It statically simulates application execution paths which may cross multiple units, components, and files to identify paths that could trigger runtime errors such as:
- C and C++: Using uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and dead code.
- .NET: NullReferenceExceptions, ArgumentNullExceptions, resource leaks, division by zero, dereferencing before checking for null, SQL injections, XSS, and other security vulnerabilities.
- Java: NullPointerExceptions, resource leaks, accessing arrays out of bounds, unvalidated input in array indexes, incorrect Iterator usage, division by zero, SQL injections, XSS, and other security vulnerabilities.
This ability to expose these errors without executing code is especially valuable for teams with legacy code bases lacking robust test suites or embedded code, where runtime analysis and detection of such errors is not effective or possible.
