Coverity, a company that specialises in detecting coding flaws in software, has added a new feature to one of its products that finds problems that can cause multi-threaded applications to crash.
Using static code analysis, it aims to find race conditions that can occur when two threads are trying to access the same piece of data, said Ben Chelf, Coverity's CTO. When two threads are running in parallel, it is not always possible to say whether a particular instruction from one thread will run before a given instruction in the other thread, or after it. The two instructions may execute in a different order each time the application is run, Chelf said.
The problems occurs if developers write code that doesn't take into account this possibility, and instructions accessing a shared resource execute in an order the programmer didn't expect. This can crash the application or corrupt data.
Race conditions typically take a long time to diagnose and to patch, Chelf said.
Coverity's tool, which is included in its Prevent SQS product, analyses code to find inconsistent treatment of a shared piece of data, Chelf said. The tool takes about four to six times as long to analyse the code as it takes to "build" the code, or assemble it into an executable file, Chelf said.
Chelf said the false-positive rate for the tool is less than 15 percent, but that figure never goes down to zero since it's impossible to know exactly how a batch of code will behave until it actually runs.
Prevent SQS is used for analyzing programs written in C, C++ and Java. Chelf said Coverity has been selling its product to embedded developers creating applications for telecommunication and wireless applications, among others.
Prevent SQS starts at $6,000; the enterprise-level version starts at $35,000.