Coverity 2018.09 命令指南

需积分: 10 127 浏览量更新于2024-06-29 收藏 1.11MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

"Coverity命令参考提供了对Coverity Analysis、Coverity Platform和Coverity Desktop的命令行用法的详细指导。这份文档适用于Coverity 2018.09版本，由Synopsys公司版权所有。它包含了从代码分析到缺陷提交、配置、模型收集、结果导入和导出等一系列Coverity工具的命令操作。" Coverity是Synopsys公司的一款静态代码分析和软件安全测试工具，用于在代码编写阶段检测潜在的缺陷和漏洞。以下是一些关键的Coverity命令及其功能： 1. `cov-analyze`：执行源代码分析，扫描代码中的潜在缺陷。 2. `cov-blame`：用于追踪代码中的缺陷到特定的源代码行，帮助开发者定位问题。 3. `cov-build` 和 `cov-build-sbox`：构建应用程序并集成Coverity分析，`cov-build-sbox`通常用于隔离的构建环境。 4. `cov-collect-models`：收集模型数据，这在自定义或更新Coverity的分析模型时非常有用。 5. `cov-commit-defects`：将修复的缺陷提交回缺陷管理系统。 6. `cov-configure` 和 `cov-configure-sbox`：配置Coverity分析器的设置，包括项目属性和分析选项。 7. `cov-copy-overrun-triage`（已弃用）：处理缓冲区溢出缺陷的分类，但不再推荐使用。 8. `cov-count-lines`：统计源代码行数，为代码复杂性分析提供基础数据。 9. `cov-dotnet-aot`：针对.NET应用程序的预先编译分析。 10. `cov-emit` 和其相关子命令如 `cov-emit-cs`, `cov-emit-java`, `cov-emit-swift`：用于生成特定编程语言的分析事件。 11. `cov-export-cva`：导出Coverity分析结果到其他格式。 12. `cov-extract-scm`：从源代码管理系统中提取代码更改以进行增量分析。 13. `cov-find-function`：查找代码中的特定函数。 14. `cov-format-errors`：格式化分析错误报告，使其更易读。 15. `cov-generate-hostid`：生成主机ID，用于识别运行Coverity的系统。 16. `cov-help`：提供命令帮助信息。 17. `cov-import-msvsca`：导入Microsoft Visual Studio Code Analysis的结果。 18. `cov-import-results`：导入外部分析结果到Coverity平台。 19. `cov-import-scm`：从源代码控制系统导入代码历史。 20. `cov-install-updates`：安装Coverity的更新和补丁。 21. `cov-link`：链接库和可执行文件以创建最终分析目标。 22. `cov-make-library`：创建库文件以便于Coverity分析。 23. `cov-manage-emit`：管理分析事件的生成。 24. `cov-preprocess`：预处理源代码，准备分析。 25. `cov-run-desktop`：在Coverity Desktop环境中运行分析。 26. `cov-run-fortran`：专门针对Fortran代码的分析。 27. `cov-test-configuration`：验证分析配置的有效性。 28. `cov-translate`：转换源代码以适应Coverity分析。 29. `cov-upgrade-static-analysis`：升级静态分析配置。 30. `cov-wizard`：引导用户完成复杂的配置任务。此外，文档还涵盖了Coverity Analysis Ant Tasks，如`covanalyzeandcommit`和`covbuild`，这些是基于Apache Ant构建工具的命令，用于集成Coverity分析到构建流程中。最后，提到了Test Advisor命令，如`cov-capture`，这是用于动态测试分析的部分，帮助捕获运行时的行为以便进一步分析。这份文档详尽地涵盖了Coverity工具集的使用，对于那些希望深入理解和有效利用Coverity来提升代码质量和安全性的人来说，是非常宝贵的参考资料。

资源详情

资源推荐

cov-analyze

Checkers are enabled by name, so related checkers such as MISSING_LOCK and

GUARDED_BY_VIOLATION are enabled independently. The checker name is case insensitive. You

can specify this option multiple times. See also --list-checkers and --disable-default.

Unlike the --disable option, this option does not work with SpotBugs bug patterns.

--enable-callgraph-metrics

Creates <intermediate_directory>/output/callgraph-metrics.txt and

<intermediate_directory>/output/checked-return.csv.

The callgraph-metrics.txt file has information about which functions are analyzed. The

file lists whether a function is implemented, which means it is analyzed, or whether a function is

unimplemented, which means that it is not analyzed. A model is used if it is available. It also shows

the number of callers for each function.

The checked-return.csv file stores information on the percentage of times that each the return

value of each function is checked. This information can help you understand situations where the

statistical checkers report different defects in local builds than they do in full builds.

For details, see Coverity Analysis 2018.09 User and Administrator Guide.

Starting in version 7.0, applies to all programming languages.

--enable-constraint-fpp

Enables additional filtering of potential defects by using an additional false-path pruner (FPP). This

option can increase the analysis time up to 20% (normally much less), but decrease the number

of false positives that occur along infeasible paths. Because this FPP uses a different method for

pruning false positives, it is possible that a very small number of true positives are pruned as well.

Note that use of this option requires an additional 200MB of memory per worker.

Starting in version 7.0, this option applies to C/C++, C#, and Java.

--enable-default

Enables all default checkers. This option takes precedence over the --disable-default option or

the --test-advisor option. That is, if this option is specified then all default checkers are enabled

regardless of the use of those options. However, individual checkers can still be disabled using the

--disable option.

--enable-exceptions

Enables exceptional control flow analysis for C++. If specified, this option will report the following type

of resource leak as a defect:

bool maybe;

void test1() {

int *x = new int;

if (maybe) {

throw 0; // x is leaked

}

delete x;

}

cov-analyze

By default, the analysis ignores the exception type std::bad_alloc because some applications

might not be designed to handle out-of-memory scenarios. If you specify --enable-exceptions

--handle-badalloc, the analysis will report the following example as a defect. The example leaks

memory if new char throws a std::bad_alloc exception:

void test() {

int *x = new int;

char *y = new char; // Leaks 'x' if this throws std::bad_alloc

delete y;

delete x;

}

Note that defects are not limited to leaks. For example, the FORWARD_NULL checker finds the

following defect:

int *global;

void foo() {

int *y = 0;

try {

// if std::bad_alloc is thrown, y remains null

global = new int;

y = global;

} catch (...) {

// empty

}

*y = 1; //FORWARD_NULL defect.

}

This option is disabled by default for C++ but enabled by default for Java and C#.

See also --parse-warnings-config.

This option is set automatically if the --aggressiveness-level option is set to medium (or to

high).

--enable-single-virtual

Enables single, virtual-call resolution. By default, a C++ analysis treats all virtual functions as

unimplemented, whereas full virtual call resolution is enabled by default for Java and C# analyses.

When this option is enabled, interprocedural analysis across virtual calls takes place when the

analysis engine finds only one implementation of a virtual function. When the analysis engine finds

more than one implementation, it assumes that the virtual function is unimplemented. Do not specify

this option if you specify the --enable-virtual option.

A C++ analysis can take longer than the default analysis because the analysis engine looks at

implementations of virtual functions, which can result in more defect reports. Though this using this

option might expedite Java and C# analyses, it also significantly affects results for interprocedural

checkers.

Specify this option, or --enable-virtual, to enable interprocedural analysis of Apple Block

invocations in C and C++ code.

Starting in version 7.0, applies to all programming languages.

--enable-test-metrics

This option creates test metrics data files (in the intermediate directory) that can be subsequently

committed to Coverity Connect for storage. This option can be specified with other cov-analyze

options and it does not require cov-analyze to be invoked with --test-advisor option. This

option turns on all the necessary passes of the analysis that are required to compute test metrics.

Test metrics contain a mapping from the tests available in the emit directory to the functions that

each test covers. This data is used during Test Prioritization to calculate properties of the tests (for

example, the covered_function_count property) which can be used as part of the test score.

The -enable-test-metrics- option requires --strip-path option.

This option works with C/C++, C#, and Java.

--enable-virtual

Enables full, virtual-call resolution. By default, a C++ analysis treats all virtual functions as

unimplemented, whereas full virtual call resolution is enabled by default for Java and C# analyses.

When specified, this option allows up to 100 function resolutions for any virtual method. If that limit is

exceeded, the analysis engine reverts to the default behavior.

cov-analyze

Do not use this option if you specify the --enable-single-virtual option. The analysis can take

significantly longer than the default or when the --enable-single-virtual option is enabled

because the analysis engine looks at all implementations of virtual functions, which can result in more

defect reports.

Specify this option, or --enable-single-virtual, to enable interprocedural analysis of Apple

Block invocations in C and C++ code.

Note

To make the analysis resolve to a model of a virtual or pure virtual function without using --

enable-virtual, see "Analyzing models of virtual functions" in the Coverity 2018.09 Checker

Reference .

--export-summaries <true|false>

Collects function summary data for the analysis. The collected data provides interprocedural analysis

information for Desktop Analysis users, and must be committed to any stream that is used by

Desktop Analysis.

This option is true by default.

--field-offset-escape

[C++ analysis option] A pointer escapes the analysis if it is written to memory, passed to free(), or

passed to a function definition that is inaccessible to cov-analyze. Once the pointer escapes the

analysis, the storage to which it points will never be treated as a leak or uninitialized.

This option eliminates certain false positives in C++ by making the analysis treat &v->field as an

alias for v because some programs exploit the fact that (&v->field) - offsetof(typeof(v),

field) == v to free v given &v->field.

By default, this heuristic applies to only to C code (but not C++). This option enables this heuristic for

C++, as well.

See also, --no-field-offset-escape.

--force

Turns off incremental analysis. This setting forces a full re-analysis of the source, even if the source

file or other source files on which it depends have not changed since it was previously analyzed.

--fnptr-models

[C/C++ analysis option] Enables function pointer models if the analysis fails to analyze certain

function pointers calls. You can enable analysis of calls to function pointers, without requiring explicit

models, using the --enable-fnptr option. For more information and examples, see "Modeling function

pointers" in the Coverity 2018.09 Checker Reference .

--handle-badalloc

[C/C++ analysis option] Causes the analysis as a whole to handle exceptions of type

std::bad_alloc, both for exceptional control flow and for UNCAUGHT_EXCEPT. By default, such

exceptions are otherwise ignored even when you use --enable-exceptions.

cov-analyze

For an example, see --enable-exceptions.

--hfa

[C-only analysis option] Reports unnecessary header file includes. For more information, see "HFA"

in the Coverity 2018.09 Checker Reference .

The --all option does not enable this checker.

--hibernate-config

Specifies a directory that contains Hibernate mapping XML files, if applicable. Pertains to the

HIBERNATE_BAD_HASHCODE checker (see the Coverity 2018.09 Checker Reference for

details).

--inherit-taint-from-unions

Enable taint to flow downwards from a C/C++ union to its component fields. This is required to check

code that writes to a union using memcpy(&u, &tainted, n) and later reads using u.field.

Affects security checkers TAINTED_SCALAR and INTEGER_OVERFLOW .

--java

[Java analysis option] Filters by Java translation units on which this command operates or reports.

The command will fail with an informative error message if none of the translation units in the emit

subdirectory match any of the specified language options in the intermediate directory.

--jobs <number-of-workers> | auto | max<number-of-workers>, -j <number-of-workers> | auto |

max<number-of-workers>

Allows you to control the number of analysis workers that run in parallel, subject to any limits

specified by your license. Starting in version 7.6.0, the need to use this option should be rare

because the default typically sets the appropriate number of workers to use for your hardware,

license, and analysis task. Note that the default for this option varies by license.

• Default for a non-Flexnet license (license.dat): --jobs auto

• Default for a Flexnet license: --jobs max8

In general, the analysis runs faster with more threads, but the scalability of that speed increase

depends on the kind of analysis, the code language(s), and other properties of the code base. In

general, analysis of C code parallelizes best, followed by C++, followed by C# and Java quality

analyses, followed by Web application security analysis, which is largely not parallelized.

This option must specify one of the following values:

• <number-of-workers>: Specifies number of analysis workers to run in parallel.

Example: --jobs 8

The specified number of workers is not allowed to exceed suggested limits for your hardware

unless you also use the --override-worker-limit option.

• auto: Automatically determines the number of workers to use. Hardware detection through --

jobs auto attempts to optimize for the case where the analysis has full or nearly-full use of the

剩余408页未读，继续阅读

asdf050412

粉丝: 6
资源: 18

Coverity 2018.09 命令指南

coverity command ref

Coverity可以在win系统上安装吗

coverity开发文档

coverity 下载

coverity使用教程

coverity中cov-run-deskto命令

coverity fortify checkmarx 工具对比

coverity中cov-run-deskto命令有哪些参数，进行解释

coverity 如何将issue 设置为ignore

修改coverity 页面布局

hooks函数如何通过静态代码分析工具Coverity进行覆盖性测试

coverity issue 页面的右上方，找不到“修复”按钮

coverity和sonarqube的区别，哪个比较好用来做白盒测试

coverity中cov-run-desktop是只能对修改文件进行分析吗

coverity中cov-run-desktop中的@@参数

int左移32位的行为未定义/Coverity

cov-run-desktop可以对新增文件进行分析吗

coverrity reset 获取CID状态

coverrity 如何使用api接口 获取CID状态

最新资源

coverrity 如何使用api接口获取CID状态