Previous static analysis solutions do not scale to meet the complexity of today’s software. These solutions fail in at least one of three ways: they do not report useful bugs, they are algorithmically limited to small code bases, or they report too many false positives. Nonetheless, many static analysis products of limited use can be found in the marketplace.

This paper introduces Coverity’s technology, a state-of-the-art static source code analysis technology designed to find critical defects in C and C++ software. Coverity’s products automate the detection of defects and security vulnerabilities in complex software by compiling and analyzing the code at build time. With Coverity’s technology, development teams quickly identify critical defects that would crash or compromise their software. Coverity helps companies improve software quality and security, decrease time to market and optimize developer productivity. To date, Coverity has analyzed more than 500 million lines of mission-critical product code, ranging from high-end database systems to highly reliable embedded systems used in the most rigorous deployment environments.