Coverity Dynamic Analysis

Coverity® Dynamic Analysis helps developers, QA, and test engineers quickly identify hard to diagnose defects in multi-threaded Java applications. With minimal impact to your team or test environment, Coverity Dynamic Analysis automatically instruments Java programs and provides reliable, accurate, and reproducible detection of concurrency errors that could result in performance degradation, system crashes, or security vulnerabilities. Coverity Dynamic Analysis' unique defect detection capabilities identify problems that will certainly occur in limited testing environments as well as problems that have the potential to occur over extended operations in the field.

Through Coverity Integrity Manager, the intuitive user interface for Coverity Dynamic Analysis, developers and development managers can quickly find the defects their code, easily understand defects and their impact, prioritize defects based upon severity, and identify all of the places a defect exists across projects and products that re-use code. Coverity Dynamic Analysis helps increase developer productivity by finding and fixing defects faster, increases visibility into defect history within and across projects to stay on-schedule and make better fix/no fix decisions, and reduces the risk of product quality issues in the field.

Best of Breed Analysis Engine

Types of Concurrency Defects Identified

Coverity Dynamic Analysis finds concurrency defects such as race conditions, deadlocks, and resource leaks by analyzing your Java program while it runs.

Race Conditions can cause incorrect application behavior and introduce security vulnerabilities in multi-threaded applications. Race conditions typically result when two or more threads both access a field, array, or collection without acquiring a lock to guard access.

Deadlocks are a common problem in multi-threaded applications. Deadlocks typically result when two Java threads wait for each other to release a lock, or more than two Java threads wait for locks in a circular chain.

Resource Leaks can result in performance degradation and bottlenecks caused by over-synchronization.

Integration with Coverity Static Analysis

Coverity Dynamic Analysis provides the industry's first and only tightly-coupled integration with Coverity Static Analysis to further increase the accuracy of static analysis results and speed the dynamic detection of defects in your code.

Static analysis and dynamic analysis are complimentary techniques, as static analysis identifies a larger range of defects by traversing all possible execution paths, while dynamic analysis focuses on the paths that are exercised in test workloads. But both are necessary for Java applications, as dynamic Java code analysis identifies concurrency defects that static analysis may miss given that certain errors can only occur at run-time.

By combining static code analysis and dynamic code analysis techniques together, it increases the accuracy and speed of defect detection to provide the most thorough analysis of race conditions, deadlocks, and resource leaks.

Defect Management

"Explaining errors is often more difficult than finding them. A misunderstood explanation means the error is ignored or, worse, transmuted into a false positive."- A Few Billion Lines of Code Later

When faced with 1,000s of defects, where do you start? For every defect discovered, Coverity Integrity Manager provides a clear explanation of the defect, the severity, and location of the defect to help you answer three important questions:

  1. Which defects are the most critical?
  2. Which defects do I fix first (or at all)?
  3. Which other projects and products are impacted by this defect?

With this visibility, developers can dramatically reduce triage time. Individuals now have actionable information to make better fix/no fix decisions based upon impact to a single project, across all projects, across the product portfolio, and to the business, reducing the risk of schedule slips and quality issues across products.

Defect Description

Coverity Integrity Manager provides a clear description of the defect, the severity and potential business impact so developers can quickly identify which defects to fix first.

Common Weakness Enumeration (CWE) Mapping

Through the Coverity Integrity Manager, we map every defect to the CWE specification, a community-developed defect dictionary, to gather defect information and get a better understanding of defect severity, identify what kind of exploits are found around that defect, and get potential fix guidance. This provides one-click access to a rich knowledge base which takes the guess work out researching unfamiliar defects, and helps you identify the root cause faster.

Defect Navigation

Coverity enables users to pinpoint the exact location in the code where the defect exists and displays the actual code so you can better understand the defect context. Developers can also view the number of occurrences of the defect across projects, code streams and versions.

Checker Classification

This helps you easily prioritize defects by combining checkers into categories, such as crash-causing errors, security vulnerabilities, unexpected behavior, and performance degradation. The classification maps each checker into categories based upon how it manifests into issues, such as memory corruption, resource leaks, security best practices violations, and insecure handling of data, to name a few. These defect types are then prioritized based upon high, medium, and low impact, derived from Coverity's experience scanning millions of lines of open source code.

Source Code Navigation

This intuitive navigation helps you evaluate and understand the scope of the problem within the context of the rest of the source code, using the original files and directory structure.

Flexible Defect Filtering

Coverity Integrity Manager enables users to quickly see the information most important to them by providing flexible defect filtering capabilities.

Defect Impact Mapping

To save time, developers often re-use code. However, as codebases grow, code sharing and branching increases the complexity and difficulty of defect detection. With other solutions, you get a list of defects but no insight into the impact; the same defect will look like multiple defects, and piecing together the defect's impact to projects and products is a manual effort.

Unified View for Managing Static and Dynamic Analysis Defects

By combining both Coverity Static Analysis and Coverity Dynamic Analysis results into a single view through the Coverity Integrity Manager interface, you can easily view and manage all Coverity-identified defects together. By viewing both static and dynamic analysis defects in one place, it increases the efficiency of the defect resolution process by fixing defects based upon their risk and impact, and provides visibility into defect status and trending across your entire project or product portfolio.

Defect Reporting

Viewing and tracking defect history and resolution status at the branch level, the project level, and across projects is critical to make better decisions and measure developer productivity and quality improvement over time. In addition, you can use Coverity reports as a way to certify code quality--your code and third party code received from your software supply chain--to internal and external customers and audit teams.

Coverity Integrity Manager reporting allows you to answer three critical questions:

  1. Which defects have been fixed and have all critical defects been fixed?
  2. Have all instances of the defect across shared code been triaged and fixed (or not fixed)?
  3. What does my defect and quality trending look like by product, by release, by checker and defect type, and by user over time?

Metrics & Trending

Coverity provides unparalleled visibility into quality, security and efficiency trends across the organization. Within Coverity Integrity Manager developers can see detailed information about the number of defects since the last analysis, the defects that were found in the central build, defects found on their desktop and more. Through Coverity Integrity Control managers and business executives get a more expansive view of quality and security trends over time, by team or by software component. Managers can quickly drill down into a detailed view to get a deeper understanding of areas of risk in their organization.

Featured Resources

White Papers

Datasheet

Demos

Additional Links

Related News and Articles

News Articles

Press Releases

Next Steps

Connect