Gracenote Increases Developer Productivity with Coverity Prevent
Gracenote Challenge
Gracenote, Inc. provides embedded technology, enriched content, and data services for a wide array of digital entertainment solutions that manage and deliver digital music to hundreds of millions of consumers every day. Gracenote’s applications perform a host of functions including accessing the company’s Global Media Database, by far the largest such database in existence, to identify and display information regarding individual songs including title, artist, and track names.
Gracenote technology is a component of the world’s foremost music applications such as Apple iTunes, Winamp, Yahoo! Music Jukebox, and many others. Beyond desktop applications, which can be updated dynamically if necessary, code integrity is even more critical in another aspect of Gracenote’s business – providing embedded technology for music players from manufacturers such as Sony, Panasonic, Alpine and Philips. These companies leverage technology from Gracenote to help enhance the user experience for millions of home and automotive products every year.
“We believe it’s important to use every kind of tool we can to eliminate errors as early as possible in the
development cycle. When I saw Coverity Prevent, I knew we needed to explore what it could do. After
less than a year, Prevent is a key weapon in our arsenal.”
M. W. Mantle
Senior Vice President of Development, Gracenote
Senior Vice President of Development, Gracenote
These embedded systems are challenging to update once they are in the field, which means Gracenote simply cannot tolerate software defects in the field. Because of this, it is imperative that developers successfully identify and eliminate potential software errors prior to release. Embedded code is so important that some of Gracenote’s automotive industry customers regularly request briefings on the latest innovations in the company’s ongoing software quality initiatives.
Solution
“Quality is important to any company, but it’s critical in our business and we’re proactive about utilizing technology that can help assure our code is defect-free prior to release,” said M. W. Mantle, Senior Vice President of Development for Gracenote.
In 2007 Gracenote decided to incorporate static source code analysis software into its development environment and performed a systematic vendor evaluation to help decide on a particular product. During an on-site pilot analyzing Gracenote code, “Coverity Prevent did the best job of getting to the heart of problems and providing readily usable information about them,” reported Peter Buettner, Director of Client Software Systems who managed the vendor evaluation for Gracenote. “The reports Coverity Prevent provided were deeper, identified problems and provided English language statements to help us understand them better than other options considered. In addition, Coverity’s team did an excellent job of demonstrating Prevent in action using our own code – something the other vendor had trouble with.”
“During our demonstration it was clear
that Coverity Prevent understood our
source code at a very fundamental level.
Because of this the product was able
to effectively pinpoint defects, thereby
directly accelerating our ability to
eliminate problems and bring code of
the highest quality to market.
”
M. W. Mantle
Senior Vice President of Development, Gracenote
Senior Vice President of Development, Gracenote
Gracenote selected Coverity Prevent as its static analysis solution because the product targeted potential defects with the lowest false positive rate among the products the company evaluated. “After selecting Coverity, installation into our development process proved to be very quick and straightforward,” said Buettner. “There was almost no learning curve. Our team didn’t need a training course – they just read the documentation and went to work using the product.”
Gracenote initially deployed Coverity Prevent to its desktop application developers, who immediately began using it to identify software defects. “Our developers were impressed with the speed and accuracy of results,” said Buettner. “Even though most of the bugs Coverity Prevent has found weren’t fatal, by fixing them we were able to drive the quality of our code to even higher levels of excellence. Equally important was what we did not find – for example, buffer overflows are of particular concern as a security threat, and it was useful to have Coverity Prevent prove our code was free of this defect type.”
Based on this success Gracenote expanded its Coverity deployment to support the company’s embedded software developers, some of whom were unsure they would benefit from using Coverity Prevent. After another quick implementation, Coverity Prevent revealed a number of potential defects and guided the embedded team in making repairs. “Even the people who had questioned the need for the tool realized how valuable it is after using it, particularly for subtle bugs like memory leaks that other tools like syntax checkers can’t detect,” said Mantle. “Now our embedded software developers have embraced Coverity Prevent the same way our desktop developers have, making it a standard part of our release process.”
Details
“Coverity Prevent is proving especially valuable for elusive bugs that used to take inordinately long to find manually,” said Ben Ceschi, Senior Software Engineer at Gracenote, who cited an example that recently arose in the PC software. “We had a pointer to a local variable that was going out of scope and would have made a portion of our database inaccessible. Our QA team couldn’t have found the bug because it happened only in a highly specific situation for which there was not a test case. Coverity Prevent found the defect easily, and in the process of doing so saved what would have been substantial time trying to replicate the required test conditions.”
“Because Coverity Prevent produces so
few false positives, we can afford the
time to look into all results as opposed
to other tools where there are so many
false positives that it’s hopeless to try
and examine all results.”
Ben Ceschi
Senior Software Engineer at Gracenote
Senior Software Engineer at Gracenote
“Another thing we like about Coverity Prevent is its very low false positive rate,” continued Ceschi, whose group, during early testing, found somewhere between 50 and 100 bugs with Coverity Prevent and noted only two false positive results. “We contacted Coverity technical support about one of the false positives, and it turned out they knew about it and had a workaround for us. The other one actually helped us in the end, because it prompted us to take closer note of an area of code that was too complicated and could be improved with some proactive cleanup.”
“Incorporating Coverity Prevent into our development process means that bugs as they are written, rather than days later in QA, or, worse, months later by our customers,” said Andrew Seigner, Senior Software Engineer at Gracenote. “Automating usage of Coverity Prevent is relatively easy, and, combined with its simple web interface, provides immediate feedback on new development. This speedy turnaround not only catches bugs early, but helps the development team to learn in “real-time” and be more focused towards writing solid, bug-free, code.”
“We regard our investment in Coverity
as a valuable decision that legitimized
Gracenote’s code quality initiatives.
Now when questions arise regarding
our development practices, we mention
Coverity Prevent and how it is helping us
develop code of the highest integrity.”
M. W. Mantle
Senior Vice President of Development, Gracenote
Senior Vice President of Development, Gracenote
One of the major benefits of Coverity Prevent to Gracenote is the developer productivity improvement it is making possible. “Our developers tell us that they’re spending about an hour less per day debugging code on some projects because Coverity Prevent is doing so much to help them, which is an outstanding business benefit for us,” said Mantle. “However, for senior management, that’s really just gravy. The most important benefit we derive from Coverity is the insurance it helps to provide against field defects. We rest easier knowing we have an ally like Coverity to help ensure the integrity of our code. While other developers may not experience the same benefits, Gracenote plans to continue and expand the use of Coverity Prevent for our products.”
Conclusion
Deploying Coverity Prevent across multiple development teams that produce both desktop and embedded technology provided Gracenote with a solution to help ensure the integrity of its most important products. By automating code analysis and presenting potential defects in an easy-to-navigate interface for developers to use, Gracenote successfully added another layer of defense against potential product integrity issues while increasing overall developer productivity. A summary of results includes:
- Objective, comprehensive code analysis allows Gracenote to confirm the total absence of specific high-risk defect types
- Demonstrable improved developer productivity by as much as 12.5% by leveraging Coverity Prevent to automate defect detection for the company’s embedded and desktop developer teams
- Accurate, easy-to-use results, with reported false positive rates at or below 8%
About Gracenote
Gracenote, a wholly owned subsidiary of Sony Corporation of America, is a global leader in embedded technology, enriched content, and data
services for digital entertainment solutions within the Internet, consumer electronics, mobile, and automotive markets. Formerly known as
CDDB®, Gracenote delivers a substantially improved consumer experience in digital media devices and applications, plus media monitoring
and other data services to the recording industry, making it an integral part of the digital media economy. Gracenote powers leading services
including Apple iTunes, Yahoo! Music Jukebox, Winamp; home and automotive products from Alpine, Panasonic, Philips and Sony; and mobile
music applications from Samsung, Sony Ericsson, KDDI ( Japan), KTF (Korea), Musiwave (Europe), and others. Headquartered in Emeryville,
California, Gracenote has offices in New York, Tokyo, Berlin and Seoul. For more information about Gracenote, please refer to www.gracenote.com/corporate/.
Industry: Consumer products/Entertainment
Business Challenge: Code quality and security are paramount considerations for Gracenote, Inc., a wholly owned subsidiary of Sony Corporation of America and a global leader in embedded technology, enriched content, and data services for digital entertainment solutions within the Internet, consumer electronics, mobile, and automotive markets. When the company delivers new code, particularly code that is ultimately embedded in consumer electronics devices like car stereo systems that cannot realistically be updated, it needs to be of exceptional integrity. As an additional layer of defense against software defects, Gracenote wanted a tool that could help identify hard-to-find bugs during the development and test process.
Results: As an integral part of Gracenote’s development and release process, Coverity Prevent gives the company extra insurance against defects in released code. Prevent provides an automated, objective means for Gracenote development teams to ensure the quality and security of any code they add or modify to the company’s widely adopted digital media recognition and management solutions. In addition to helping Gracenote continue to deliver high-integrity solutions, the company estimates that its developers are now more productive because Prevent’s automated analysis quickly and accurately identifies hardto- find code defects with a low false positive rate. Individual programmers have shown as much as 5 hours per week saving (12.5%) with a low false positive rate of 4 per 50 (8%) problems identified.