![[Deutsch]](flaggeD.jpg){kind=small}
The Coverity Difference
 |
Static analysis covers a broad range of technologies that analyze source code. While many tools claim to find hundreds and thousands of bugs, there are many additional factors that are essential to consider in selecting a tool. Some of the most important factors include the following:
Accuracy
Many static analysis tools suffer from a high false positive rate due to the lack of sophistication in their analysis techniques. More often than not, the false positive rate is one of the primary reasons that a tool will be rendered unusable. Coverity has created numerous innovations such as False Path Pruning (FPP) that significantly eliminate false positives, driving the false positive rate to 20% right out of the box. With only minor additional tuning, the false positive rate can be reduced even further.
Depth of Analysis
The deeper the analysis the more interesting and valuable the results are, particularly with hard-to-find defects that typically slip through QA and into the field. Coverity performs a full interprocedural data flow analysis on the entire code base. Coverity applies this analysis to 100% of all possible paths in the code providing complete coverage. Coverity also conducts patent pending statistical analysis that can understand company specific idioms, and detect inconsistent or deviant uses of non-standard interfaces.
Breadth of Analysis
Managing multiple tools to accomplish many goals introduces significant costs. Coverity provides a full range of quality and security checkers that run from our analysis platform. Even companies who are providers of quality and security solutions use Coverity to improve the quality and security of their own products. Coverity finds problems that can result in memory and resource leaks, system and process crashes, data/memory/file corruption, performance degradations, unpredictable behavior, concurrency problems, deadlocks, performance degradations and security problems like buffer overflows, denial of service, command injection attacks, privilege escalations and format string errors.
Low Total Cost of Ownership
Coverity seamlessly integrates with your existing environment and is designed to be highly effective even right out-of-the-box. Coverity can be typically deployed and configured within hours and days, not weeks and months as with many other static tools. Coverity is an extremely easy to use tool that enables developers to manage the bug lifecycle from time of reporting to fixing. With the most advanced analysis engine and an extremely low false positive rate, Coverity provides the most interesting and useful results without taxing your time and resources.
Extensible
Coverity Prevent enables you to create custom checks on top of our powerful analysis engine to meet the unique needs of your development organization and code base. You can set custom rules that are specific to your organization to enforce coding standards or detect problems in your code.
Massively scalable
Due to the complexity of static analysis, many tools take even days and weeks to analyze. Coverity typically takes just a small multiple over the build time - so if your build is an hour in length, Coverity typically takes just a few hours. Many of Coverity's customers routinely run Coverity Prevent daily on tens of millions of lines of code. Coverity Prevent is extremely scalable and can find the most critical defects on the largest code bases, how matter how large and complex.
In the end, any company can claim any capabilities that they wish, however the real proof comes in testing the tool on your whole code base in your environment. There is no better way to evaluate a tool than running it in your environment. This is why Coverity absolutely recommends a free onsite trial so that you can determine for yourself how valuable the tool will be in your environment.
 Coverity Mainpage |
 |
 Next page |
last updated: 12.02.2008
© 2004-2008 Coverity Inc.
Prevent and Extend are products and trademarks of Coverity,
San Francisco (USA)
all other trademarks of this site are the property of their respective owners.