What Is It?
Coverity Prevent SQSâ„? is the market-leading automated approach to identify and resolve the most critical defects in C, C++, and Java source code. By providing a complete understanding of your build environment, source code, and development process, Prevent SQS sets the standard in enabling high-quality software across organizations worldwide.
Prevent SQS for C/C++ automatically analyzes large, complex C and C++ code bases and detects critical, must-fix defects that could lead to system crashes, memory corruption, security vulnerabilities, unpredictable behavior, and performance degradation.
Prevent SQS features:
&bull 100% path coverage: Prevent SQS for C/C++ analyzes 100% of the paths through your source code, ensuring that all possible execution branches are followed, while avoiding impossible paths to maintain fast execution.
&bull Low false positive rate: Prevent SQS for C/C++ maintains a very low false positive rate , ensuring that developers' time spent inspecting defects will result in noticeable quality improvements.
&bull Highly scalable: Prevent SQS for C/C++ analyzes millions of lines of code in a matter of hours, easily integrating into your regular build process with little or no additional hardware and no disruption to your development process.
What Makes It Great?
Unlike other C/C++ analysis tools that focus on programming style and syntax-based checks, Prevent SQS for C/C++ performs deep, interprocedural analysis to uncover the critical, must-fix defects that matter most to developers. Prevent SQS for C/C++ leverages multiple analysis engines to uncover hard-to-find defects including:
&bull Path Flow Engine understands the control flow through each function in your code base, allowing Prevent SQS to analyze 100% of the paths through your code.
&bull Statistical Engine tracks behavioral patterns throughout your entire code base, allowing Prevent SQS to infer correct behavior based on previously observed behavior.
&bull Interprocedural Summary Engine enables Prevent SQS to perform a whole program analysis of complex call chains at any depth across files and modules in a form that is most similar to the eventual executing Binary. This result in the highest-fidelity results available.
&bull False Path Engine solves each branch condition to determine if it will be true, false, or unknown on the current path. This allows Prevent SQS to efficiently remove obvious false positives from the set of defects reported.
A sample of the critical defects reported by Prevent SQS for C/C++ include:
Concurrency Issues
&bull Double locks, missing locks.
&bull Locks acquired in incorrect order.
&bull Locks held by blocking functions.
Memory Corruption and
Mismanagement
&bull Resource leaks.
&bull Calls to freeing functions using invalid arguments.
&bull Excessive stack use in memory constrained systems.
Crash-causing pointer errors
&bull Dereference of null pointers.
&bull Failure to check for null return values.
&bull Misuse of data contained within wrapper data types.
C++ Specific Errors
&bull Misuse of STL iterators.
&bull Failure to de-allocate memory by destructors.
&bull Incorrect override of virtual functions.
&bull Uncaught exceptions.
Window/COM Specific Errors
&bull Incorrect memory allocation with COM interfaces.
&bull Incorrect type conversions.
Security Vulnerabilities
&bull Buffer overruns.
&bull SQL injection.
&bull Cross-site scripting.
&bull Integer overflows.
About Coverity
Coverity (www.coverity.com) is the market leader in improving software quality and security. Coverity's groundbreaking technology automates the approach to identifying and resolving critical defects and security vulnerabilities in C/C++ and Java source code. More than 300 leading companies have chosen Coverity Prevent SQS because it scales to tens of millions of lines of code, has the lowest false positive rate in the industry and provides total path coverage. Companies like Ericsson, HP, Samsung, EMC, and Symantec work with Coverity to eliminate security and quality defects from their mission-critical systems.
Coverity also has customers like Symbian, RIM (Blackberry), Juniper networks, Cisco, Texas instruments and is also used by the Department of Homeland security to scan lots of open source projects.
Free trial
Coverity offers a free trial of Prevent SQS that will detect a wide range of crash-causing defects in your code base within hours. No changes to your code are necessary, there are no limitations on code size, and you will receive a complimentary report detailing actionable analysis results. Register for the on-site evaluation at: .
