Skip Demo
Not used
Try Klocwork on your code. Static source code analysis for FREE.
Request your free Klocwork Insight demo.
Learn how Klocwork can remove productivity bottlenecks in your development process.

More Information

Relevant Reads

WHITEPAPER:Generating Accurate, Scalable Whole Program Analysis

Automated source code analysis is technology aimed at locating and describing areas of weakness in source code [...]

CASE STUDY:BMC Case Study

Enhancing embedded software development with Klocwork Insight [...]

FACT SHEET:Klocwork Insight and Embedded Development

BMC Software, a leading global provider of enterprise management solutions, turned to Klocwork to help them address quality and security concerns within their Action Request product line [...]



Klocwork Truepath


Accurate, scalable whole-program analysis & bug identification

Klocwork has been conducting static analysis research and development for well over a decade. The result is Klocwork Truepath an automated whole-program analysis engine that delivers the most accurate and comprehensive bug identification possible. This core technology uses the following techniques to generate accurate, scalable static analysis of software source code.

Build Process Comprehension

The foundation of any whole-program static analysis is the ability to integrate and automatically comprehend your native build environment (make, Visual Studio, ant, etc). See the technical specifications page for a list of build environments supported by Klocwork Insight.

Dataflow Analysis on the Control Flow Graph

This is the heart of modern source code analysis and distinguishes today's tools from its predecessors such as lint, or even from many of today's open source tools. Klocwork Truepath monitors the lifecycle of data objects as they are created, assigned, used and deleted. The bug identification and analysis works inter-procedurally and can span very large code bases.

Code Compilation and Syntax Analysis

Modern static analysis tools must be able to compile and link your source code to generate complete data models that support finding bug identification and other issues in your code.

Symbolic Logic

To further increase static analysis accuracy and detect complex issues in large codebases, advanced tools like Klocwork also use a variety of approaches to infer runtime behavior without actually executing the code. This includes the use of an advanced symbolic logic engine to propagate software behavior and remove any false paths in the code that cannot be executed at runtime.

Accurate Bug Identification and Vulnerability Analysis

Truepath delivers the ability to accurately detect a comprehensive range of Quality & Reliability, Security, and Maintainability issues in your code.

Quality/Reliability

Security Vulnerability

Maintainability

Memory and resources leaks
Using de-allocated memory
Incorrect memory de-allocation
Dereferencing NULL pointers
Usage of uninitialized data
Resource management
Concurancy violations

Buffer overflow
Un-validated user input
SQL injection
Path injection
Cross-site scripting
Information leakage
Weak encryption
Vulnerable coding practices

Architectural violations
Header file structure
Deadcode
Unreachable code
Calculated values that are never used
Unused function parameters
Unused local variables

To learn more including code samples read our defect and vulnerability page.