Click here to Skip to main content
14,548,230 members

The Insider News

   

The Insider News is for breaking IT and Software development news. Post your news, your alerts and your inside scoops. This is an IT news-only forum - all off-topic, non-news posts will be removed. If you wish to ask a programming question please post it here.

Get The Daily Insider direct to your mailbox every day. Subscribe now!

 
GeneralRe: Microsoft shares sneak peek of upcoming Windows 10 features Pin
David O'Neil22-Mar-20 10:52
professionalDavid O'Neil22-Mar-20 10:52 
GeneralRe: Microsoft shares sneak peek of upcoming Windows 10 features Pin
Mark_Wallace23-Mar-20 1:44
MemberMark_Wallace23-Mar-20 1:44 
NewsDeepCode brings AI-powered code review to C and C++ Pin
Kent Sharkey19-Mar-20 11:30
staffKent Sharkey19-Mar-20 11:30 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Greg Utas19-Mar-20 14:20
professionalGreg Utas19-Mar-20 14:20 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Mark_Wallace19-Mar-20 22:35
MemberMark_Wallace19-Mar-20 22:35 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Joe Woodbury20-Mar-20 8:28
professionalJoe Woodbury20-Mar-20 8:28 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Greg Utas20-Mar-20 9:27
professionalGreg Utas20-Mar-20 9:27 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Member 798912220-Mar-20 11:08
MemberMember 798912220-Mar-20 11:08 
Coverity has an integration with VS, but not to make VS/Coverity one integral unit - more like a front end, not unlike e.g. the Jira plugin.

A full-depth analysis is similar to running a build on a backend build server (in practice, you would often run it on the build server), storing the analysis results in a central datbase, usually common to the entire company. A quite extensive web interface to the database lets you classify and triage "defects", assign responsitbilities for followup, generate logs and charts etc. This interface cannot be integrated into VS - which makes sort of sense when you see how complex the management can be. (E.g. for each project in the database setting up access rights for each role - there is about a dozen, associating users with roles, setting up summary reporting etc. This goes far beyond a development environment. Compare it to Jira: You don't have the full functionality of Jira inside your IDE, either.

Running the complete analysis and loading the results into the database is so resource consuming that you don't want to do that after every ten edits. There is a lightweight work mode: You can import to your desktop PC a snapshot of last full analysis, usually made on the same code that you check out from your VCS. You make your edits in VS, and from VS you activate an "incremental" analysis which only considers those lines differing from the Coverity snapshot. Defects are reported similar to compilation errors, in a VS window pane, with all the standard navigation facilities etc. The report may be quite extensive; it may contain a deep trace back to the root of the defect. You can correct it and repeat the analysis to see if you got rid of the report, without leaving VS. The resource requirements are comparable to lint analysis, i.e. it is so fast that you really don't worry about it.

For better or worse: This is a completely local operation. Nothing is comitted to the Coverity database. If you clean up defects introduced through your recent code editing, they have no trace in the database. They will not appear in any defect counts, will not go through any central triaging. It will just help your subsequent code commit to be "clean"(er). The VS integration provides a quick "between commits" analysis. It is not a standalone option but a supplement to the centralized full analysis, to make both your code commit and the Coverity database cleaner.

It is certainly true that Coverity is not geared towards the hobby programmer. I came to think of an age-old-term: "Programming-in-the-large" (vs. programming-in-the-small) - it is definitely for "large" programming, where you analyze the ten million code lines of your subsystem in a nightly build. In such a scenario, the lightweight incremental desktop analysis, integrated in VS, is most definitely valuable. For the small business/hobbyist running everything on that desktop PC, the infrastructure is probably too heavy.

I never tried the free, open source, cloud based offering, but suspect that it is with Synopsis (the Coverity vendors) running the infrastructure for you: You commit your code to Git and invoke your "nightly Coverity build". After downloading analysis results, you can continue your VS editing, with VS integrated incremental analyses along the way. The infrastructure is still there, but you are not responsible for managing it. Coverity also integrates with a handful other IDEs/editors as well, like Eclipse and Emacs, but the list is not very long.

I will not claim that Coverity is the "best" at identifying defects - but I certainly would like to see someone setting up a thorough test to compare it to the others. What makes me love it is the support it provides to me as a programmer to help me finding the real source of the problem. It is as far from "Error 101: Something wrong" as you can possibly get; it takes me by the hand and leads me all the way along the path, pointing out every detail. Another tool that identifies 5% more issuses, but just says "Error 345 at line 2164", and that is it, will never win my heart.
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Greg Utas20-Mar-20 11:30
professionalGreg Utas20-Mar-20 11:30 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Mark_Wallace19-Mar-20 22:37
MemberMark_Wallace19-Mar-20 22:37 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Dan Neely20-Mar-20 2:23
MemberDan Neely20-Mar-20 2:23 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Greg Utas20-Mar-20 4:05
professionalGreg Utas20-Mar-20 4:05 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Mark_Wallace20-Mar-20 5:13
MemberMark_Wallace20-Mar-20 5:13 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Greg Utas20-Mar-20 5:29
professionalGreg Utas20-Mar-20 5:29 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Member 798912220-Mar-20 6:30
MemberMember 798912220-Mar-20 6:30 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Greg Utas20-Mar-20 7:16
professionalGreg Utas20-Mar-20 7:16 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Member 798912220-Mar-20 7:43
MemberMember 798912220-Mar-20 7:43 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Joe Woodbury20-Mar-20 8:52
professionalJoe Woodbury20-Mar-20 8:52 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Member 798912220-Mar-20 6:11
MemberMember 798912220-Mar-20 6:11 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Greg Utas20-Mar-20 6:33
professionalGreg Utas20-Mar-20 6:33 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
ZurdoDev20-Mar-20 6:12
mveZurdoDev20-Mar-20 6:12 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Greg Utas20-Mar-20 6:17
professionalGreg Utas20-Mar-20 6:17 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
ZurdoDev20-Mar-20 6:19
mveZurdoDev20-Mar-20 6:19 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
Nelek20-Mar-20 8:48
protectorNelek20-Mar-20 8:48 
GeneralRe: DeepCode brings AI-powered code review to C and C++ Pin
ZurdoDev20-Mar-20 6:10
mveZurdoDev20-Mar-20 6:10 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.