Coverity SAVE

Coverity® Static Analysis Verification Engine (Coverity SAVE®), the award-winning analysis engine for the Coverity Development Testing platform, applies multiple patented techniques for accurate issue detection, based on a decade of research and development and analysis of over 5 billion lines of proprietary and open source code.

Coverity SAVE intelligently tests code with a deep understanding of its behavior, criticality and change impact to focus testing on high risk areas and accurately detect defects often difficult to find through traditional testing.

coverity-save-infographic

Accurate Compilation

Accurate compilation is a prerequisite to accurate analysis. Coverity SAVE integrates seamlessly with any build system and generates a high fidelity representation of the source code to ensure a deep understanding of its behavior. Coverity SAVE supports the market leading compilers for C/C++, Java and C#.

Depth and Accuracy of Analysis

Coverity SAVE provides full path coverage, ensuring that every line of code and every potential execution path are tested. Coverity SAVE utilizes multiple patented techniques to ensure deep, accurate analysis. Including:

  • Interprocedural Dataflow Analysis identifies complex issues that cross function, file and class boundaries versus simple style violations or superficial issues.
  • Boolean Satisfiability solvers dramatically improve accuracy by performing a bit-accurate analysis.
  • False Path Pruning understands the data dependencies in your code and eliminates infeasible paths from the analysis.
  • Statistical Profiling automatically detects coding patterns and learns the programmer’s intent to reduce “noise” in the results. In other words, we understand what you meant to say, not what you said.
  • Design Pattern Intelligence understands patterns and programming idioms in C/C++, Java and C# which are integrated into the analysis.
  • Enterprise Framework Analyzer augments source code analysis by providing a deep understanding of modern web applications including dependency injection, entry points and the MVC paradigm.
  • White Box Fuzzer automatically validates that data sanitization routines perform sufficient sanitization of untrusted data and are used in the right context.
  • Change Impact Analysis – Patent Pending automatically maps code and function dependencies to analyze all impacted code related to change—the changed code itself and the code impacted by a change. Only by understanding the full impact of a change can you ensure complete testing coverage over your high risk code.

Speed of Analysis

Coverity SAVE was built from the ground up to fit into your existing workflow.

  • Parallel Analysis allows Coverity SAVE to run on up to sixteen cores simultaneously and delivers up to a 10x performance improvement over serial analysis.
  • Incremental Analysis enables analysis acceleration by only re-analyzing the code which has changed or been impacted by a change, instead of the entire codebase each time.

Scale of Analysis

Coverity SAVE scales to accommodate thousands of developers in geographically distributed environments and can analyze projects in excess of 100 million lines of code with ease.