Coverity has published the 2008 edition of its Open Source Report. The report uses static code analysis on C, C++, and Java source code to determine the quality of the code. These reports are funded by the US Department of Homeland Security and supported by Stanford University, and are part of the US government's Open Source Hardening Project. The report is based on over two years' worth of data from Coverity Scan.
To read all comments associated with this story, please click here.
Member since:2006-11-19
First, this tool is not only for C/C++. And they're actively monitoring open source projects for defects, which is a good thing.
Anyways, you question is not much different from "Why do we need new editors while we have good old Vi?" (Actually vi question is more serious).
Member since:2006-03-23
Member since:2005-07-08
Coverity is vastly superior to any other static analysis tool on the market. It does inter-procedural analysis (following semantic paths across function and library calls), incremental analysis (only scans paths that changed since the last scan), concurrency checking, locking consistency, enforcement of arbitrary coding standards, and much more.
My favorite aspect of Coverity is the web-based interface that combines a syntax-highlighted, hyperlinked source browser with a step-by-step trace of the path leading to the selected defect inlined right into the code. As someone who has previously worked on integrating far less user-friendly static analysis tools into commercial development projects, Coverity is a thing of beauty.
Edited 2008-05-23 01:11 UTC
Member since:2005-07-07
If it does concurrency checking and locking consistency, that's a very useful feature in my book.
Member since:
2005-07-07
How does this tool differ from good old Lint that's available for C/C++?
From the little details I can gain from that website, it appears to be little more than a Lint-like tool. If that is the case, I do not see the point as there are hundreds of such programs around. See http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis for a list.