Coverity, a company that specializes in detecting coding
flaws in software, has added a new feature to one of its products that finds
problems that can cause multithreaded applications to crash.
Using static code analysis, it aims to find race conditions that can occur
when two threads are trying to access the same piece of data, said Ben Chelf,
Coverity's CTO. When two threads are running in parallel, it is not always possible
to say whether a particular instruction from one thread will run before a given
instruction in the other thread, or after it. The two instructions may execute
in a different order each time the application is run, Chelf said.
The problems occurs if developers write code that doesn't take into account
this possibility, and instructions accessing a shared resource execute in an
order the programmer didn't expect. This can crash the application or corrupt
data.
Race conditions typically take a long time to diagnose and to patch, Chelf
said.
Coverity's tool, which is included in its Prevent SQS product, analyzes code
to find inconsistent treatment of a shared piece of data, Chelf said. The tool
takes about four to six times as long to analyze the code as it takes to "build"
the code, or assemble it into an executable file, Chelf said.
Chelf said the false-positive rate for the tool is less than 15 percent, but
that figure never goes down to zero since it's impossible to know exactly how
a batch of code will behave until it actually runs.
Prevent SQS is used for analyzing programs written in C, C++ and Java. Chelf
said Coverity has been selling its product to embedded developers creating applications
for telecommunication and wireless applications, among others.
Prevent SQS starts at US$6,000; the enterprise-level version starts at $35,000.
