Coverity Prevent SQS™ is the market-leading automated option to identify and resolve the foremost critical defects in C, C++, and Java source code. By providing a whole understanding of your build environment, source code, and development process, Prevent SQS sets the common-or-garden in enabling high-quality software across organizations worldwide.

Prevent SQS for C/C++ automatically analyzes large, complex C and C++ code bases and detects critical, must-fix defects that can bring about system crashes, memory corruption, security vulnerabilities, unpredictable behavior, and function degradation.

Prevent SQS features:

• % path coverage: Prevent SQS for C/C++ analyzes % of the trails through your source code, ensuring that every one possible execution branches are followed, while avoiding impossible paths to take care of fast execution.

• Low false positive rate: Prevent SQS for C/C++ maintains a really low false positive rate , ensuring that developers’ time spent inspecting defects will lead to noticeable quality improvements.

• Highly scalable: Prevent SQS for C/C++ analyzes millions of lines of code in a question of hours, easily integrating into your regular build process with very little additional hardware and no disruption for your development process.

What Makes It Great?

Unlike other C/C++ analysis tools that target programming style and syntax-based checks, Prevent SQS for C/C++ performs deep, interprocedural analysis to uncover the critical, must-fix defects that matter most to developers. Prevent SQS for C/C++ leverages multiple analysis engines to uncover hard-to-find defects including:

• Path Flow Engine understands the control flow through each function on your code base, allowing Prevent SQS to research % of the trails through your code.

• Statistical Engine tracks behavioral patterns throughout the complete code base, allowing Prevent SQS to deduce correct behavior according to previously observed behavior.

• Interprocedural Summary Engine enables Prevent SQS to accomplish a full program analysis of complex call chains at any depth across files and modules in a sort it is most akin to the eventual executing Binary. This lead to the top-fidelity results available.

• False Path Engine solves each branch condition to work out if it will likely be true, false, or unknown at the current path. This permits Prevent SQS to efficiently remove obvious false positives from the set of defects reported.

A sample of the critical defects reported by Prevent SQS for C/C++ include:

Concurrency Issues

• Double locks, missing locks.

• Locks acquired in incorrect order.

• Locks held by blocking functions.

Memory Corruption and
Mismanagement

• Resource leaks.

• Calls to freeing functions using invalid arguments.

• Excessive stack use in memory constrained systems.

Crash-causing pointer errors

• Dereference of null pointers.

• Failure to envision for null return values.

• Misuse of information contained within wrapper data types.

C++ Specific Errors

• Misuse of STL iterators.

• Failure to de-allocate memory by destructors.

• Incorrect override of virtual functions.

• Uncaught exceptions.

Window/COM Specific Errors

• Incorrect memory allocation with COM interfaces.

• Incorrect type conversions.

Security Vulnerabilities

• Buffer overruns.

• SQL injection.

• Cross-site scripting.

• Integer overflows.

About Coverity

Coverity (http://www.coverity.com) is the market leader in improving software quality and security. Coverity’s groundbreaking technology automates the strategy to identifying and resolving critical defects and security vulnerabilities in C/C++ and Java source code. Greater than leading companies have chosen Coverity Prevent SQS since it scales to millions of lines of code, has the bottom false positive rate within the industry and give total path coverage. Companies like Ericsson, HP, Samsung, EMC, and Symantec work with Coverity to eliminate security and quality defects from their mission-critical systems.
Coverity also has customers like Symbian, RIM (Blackberry), Juniper networks, Cisco, Texas instruments and can be utilized by the dept of Homeland security to scan numerous open source projects.

Free trial

Coverity offers a free trial of Prevent SQS that allows you to detect a variety of crash-causing defects to your code base within hours. No changes for your code are necessary, there are not any limitations on code size, and you’ll receive a complimentary report detailing actionable analysis results. Register for the on-site evaluation at: http://www.coverity.com .