Live Scanner

Paste code. Get proof.

Z3 SMT engine analyzes your code and returns a formal verdict — SAT or UNSAT. Works on any code, not just demos.

input.c
cobalt — z3-engine
# Select a demo, paste code, or upload a file
#
# COBALT detects (real patterns, any code):
# · CWE-190 Integer overflow (C, Go, Rust)
# · CWE-195 Signed-to-unsigned conversion (C)
# · CWE-416 Use-after-free (C)
# · CWE-476 Null / uninitialized pointer (C, Go)
# · CWE-787 Buffer overflow via unsafe functions (C)
# · CWE-94 Code injection via eval() (Python)
# · CWE-78 Command injection (Python)
# · CWE-89 SQL injection (Python)
# · CWE-457 Unbound variable (Python)
# · SWC-107 Reentrancy (Solidity)
# · SWC-101 Integer overflow (Solidity <0.8)
# · CWE-248 Unchecked unwrap() (Rust)
# · CWE-676 unsafe block (Rust)
#
# Each finding: Z3 formula + SAT/UNSAT + counterexample
Enterprise

Full project scan. PDF proof certificate. CI/CD integration.

This scanner detects real patterns in any code. Enterprise COBALT scales to full codebases with libclang AST parsing, cross-file taint analysis, and signed proof certificates.