PRQA upgrades QA.C++ with defect and security vulnerability detection

News

28 February 2012

PRQA | Programming Research, static analysis tools supplier, announces a major upgrade to QA•C++. Version 3.0 is a substantial new release of this leading static analysis tool for C++ environments that incorporates a sophisticated deep-flow dataflow analysis technology along with support for the major features in ISO C++ 2011.

Last October, the new C++ standard (2011) was officially announced and published. Leveraging PRQA’s insights from being a voting member of the ISO C++ working group, means that QA•C++ 3.0 provides immediate support for the earliest compiler and library-supported features, while also focusing on high quality code objectives. In addition to its support for a range of new language features, QA•C++ supports the latest 1.48 Boost library version, itself containing advanced template features of the C++ language.

To cap this comprehensive product update, QA•C++ 3.0 also contains the same advanced dataflow analysis engine, coupled with an industry-proven Satisfiability Modulo Theories (SMT) solver that was recently introduced in QA•C 8.0. This dataflow engine is now further enhanced with pointer aliasing and function call bindings within a translation unit for true and detailed inter-function capability. The combination of SMT solver technology and in-house language and parsing expertise in function control flow and detailed C++ semantics has created a set of unique analysis checks for C++ code.

QA•C++ now has accurate, precise detection of important defect and security vulnerabilities including buffer overflows, division by zero, null pointer dereference, integer overflow, loss making conversions, dead code, unusual logic flows and much more, by linking the in-depth language analysis performed by QA•C++ with its state of the art SMT solver. The wide scope of checking includes inter-dependency between variables, pointer aliasing, inter-function analysis involving parameter and return value binding, bi-directional suspicious variable usage analysis, and loop analysis involving first, last and intermediate iterations.

With its continued focus on language parsing and semantic analysis, QA•C++ continues to surpass competitor limitations in advanced semantic language analysis.

“Our technical delivery continues to be focussed on industrial-strength use of C and C++ languages.” said Fergus Bolger, Chief Technical Officer at PRQA. “We hold a pre-eminent position in compliance to coding standards and defect prevention. Our focus on precise source code analysis also allows us to deliver uniquely high grade bug-detection in both language-use and dataflow categories in this latest C++ release.”

With over 140 new messages, dataflow based on an industry-leading SMT solver, support for C++ 2011 and the latest Boost library, QA•C++ 3.0 leads the field in advanced C++ code analysis. PRQA delivers prevention-oriented coding standards compliance and sophisticated C++ language bug-detection.

QA•C++ Version 3.0 is available now. Further details are available at www.prqa.com.