Embedded Developers Create Source Code Checkers with Coverity Extend

Coverity, Inc., makers of the world’s most advanced source code analysis solution, announced the general availability of a new version of Coverity Extend, a suite of tools that enables embedded, ISV and enterprise developers to easily create customized source code checkers that work with Coverity Prevent, the company’s flagship analysis product. The new version now has full access to C/C++ types and comes with a new library of examples as well as extensive documentation. The product is an important upgrade for developers working on software with special features that require unique source code analysis checks.

MCCI Corporation, the world leader in USB drivers and firmware for cell phones, is using Coverity Extend to build customized checks that detect specialized errors in USB drivers and firmware for 2.5G and 3G cell phones. Realizing that focusing on developing the highest quality software products would yield business results by reducing the high costs of product recalls and firmware upgrade distribution, MCCI implemented a rigorous software quality assurance program with Coverity Prevent and Coverity Extend. With Extend, MCCI was able to build checkers in less than 30 minutes. The configuration and checker development were one-time processes that then enabled the entire code base to be checked on an ongoing basis. Each analysis by each checker covered 100 percent of the paths of the software and returned extremely accurate results with low false positives.

“There’s tremendous value for a development group to be able to write a custom checker in less than an hour and have every member of the team then be able to put it to work finding software defects that same day,” said Paul Berg, VP Architecture & Engineering at MCCI. “Coverity is the only system I know of that enables us to use our unique knowledge of our software products to continually improve the quality assurance process. Every time one of our developers writes a checker with Extend that finds a unique type of defect, we estimate that every other developer in our team that encounters the same defect type could save a week of work tracking down the bug.”

“When used strategically, Extend can be a powerful accelerator to the quality assurance process,” said Ben Chelf, CTO at Coverity. “Custom checkers built with Extend use the vast pool of knowledge in the development group, resulting in checkers that precisely understand the nuances of the code. Development managers can leverage their entire development team to improve the quality assurance process, enforce coding policies, and build a unique base of reusable intellectual property that can be used to analyze all paths in their software with project-specific checks.”

Coverity Extend offers developers an alternative to manual code review processes, which can only address portions of a large code base. Through the strategic use of automation and customized checks, development groups can regularly perform a complete review of the entire code and establish processes for enforcing programming conventions. Software development groups can create and enforce policies and processes for building quality into software or create compliance packages for internal coding policies and industry coding standards. Customized code audit processes can be automated. Organizations can also create customized security checks to guard against unauthorized access to sensitive data and other malicious exploits.

Key features in Coverity Extend include:

  • Full access to C/C++ types
  • Popular C++ syntax for custom checkers, allowing any developer to quickly create checkers in a familiar environment
  • Flexibility to create almost any checking function
  • Library of reference examples that speed up the development of checkers
  • Documentation to make it easier to create custom checkers
  • Checkers that run in development time

About Coverity
Coverity, the leader in improving software quality and security, is a privately held company headquartered in San Francisco. Coverity’s groundbreaking technology removes the barriers to writing and delivering complex software by automatically finding and helping to fix critical software defects and security vulnerabilities as the software is written. More than 200 leading companies choose Coverity because it scales to tens of millions of lines of code, has the lowest false positive rate and provides 100 percent path coverage. Companies like Juniper Networks, Symantec/VERITAS, McAfee, Synopsys, NASA, Palm and Wind River work with Coverity’s tools to find and fix security and quality defects from their mission-critical code.

Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc.