Coverity Static Analysis
Coverity (formerly Coverity Prevent ) is a commercial , proprietary software, since February 2014 Synopsys belonging to the US software company Coverity, Inc. for static code analysis of C - C ++ - C # - and Java - source code . Thus may include race conditions (race conditions) and memory leaks are discovered.
development
The development of the software goes back to the Stanford Checker developed at Stanford University . This was developed under the direction of Professor Dawson Engler as part of the Meta-Level Compilation ( MC ) project on the basis of a modified GNU C compiler (gcc), the xgcc. Since Stanford University never disclosed the software, Dan Carpenter announced on January 1, 2003 Smatch , a replica of the Stanford Checker based on the publications of the MC project.
commitment
The software is used by Google Inc. , among others , and was used to fix numerous errors in the Linux kernel. In 2006, the United States Department of Homeland Security commissioned a three-year open source bug fix project, funded with $ 1.24 million, to search the source code of over 150 free software projects, the results of which led to the correction of over 6000 errors and security gaps in 53 projects.
Web links
Individual evidence
- ↑ Synopsys Enters Software Quality and Security Market with Coverity Acquisition , PR Newswire, February 19, 2014, accessed August 27, 2016.
- ↑ LWN.net : Smatch - a Stanford Checker for the rest of us , January 8, 2003
- ↑ The open source results ( Memento of December 13, 2011 in the Internet Archive ) on scan.coverity.com
- ↑ Open source one year results ( Memento from October 4, 2011 in the Internet Archive ) on scan.coverity.com
- ↑ ZDNet : LAMP lights the way in open-source security , March 6, 2006