|
587
|
1 |
.. index::
|
|
|
2 |
module: Coverity Prevent Tool.
|
|
|
3 |
|
|
|
4 |
========================
|
|
|
5 |
Coverity Prevent Tool
|
|
|
6 |
========================
|
|
|
7 |
|
|
|
8 |
.. contents::
|
|
|
9 |
|
|
|
10 |
This document describes requirements and how to run coverity prevent tool with sbs builds using helium.
|
|
|
11 |
|
|
|
12 |
Introduction
|
|
|
13 |
-----------------
|
|
|
14 |
- Coverity Prevent analyzes source code to find defects early in the development cycle, reducing the risks associated with coding. Included with Prevent are workflow tools that track and manage defects from initial discovery through final resolution.
|
|
|
15 |
- With high precision, Coverity Prevent analyzes source code and detects critical software defects in the following categories:
|
|
|
16 |
|
|
|
17 |
* Quality
|
|
|
18 |
|
|
|
19 |
Coverity Prevent detects bugs at compile-time that can cause run-time crashes. For example: memory leaks, use-after-free errors, and illegal pointer accesses.
|
|
|
20 |
|
|
|
21 |
* Security
|
|
|
22 |
|
|
|
23 |
Early during development, Coverity Prevent can detect the security vulnerabilities that hackers can exploit and help you eliminate serious problems, such as denial of service, data or memory corruption, and privilege escalation. Vulnerabilities detected can include buffer overruns, integer overflows, format string errors, and SQL injection attacks.
|
|
|
24 |
|
|
|
25 |
* Concurrency
|
|
|
26 |
|
|
|
27 |
Coverity Prevent can detect errors in multi-threaded programs that, given the complexity of concurrent programming, can be extremely difficult to track down or reproduce. Detected defects include potential deadlocks or misuse of locks.
|
|
|
28 |
|
|
|
29 |
Implmentation
|
|
|
30 |
-----------------
|
|
|
31 |
|
|
|
32 |
- Coverity command can be run using the <hlm:coverity> task.
|
|
|
33 |
- Coverity task will validate is the command passed to task is starts with "cov-" and then it will run the command.
|
|
|
34 |
- Coverity command options can passed through the datatypes "<hlm:coverityoptions>" or "<hlm:arg>".
|
|
|
35 |
- Below example shows how parameters can be passed to coverity command.
|
|
|
36 |
|
|
|
37 |
|
|
|
38 |
.. code-block:: xml
|
|
|
39 |
|
|
|
40 |
<hlm:coverity command="cov-link" dir="${build.drive}/">
|
|
|
41 |
<hlm:arg name="--dir" value="${coverity.inter.dir}"/>
|
|
|
42 |
<hlm:arg name="--collect" value=""/>
|
|
|
43 |
<hlm:arg name="-of" value="${coverity.link.dir}/all.link"/>
|
|
|
44 |
</hlm:coverity >
|
|
|
45 |
|
|
|
46 |
.. code-block:: xml
|
|
|
47 |
|
|
|
48 |
<hlm:coverityoptions id="coverity.analyze.options">
|
|
|
49 |
<hlm:arg name="--dir" value="${coverity.analyze.dir}"/>
|
|
|
50 |
<hlm:arg name="--all" value=""/>
|
|
|
51 |
<hlm:arg name="--symbian" value=""/>
|
|
|
52 |
<hlm:arg name="--append" value=""/>
|
|
|
53 |
<hlm:arg name="--enable-callgraph-metrics" value=""/>
|
|
|
54 |
</hlm:coverityoptions>
|
|
|
55 |
|
|
|
56 |
<hlm:coverity command="cov-analyze" dir="${build.drive}/">
|
|
|
57 |
<hlm:coverityoptions refid="coverity.analyze.options"/>
|
|
|
58 |
</hlm:coverity >
|
|
|
59 |
|
|
|
60 |
|
|
|
61 |
|
|
|
62 |
|
|
|
63 |
|
|
|
64 |
|