[cfe-dev] Coverity vs Clang Static analyzer

[David Chisnall]

Hi,

On 20 Feb 2014, at 06:42, G Raghuram <contactraghu at gmail.com> wrote:

> Can someone please comment on features of Clang static analyzer vs Coverity? Does coverity catch any extra errors or can we just do a drop-in replacement.?

We use both for FreeBSD.  Coverity catches more things, but also has a somewhat higher false positive rate.  Currently, the most useful feature that Coverity has and the clang static analyser lacks is the ability to track bugs over source code changes.  Clang requires annotations to be placed in the source code to silence warnings.  This is fine for our code, but a pain for third-party code where we don't want to increase the effort for merging.  Coverity lets you flag a bug as a false positive.  This is also nicer from a review perspective - it lets you investigate the bugs other people have marked as false positives and check that they really were.  

The other difference is momentum.  The clang analyser is under very active development and it catches a lot more things than it did a year ago.  It's also much easier to write plugins for if you want to check for correct usage of your own APIs or idioms.  

David