Coverity static analysis for C, C++ and Java code

It's a well known principle of software engineering that the earlier bugs can be caught, the lower the overall cost. As such, testing needs to happen at every level. Once your project is at the coding stage, the earliest form of testing is on the code itself, not on the binaries the compiler produces.

We run a variety of tools over critical codebases such as Upstart and Whoopsie regularly to identify issues well before they "escape into the wild". These tools include Coverity Scan (see the list of projects already using it).

If you really care about your code and you are involved with a C, C++ or Java project, I'd strongly encourage you to take a look at this awesome tool. If you aren't directly involved in such projects, try contacting those running them and suggesting they use Coverity.

The Coverity Scan service is entirely free for OSS projects. You will need to register to obtain an account and then download the client analysis tool. Once setup, a particularly attractive feature is the ability to auto-upload the analysis data generated for your project using ESR's coverity-submit tool. This could for example be hooked into your upload or release process to ensure no code quality regressions. After you have uploaded the analysis data, you can browse through the results of the scan using the web interface in a variety of ways, including a view that shows the errors "inline" with markers added around the code Coverity has identified as problematic.

For those who have either never used static analysis tools, or have simply never used Coverity, don't fall into the trap of thinking that gcc -pedantic -Wall or even LLVM's scan-build should be "good enough for anyone" - it simply is not. Consider too Steckel's Rule to Success,

"Good enough is never good enough"

Coverity performs very deep analysis and its results may well surprise you... but rather that than unexpected surprises for your users.

Apologies if this post sounds like a bit of a sales pitch. It really isn't though: the Coverity service is free and what they are offering really is too good to ignore.

Note: I have no affiliation with Coverity - I'm just extremely impressed with their Scan tool! :-)


  1. Even if it's gratis for free software, it is not free software itself, so I'm concerned: have you tried and compared it to free tools such as gcov or clang based tools?

  2. @Alexandre - I appreciate that. I use all the OSS tools you mention (and others such as smatch) *in combination* with Coverity. From my observations, Coverity has much better coverage that the current OSS offerings (however, I have no intention of stopping using the OSS tools).

    My favourite static-analysis tool used to be splint, but that project appears to have languished. If only someone would update it to support atleast C99... :-)

  3. Hello, James.
    I suggest trying a new code analyzer CppCat -

  4. Nice article, thanks for the information. It's very complete information. I will bookmark for next reference
    jaring futsal | jaring golf | jaring pengaman proyek |
    jaring pengaman bangunan | jaring pengaman gedung

  5. Thank you for the post, Can you please help me with the driver download link, I believe the patch related to printer installation is missing in my system

    123 hp officejet 6230 setup


  6. Thank you for your feedback. We're glad you enjoyed the post. Feel free to share it with others you think may benefit from this information.

    123 HP Ojp8710

  7. Excellent information.I like the way of writing and presenting.
    123 HP Officejet Pro 8741 Setup

  8. Great blog! I really love how it is easy on my eyes and the information are well written.
    HP Envy 5545 Printer Installation Support

  9. Awesome blog and its well written to understand it.keep sharing your informative ideas.
    hp officejet pro 8741 scanner driver

  10. Excellent blogs!!!!you have for sharing them effect information..we developer very learning to easy

    hp officejet pro 8710 connect to computer

  11. Confronting issues with your HP printer? Need help with setup and installation? Dial the HP printer toll-free support phone number. The customer support service is available 24/7 to troubleshoot all technical issues.

  12. Is your Brother printer malfunctions or stop working? It might happen due to technical issues in your Brother printer. Get assistance for identifying the actual issue and call us the Brother printer support number and avail 24/7 support for resolving them.

  13. Do you want to install or set up your Dell Printer Support ? Get one-stop solution to all your technical printer issues by dialing the Dell printer toll-free number. The customer support service is available 24/7.

  14. Thank you for the great post.
    Prancer is a pre-deployment and post-deployment multi-cloud validation framework for your Infrastructure as Code (IaC) pipeline and continuous compliance in the cloud.


Post a Comment

Popular posts from this blog

Procenv v0.58 released

Byobu Bling with Unicode Custom Indicators

rout is out