Coverity Static Analysis

Defect Understanding

    1. Which defects are the most critical?
    2. Which defects do I fix first (or at all)?
    3. Which other projects and products are impacted by this defect?

With this visibility, developer efficiency is improved by spending less time on researching the defect, fixing the critical priority defects first, and reducing defect triage time by easily identifying all of the places the defect exists. Development managers and executives now have actionable information to make better fix/no fix decisions based upon impact to a single project, across all projects, across the product portfolio, and to the business, reducing the risk of schedule slips and quality issues across products.

Defect Description
Coverity Static Analysis provides a description of the defect in plain English along with information on how it impacts your code or program.

Common Weakness Enumeration (CWE) Mapping
Coverity Static Analysis is the first solution to provide a link to the CWE specification, a community-developed defect dictionary, to gather defect information and get a better understanding of defect severity, identify what kind of exploits are found around that defect, and get potential fix guidance. This provides one-click access to a rich knowledge base of defect detail, taking the guess work out researching unfamiliar defects, and helping you identify the root cause faster.

Defect Navigation
This intuitive and precise navigation helps visualize the flow of the code with conditional statements. Navigation markers serve as guides around the code to understand defect context. Symbol highlighting helps to emphasize the occurrences, or uses, of the symbol in a given file and provides a way to navigate to the declaration or definition.

Inline Expansion of Function Calls
For interprocedural defects, you can expand function calls inline and understand the execution path for deeply nested events to get a comprehensive explanation of the defect, an impossible task during manual code reviews.

Checker Classification
This helps you easily prioritize defects by combining checkers into categories, such as crash-causing errors, security vulnerabilities, unexpected behavior, and performance degradation. The classification maps each checker into categories based upon how it manifests into issues, such as memory corruption, resource leaks, security best practices violations, and insecure handling of data, to name a few. These defect types are then prioritized based upon high, medium, and low impact, derived from Coverity´s experience scanning millions of lines of open source code.

Source Code Navigation
This intuitive navigation helps you evaluate and understand the scope of the problem within the context of the rest of the source code, using the original files and directory structure.

Iterative Refinement of Filtering Criteria
An efficient way to get to the exact defect that needs to be analyzed, this allows you to build the filtering query incrementally to get feedback on partial results and then easily build or backtrack the filters as needed.

Project and Product Impact Mapping
Re-use of code is a standard practice in most development organizations today for efficiency purposes, but as codebases grow, code sharing and branching increases the complexity and difficulty of defect detection. With other solutions, you get a list of defects but no insight into the impact, the same defect will look like multiple defects, and piecing together the defect´s impact to projects and products is a manual effort.

Coverity Static Analysis provides the industry´s first capability to automatically map the impact of a defect across the entire codebase, alerting you of the presence of a single defect in other projects and products that share code. It also allows you to visualize all of the code branches together so you can see the defects that matter to you.

The process of defect disposition becomes precise and manageable, as you can quickly identify the impact of a defect from one part of the code on the entire product portfolio. And what was before flagged as multiple defects is now considered a single defect, increasing efficiency to fix defects faster and increasing visibility to focus on addressing the high priority defects based upon impact.