The Bug Finder package is a general-purpose static analysis application for C and C++ that runs on top of ECLAIR, a powerful platform for the automatic analysis, verification, testing and transformation of C and C++ programs. The package includes a very fast static analyzer suitable for execution on the developer’s desktop, which is able to detect and report bugs and weaknesses that can lead to crashes, misbehaviors, and security vulnerabilities.
- Very fast: can be run on the developer’s desktop, for early detection of a number of software defects.
- Extremely high signal-to-noise ratio.
- No need to write compiler personality files (time-consuming and often of questionable correctness).
- Automatically produces accurate and detailed reports.
- Immediate use from within most popular IDEs or batch use with reports stored in a database for later processing.
- Reports optionally available to the entire development team and management using web-based technology.
- Powerful differential reporting lets you correlate changes in the code with the appearance/disappearance of violations.
- No stress: free consultancy services for the initial configuration. This includes full assistance to help your company make the transition to the Bug Finder.
The ECLAIR Bug Finder is a tool designed to run on the developer’s desktop as well as on integration servers. It enables the early detection of a number of software defects.
Avoid shipping defects to customers (with disastrous consequences and high remediation costs) and lower the cost of development by drastically reducing the resources spent in reworking and retesting.
Unlike other systems, ECLAIR Bug Finder does not require compiler- and target-dependent configurations (which are often error-prone) and presents accurate results that make it easy to identify “culprit” pieces of code and the correct remediations.ECLAIR’s Bug Finder package identifies security vulnerabilities, dead code, API misuses and other errors in C and C++ source code, including:
- buffer overflows
- dereferences of null pointers
- pointer arithmetic errors
- use of uninitialized variables
- uninitialized or invalid return values
- divisions by zero
- undefined operations
- dead stores
- leaks of stack memory addresses
- memory leaks
- unreachable code
- other dynamic memory allocation issues
- lossy implicit conversions
- excessive padding (memory waste)
- vararg functions mistakes
- string manipulation errors
- library API violations
- insecure use of library functions
- multithreading issues
- dynamic type errors
- other common programming mistakes