Benefits
Static analysis reduces the risks of deploying software written in the C programming language.
Where possible we identify faults at compile time, before your software is deployed.
We check conformance with language standards:
- ISO C99 Constraints
- ISO C99 Undefined Behaviour
We do additional safety checks:
- MISRA C
We perform analysis:
- Control flow analysis
- Range analysis
We annotate your source code to help you understand what’s going on.
We print reviews of internal information.
Basic Checks
XGC C Side employs static analysis to detect where basic checks are required.
Basic checks are:
Division_Check
Domain_Check
Overflow_Check
Pointer_Check
Range_Check
Subscript_Check
The C programming language does not require basic checks and a program that would fail checks executes with undefined results. Programmers are expected to ensure that all necessary checks are in place, usually by making the checks explicit.
For example, a call the standard math library function sqrt should not be made with a negative argument. This would be a domain error. The following code catches this at run time.
double
sqrt (double x)
{
assert (x >= 0.0);
...
We really ought to catch domain errors at compile time.
For a critical application, checks must be made at compile time. Run-time checks are not welcome.
A good programmer will employ run-time checks where necessary, but
| Vulnerablility | Check |
| signed integer operations | Overflow_Check and Division_Check |
| floating-point operations | Overflow_Check and Division_Check |
| compound literals | Range_Check |
| aggregates | Range_Check |
| casts and coercions | Range_Check |
| function calls | Domain_Check |
| pointer dereferencing | Pointer_Check |
| array subscripting | Subscript_Check |
General checks