CODERRECT SECURITY


the most advanced static analyzer for rACE conditions

#1 on DataRaceBench


Learn more
Alternative Text
Alternative Text

Security, Performance and Peace of Mind

find out why Coderrect Scanner should be your goto solution for quality assurance on multithreaded software

Download White Paper

Alternative Text

CODERRECT SCANNER

Static Analysis – specifically designed for C/C++/Fortran multithreaded software

Download Data Sheet

FEATURES


Easy to Use

Coderrect Scanner is a command line tool that runs in Linux-based OS and supports C/C++/Fortran source codes, much like a "build" command.

Fully Automatic

Leveraging leading research findings, Coderrect Scanner analyzes software fully automatically without the need to run the software.

Super Fast

Coderrect Scanner detects race conditions in complex software in a matter of minutes in most cases, if not seconds.

Static Analysis

Full code coverage without having to rely on specific inputs and run time behavior.

Support Popular Concurrency Models

OpenMP, Pthreads, std::thread, GPU/CUDA, and more...

Scalable

Designed for large and complex software, and scalable even for very large code base.

Easy Customization

Easily customized for your project needs.

Easy Integration

Can be easily integrated into CI/CD processes such as Github and Jenkins ...

Fast and Exhaust Mode

A fast mode gives results very quickly and exhaust mode leaves no stones unturned.

Time-Of-Check Time-Of-Use

A highlighted focus on detecting TOCTOU vulnerabilities.

Expanded Support

Support additional types of concurrency bugs such as order violations, mismatched APIs, and more.

Detailed Report

Provide both a terminal report and a detailed html report to help verify the issues identifed and make corrections.

Accurate

Sophisticated and cutting edge algorithms, finding most critical concurrency bugs.

Shift Left

Capture concurrency bugs early in development. Almost instant feedback and quick iterations make multi-thread programming much more productive.

How Coderrect Scanner Works?


IR GENERATION

Generate an intermediate representation (IR) of your source code in the form of LLVM bitcode (BC) files;

ANALYSIS

Perform sophisticated static analyses on BC files to find potential race conditions;

REPORT

Produce a detailed race report both in terminal and in html format;

INCREMENTAL ANALYSIS AND ADD-ON ANALYSIS

Coming soon

Frequently Asked Questions


What are pre-requisites to run Coderrect successfully on my project?

Coderrect requires Linux-based OS, such as Ubuntu 14+, and CentOS 7+.  

To run Coderrect, you will need to compile your code successfully without Coderrect. For example, running make/cmake/Ninja/Bazel will build your project without errors.

How does Coderrect work internally?

Coderrect generates an intermediate representation of your source code in the form of LLVM bitcode (BC) files and then performs sophisticated static analyses based on them to find potential race conditions. 

Coderrect produces a single BC file for each build binary (an executable, a static library, or a shared library).

Does Coderrect change my build binaries?

No. Coderrect intercepts your build commands but will not change your build targets. Running Coderrect will generate exactly the same build binaries as w/o Coderrect.

What source languages are supported?

Coderrect has full support for C and C++ source code through GCC/Clang/ICC, and Fortran source code through Flang/GFortran/IFORT.

What compilers are supported?

Coderrect supports most common C/C++ compilers (GCC/Clang/ICC). However, internally Coderrect will use clang to generate LLVM bitcode. So, it may not work if your code does not compile with clang, here is an example showing the difference between clang and gcc.

Coderrect also supports Fortran compilers including Flang/GFortran/IFORT.

Where can I find the output of the code scan results?

Besides the console output, there is an HTML file named index.html generated under ./report directory by default. You can specify the location of the report through “-o <directory>” option on the command line.

What license is Coderrect under?

Coderrect is currently under an Evaluation License, and is subject to change in the future.

I think that I have found a bug, what should I do?

Please contact us (contact@coderrect.com).

What does “Coderrect” mean, and how do you pronounce it?

Coderrect is a created word by combining “Code” and “Correct”.  It simply means code-correct. Coderrect is pronounced code-rect.

What’s Coderrect?

Coderrect is a fast and scalable tool that finds race conditions in complex software.