PROBLEM: Programmers, despite their best efforts, make errors, any one of which could cause a system to crash or admit an attacker. Although automated test programs have improved software, major bugs still slip through, costing businesses and governments billions of dollars each year.
SOLUTION: As a graduate student at Stanford, Seth Hallem perfected an improved approach to finding bugs, called static analysis. Where ordinary test software runs a program and hopes to stumble on errors, static analysis breaks it into pieces that perform discrete functions, such as “add the results of lines 42 to 47.” The computer determines what each piece does and then simulates how various functions might interact, looking for problematic combinations.
Previous attempts at static analysis were either too simplistic to find important bugs or too comprehensive to ever finish the job. Hallem developed algorithms to weed out redundant analysis and examine only the most important combinations, allowing millions of lines of code to be examined quickly and effectively. He cofounded Coverity in San Francisco to apply the technology commercially. More than 450 customers, including Raytheon and Yahoo, use Coverity’s tools to vet their software. –Neil Savage