coding defect analysis is a strong investment with proven payback, and one that additionally scales to powerful prevention.

* Includes Yices™ decision procedures technology under license from SRI International®

BACK TO QA-C/QA-C++