Klocwork Truepath. Comprehensive, scalable static analysis engine.

Comprehensive, scalable static analysis engine

Klocwork Truepath® is the static analysis engine that powers Klocwork's tools. It accurately identifies critical security and reliability issues through a sophisticated whole program analysis of C/C++, Java and C# code.

Build Process Comprehension

The foundation of any whole-program static analysis is the ability to integrate and automatically comprehend your native build environment (make, Visual Studio, ant, etc). See the technical specifications page for a list of build environments supported by Klocwork Insight™.

Dataflow Analysis on the Control Flow Graph

This is the heart of modern source code analysis and distinguishes today's tools from its predecessors such as lint, or even from many of today's open source tools. Klocwork Truepath monitors the lifecycle of data objects as they are created, assigned, used and deleted. The bug identification and analysis works inter-procedurally and can span very large code bases.

Code Compilation and Syntax Analysis

Modern static analysis tools must be able to compile and link your source code to generate complete data models that support finding bugs and other issues in your code.

Symbolic Logic

To further increase static analysis accuracy and detect complex issues in large code bases, advanced tools like Klocwork Insight also use a variety of approaches to infer runtime behavior without actually executing the code. This includes the use of an advanced symbolic logic engine to propagate software behavior and remove any false paths in the code that cannot be executed at runtime.

Accurate Bug Identification and Vulnerability Analysis

Klocwork Truepath accurately detects a comprehensive range of reliability, security, and maintainability issues in your code.

Security Vulnerabilities	Reliability Issues	Coding Standards & Maintainability
Buffer overflow Un-validated user input Injection issues Cross-site scripting Information leakage Vulnerable coding practices Microsoft banned APIs	Memory and resource leaks Concurrency violations Infinite loops Dereferencing NULL pointers Usage of uninitialized data Resource management Memory allocation errors	MISRA, DISA, CWE, CERT Dead code Unreachable code Calculated values never used Unused function parameters Porting Issues Strong Typing

To learn more and view code samples, read our defect and vulnerability page.

In this section

Relevant Resources

WHITE PAPER: Accurate, Scalable Whole Program Analysis

Automated source code analysis locates and describes areas of weakness in source code. Those weaknesses might be security vulnerabilities, logic errors, implementation defects, concurrency violations [...]

WEBINAR: 3 Strategies To Reduce Software Development Risk

Developing software for mission-critical applications such as military, aerospace, and medical devices requires aggressive strategies for reducing risk throughout the development lifecycle. This brief session [...]

RESEARCH: Software Verification for Medical Devices

Producing high-quality, feature-rich software while meeting regulatory guidelines presents a unique set of challenges for those developing medical device software. In this paper for medical [...]