Coverity Dynamic Analysis

Coverity Dynamic Analysis helps developers, QA, and test engineers quickly identify hard to diagnose defects in multi-threaded Java applications. With minimal impact to your team or test environment, Coverity Dynamic Analysis automatically instruments Java programs and provides reliable, accurate, and reproducible detection of concurrency errors that could result in performance degradation, system crashes, or security vulnerabilities. Coverity Dynamic Analysis' unique defect detection capabilities identify problems that will certainly occur in limited testing environments as well as problems that have the potential to occur over extended operations in the field.

Through Coverity Integrity Manager, the intuitive user interface for Coverity Dynamic Analysis, developers and development managers can quickly find the defects their code, easily understand defects and their impact, prioritize defects based upon severity, and identify all of the places a defect exists across projects and products that re-use code. Coverity Dynamic Analysis helps increase developer productivity by finding and fixing defects faster, increases visibility into defect history within and across projects to stay on-schedule and make better fix/no fix decisions, and reduces the risk of product quality issues in the field.

Best of Breed Analysis Engine

Types of Concurrency Defects Identified

Coverity Dynamic Analysis finds concurrency defects such as race conditions, deadlocks, and resource leaks by analyzing your Java program while it runs.

Race Conditions can cause incorrect application behavior and introduce security vulnerabilities in multi-threaded applications. Race conditions typically result when two or more threads both access a field, array, or collection without acquiring a lock to guard access.

Deadlocks are a common problem in multi-threaded applications. Deadlocks typically result when two Java threads wait for each other to release a lock, or more than two Java threads wait for locks in a circular chain.

Resource Leaks can result in performance degradation and bottlenecks caused by over-synchronization.

Integration with Coverity Static Analysis

Coverity Dynamic Analysis provides the industry's first and only tightly-coupled integration with Coverity Static Analysis to further increase the accuracy of static analysis results and speed the dynamic detection of defects in your code.

Static analysis and dynamic analysis are complimentary techniques, as static analysis identifies a larger range of defects by traversing all possible execution paths, while dynamic analysis focuses on the paths that are exercised in test workloads. But both are necessary for Java applications, as dynamic analysis identifies concurrency defects that static analysis may miss given that certain errors can only occur at run-time.

By combining static analysis and dynamic analysis techniques together, it increases the accuracy and speed of defect detection to provide the most thorough analysis of race conditions, deadlocks, and resource leaks.

Defect Understanding, Prioritization, and Impact Mapping

"Explaining errors is often more difficult than finding them. A misunderstood explanation means the error is ignored or, worse, transmuted into a false positive."- A Few Billion Lines of Code Later

When faced with 1,000s of defects, where do you start? For every defect discovered, Coverity Dynamic Analysis provides a clear explanation of the defect, the severity, and the impact to help you answer three important questions:

  1. Which defects are the most critical?
  2. Which defects do I fix first (or at all)?
  3. Which other projects and products are impacted by this defect?

With this visibility, developer efficiency is improved by spending less time on researching the defect, fixing the critical priority defects first, and reducing defect triage time by easily identifying all of the places the defect exists. Development managers and executives now have actionable information to make better fix/no fix decisions based upon impact to a single project, across all projects, across the product portfolio, and to the business, reducing the risk of schedule slips and quality issues across products.

Defect Description

Coverity Dynamic Analysis provides a description of the defect in plain English along with information on how it impacts your code or program.

Common Weakness Enumeration (CWE) Mapping

Coverity Dynamic Analysis is the first solution to provide a link to the CWE specification, a community-developed defect dictionary, to gather defect information and get a better understanding of defect severity, identify what kind of exploits are found around that defect, and get potential fix guidance. This provides one-click access to a rich knowledge base of defect detail, taking the guess work out researching unfamiliar defects, and helping you identify the root cause faster.

Defect Navigation

This intuitive and precise navigation helps visualize the flow of the code with conditional statements. Navigation markers serve as guides around the code to understand defect context. Symbol highlighting helps to emphasize the occurrences, or uses, of the symbol in a given file and provides a way to navigate to the declaration or definition.

Checker Classification

This helps you easily prioritize defects by combining checkers into categories, such as crash-causing errors, security vulnerabilities, unexpected behavior, and performance degradation. The classification maps each checker into categories based upon how it manifests into concurrency issues. These defect types are then prioritized based upon high, medium, and low impact.

Source Code Navigation

This intuitive navigation helps you evaluate and understand the scope of the problem within the context of the rest of the source code, using the original files and directory structure.

Iterative Refinement of Filtering Criteria

An efficient way to get to the exact defect that needs to be analyzed, this allows you to build the filtering query incrementally to get feedback on partial results and then easily build or backtrack the filters as needed.

Project and Product Impact Mapping

Re-use of code is a standard practice in most development organizations today for efficiency purposes, but as codebases grow, code sharing and branching increases the complexity and difficulty of defect detection. With other solutions, you get a list of defects but no insight into the impact, the same defect will look like multiple defects, and piecing together the defect's impact to projects and products is a manual effort.

Coverity Dynamic Analysis provides the industry's first capability to automatically map the impact of a defect across the entire codebase, alerting you of the presence of a single defect in other projects and products that share code. It also allows you to visualize all of the code branches together so you can see the defects that matter to you.

The process of defect disposition becomes precise and manageable, as you can quickly identify the impact of a defect from one part of the code on the entire product portfolio. And what was before flagged as multiple defects is now considered a single defect, increasing efficiency to fix defects faster and increasing visibility to focus on addressing the high priority defects based upon impact.

Unified View for Managing Static and Dynamic Analysis Defects

By combining both Coverity Static Analysis and Coverity Dynamic Analysis results into a single view through the Coverity Integrity Manager interface, you can easily view and manage all Coverity-identified defects together. By viewing both static and dynamic analysis defects in one place, it increases the efficiency of the defect resolution process by fixing defects based upon their risk and impact, and provides visibility into defect status and trending across your entire project or product portfolio.

Ease and Flexibility of Use

Coverity Dynamic Analysis can be easily integrated into your existing development and testing environment, from a subset of code to the entire application, depending on usage.

Ad hoc Analysis

In this analysis model, you can run your entire application with Coverity Dynamic Analysis to identify concurrency issues throughout the program, such as running it through different workflows, using multiple users or tasks simultaneously, and exercising the code so that multiple threads access shared data.

Desktop Analysis

In this analysis model, if you make a change to part of the codebase you can run Coverity Dynamic Analysis on the specific portion of the code in question instead of the entire application. This scenario provides a focused analysis of the code being developed and the code with which it interacts. Coverity Dynamic Analysis also has an Eclipse Plugin, enabling developers to fix defects directly from their desktop, before they check their code into the build.

Automated Analysis

In this model, QA and Build Managers can run automated tests with Coverity Dynamic Analysis by attaching it to the tail end of the build process to help identify defects that may have gone undetected during development. Ant integration can be leveraged to automatically launch Coverity Dynamic Analysis as part of your nightly build process or stress test at some other regular test interval.

Defect Reporting

Viewing and tracking defect history and resolution status at the branch level, the project level, and across projects is critical to make better decisions and measure developer productivity and quality improvement over time. In addition, you can use Coverity Dynamic Analysis reports as a way to certify code quality--your code and third party code received from you software supply chain--to internal and external customers and audit teams.

As shown through Coverity Integrity Manager, Coverity Dynamic Analysis' defect reporting allows you to answer three critical questions:

  1. Which defects have been fixed and have all critical defects been fixed?
  2. Have all instances of the defect across shared code been triaged and fixed (or not fixed)?
  3. What does my defect and quality trending look like by product, by release, by checker and defect type, and by user over time?

Metrics & Trending

Project managers can accurately track and monitor defect data to make educated decisions about where and how to invest resources. For every project and product, you can see metrics such as the number of total defects, number of outstanding defects, number of resolved defects, and defect density trending over time.

Dashboards

View a summarized graphical overview of the state of software integrity within and across projects and products. These customizable views can be shared among users, emailed with links or exported to Excel for cooperative decision making. Executives can get a precise view of the state of software integrity for each product, and each software component within it.

The main dashboard provides a graphical snapshot of the current profile of software defects, highlighting defect metrics, trends, and the top five new, outstanding, resolved, and fixed defects by user. The individual project dashboard outlines this information at a more granular level for project managers, team leads, and development managers.

Featured Resources

Webinars

White Papers

Related News and Articles

News Articles

Press Releases

Next Steps