Coverity detects race conditions, deadlocks, software quality defects and security vulnerabilities

Coverity at Embedded World: Hall 11, Stand 426

Coverity demonstrates power of Coverity Prevent and new Boolean Satisfiability (SAT) Engine at its booth

At Embedded World (Nuremberg, 26-28 February 2008) Coverity will show the power of its static analysis solution Coverity Prevent and the recently announced analysis engine based on Boolean Satisfiability (SAT). Coverity Prevent analyses 100 percent of the paths and values in C/C++ and Java code with the lowest false positive rate in the industry. The highly scalable technology can analyse millions of lines of code. It easily integrates into existing IT-structure, without any change to the code, build environment or interruption of the developer’s process needed.

The latest version of Prevent introduces the first static defect detection of race conditions, one of the most difficult to find concurrency errors that occurs in multi-threaded applications. This new capability will benefit developers by automatically identifying race conditions in addition to other concurrency defects early in the development cycle where they are most cost effective to eliminate. A new interface was designed specifically to help developers understand the complex interleavings that exist within their multi-threaded applications. Also, new advanced analysis capabilities provide analysis of these interleavings, delivering unmatched insight into complex code bases. It detects not only software quality defects such as memory defects, logic defects and pointer defects, but also security vulnerabilities such as buffer overflows and incorrect input validations.

Coverity will also demonstrate the performance of the new False Path Pruning Solver as part it’s SAT engine, which is based on Boolean Satisfiability (SAT). This technique of source code analysis is made possible by patent-pending technology from Coverity that creates a bit-accurate representation of a software system, where every relevant software operation is translated into Boolean values (true and false) and Boolean operators (such as and, not, or). This bit-accurate representation enables source code to be analyzed by SAT-based Solvers for the first time in commercial computer programming. After testing on over 2 million lines of code from multiple applications of open source software from Coverity’s Scan project, the False Path Pruning Solver was found to reduce false positive results by an average of 30 percent. Coverity plans to release two additional Solvers in 2008 that allow customers to check code assertions statically and to detect critical bug categories including integer overflows. In addition, these Solvers will expand Coverity’s existing dataflow analysis capabilities to uncover even greater numbers of buffer overflows while maintaining a low false positive rate.

Prevent leverages multiple analysis-engines to deliver comprehensive analysis of C/C++ and Java code including:
- Path Flow Engine understands the control flow through each function in your code base, allowing Prevent to analyze 100% of the paths through your code.
- Statistical Engine tracks behavioural patterns throughout your entire code base, allowing Prevent to infer correct behaviour based on previously observed behaviour.
- Interprocedural Summary Engine enables Prevent to perform a whole-program analysis of complex call chains at any depth across files and modules in a form that is most similar to the eventual executing Binary. This result in the highest-fidelity results available.
- False Path Engine solves each branch condition to determine if it will be true, false or unknown on the current path. This allows Prevent SQS to efficiently remove obvious false positives from the set of defects reported.

A sample of the critical defects reported by Prevent for C/C++ and Java include: Concurrency Issues, memory corruption and mismanagement, crash-causing pointer errors, C++ specific errors, Window/COM specific errors, security vulnerabilities, unexpected runtime behaviour, performance degradations.

Press contacts:
Coverity Inc., Jim Shissler, Director Public Relations;
Tel: +1 (0) 415 694 5342, jshissler@coverity.com
Agentur Lorenzoni GmbH, Public Relations, Beate Lorenzoni ;
Tel.: +49 (0) 8122 / 55917-22, beate@lorenzoni.de

About Coverity (www.coverity.com)
Coverity, the leader in improving software quality and security, is a privately held company headquartered in San Francisco. Coverity's groundbreaking technology removes the barriers to writing and delivering complex software by automatically finding and helping to fix critical software defects and security vulnerabilities as software is written. More than 350 leading companies choose Coverity because it scales to tens of millions of lines of code, has the lowest false positive rate while providing 100 percent path and value coverage. Companies like Juniper Networks, Symantec, McAfee, Synopsys, NASA, Palm and Wind River rely on Coverity's tools to find and eliminate critical defects from their mission-critical code.

This release was published on openPR.