Static Analysis Custom Checkers

Writing Coverity Custom checks only requires C and C++ programming skills. Once you compose an extension, it integrates directly into the Coverity analysis engine which executes the checks across your entire code base.

Sample Checks:

  • Disable interrupts locally rather than globally
  • Enforce custom security polices
  • Use memory mapped I/O rather than copying
  • Enforce naming conventions
  • Get all properties of parent classes
  • Enforce that arrays for callers be null-terminated
  • Use of global variables
  • Find all arguments that are passed by reference
  • Report assignments to the iteration variable inside a while loop
Customized Static Analysis in 3 Steps:
  1. Define a rule
    Begin creating a check by defining a sequence of source code actions along a path that could trigger a defect. Coverity Static Analysis includes a simple library of macros and templates for performing highly complex analysis functions.
  2. Specify pattern matches
    Specify a pattern match against the line and artifact in the source code. At the simplest level, matches can be textually based, such as a function name. However, nearly any type of pattern can be expressed as an Extend rule, so very complex defects can also be captured.
  3. Integrate into GUI
    Coverity Static Analysis provides a standard set of customizable routines for creating error messages and enabling GUI integration.

Example: Using path analysis to detect performance degradation caused by a blocking call 

#include “extend-lang.h”
enum fun_state_t {
  UNLOCKED = 0,
  LOCKED = 1
};
START_EXTEND_CHECKER( block_check, int_store );
ANALYZE_TREE()
{
  Fun locking_fun(“lock”);
  Fun unlocking_fun(“unlock”);
  Fun blocking_fun(“fopen”);
  if ( MATCH(locking_fun) ) {
    SET_STATE(LOCKED);
  } else if ( MATCH(unlocking_fun) ) {
    SET_STATE(UNLOCKED);
  } else if ( MATCH(blocking_fun) ) {
    if ( GET_STATE() == LOCKED ) ) {
      COMMIT_ERROR(“Called fopen within a locking context.”);
    }
  }
}
END_EXTEND_CHECKER();
MAKE_MAIN( block_check )

Contact us to find out how Coverity Static Analysis can shorten your development cycles and help you deliver more reliable, secure software.

Phone

+1 (415) 321-5237 (International)
(800) 873-8193 (U.S. toll-free)

Email

sales@coverity.com

“Coverity has become a key component of our quality commitment.”
Gordon Thompson
Senior Development Director, ARRIS