Coverity and Klocwork code analyzers drill deeper
Industry leaders show remarkable scalability and prowess but differ in design philosophy
As they perform similar tasks, both products share many aspects. They are driven by the same makefiles or project configuration files that drive a compiler. They build the code base using the compiler and watch the commands issued to the compiler, log them, and then generate a translated equivalent for their own analyzers. In this way, the analyzer is looking through exactly the same code base and files as the compiler. The tools then read through the code as the compiler would and perform the analysis. In both cases, the principal display mechanism for the results is HTML, which is made available via an embedded Web browser. Both products enable developers to make changes to one or more code files and post these changes to the central defects repository. The analysis engine will then comb through the changes and update the defect list, removing references to bugs that have now been remediated. In this way incremental updates to the defect list are possible.
The display of bugs is highly customizable. Due to the likelihood of many defects, the tools can constrain defect lists via a wide variety of filters. Managers can make comments about individual defects, and these comments will follow the defect anywhere it's displayed.
Both products had extensions oriented toward scanning for security holes. However, these options are new extensions that lack the maturity of existing stand-alone security checkers, such as those from Fortify and Secure Software.
Despite these similarities, the products diverged in significant areas.
Klocwork K7 v.220.127.116.11
Klocwork is a company formed 10 years ago by development managers at Nortel Networks to design programming tools that could handle the massive code bases used in telephone switches. Due to the fact that these switches are made up of many millions of lines of code, K7 has robustness and scalability built in. Not only does the analyzer scale easily across oceans of code, but the package contains extensive tools for managing the many results. The central project console has remarkably cogent visual representations of the code base and the exact status of the defect database, as it has changed over time. Extensive drill-down capabilities enable managers to view the entire project on one screen or view the status by project components, modules, files, even down to individual lines of code.
A separate utility presents extraordinary pictorial analysis of the complex relationships between files and functions. This tool is by a wide margin the most impressive code navigation tool I have seen. But beyond the navigational aspects, it can identify odd relationships that would indicate bugs, such as a library of functions making calls to an application -- a definite no-no. This relationship would never be flagged by the analyzer as suspect, because it cannot access this higher-level view.
K7 also has fine reporting capabilities. One click in the management console can generate an extensive PDF file (filters enable managers to include or exclude a wide variety of data), exportable text, or XML files. One option enables defects to be exported to the open source Bugzilla bug-tracking tool.