Coverity 8.7.1 命令与 Ant 任务说明书
Coverity Analysis、Coverity Platform 和 Coverity Desktop 说明
版权 2017, Synopsys, Inc.。在全球保留所有权利。
ii
目录
I. Coverity Analysis 命令 ................................................................ 1
cov-analyze, cov-analyze-java ........................................................ 2
cov-analyze-java(已废弃) .......................................................... 34
cov-blame ........................................................................... 35
cov-build、cov-build-sbox ........................................................... 39
cov-collect-models .................................................................. 60
cov-commit-defects .................................................................. 62
cov-configure、cov-configure-sbox ................................................... 72
cov-copy-overrun-triage (Deprecated) ................................................ 82
cov-count-lines ..................................................................... 84
cov-emit ............................................................................ 86
cov-emit-cs ......................................................................... 97
cov-emit-java ...................................................................... 100
cov-export-cva ..................................................................... 110
cov-find-function .................................................................. 112
cov-format-errors .................................................................. 114
cov-generate-hostid ................................................................ 118
cov-help ........................................................................... 119
cov-import-msvsca .................................................................. 120
cov-import-results ................................................................. 123
cov-link ........................................................................... 126
cov-make-library ................................................................... 129
cov-manage-emit .................................................................... 133
cov-preprocess ..................................................................... 167
cov-run-desktop .................................................................... 169
cov-test-configuration ............................................................. 188
cov-translate ...................................................................... 191
cov-upgrade-static-analysis ........................................................ 198
cov-wizard ......................................................................... 200
II. Coverity Analysis Ant 任务 ......................................................... 201
covanalyzeandcommit ................................................................ 202
covbuild ........................................................................... 207
III. Test Advisor 命令 ................................................................. 209
cov-capture ........................................................................ 210
cov-emit-server .................................................................... 211
cov-emit-server-control ............................................................ 213
cov-extract-scm .................................................................... 215
cov-import-scm ..................................................................... 221
cov-manage-history ................................................................. 224
cov-patch-bulleye .................................................................. 227
IV. Dynamic Analysis 命令 .............................................................. 228
cov-start-da-broker ................................................................ 229
cov-stop-da-broker ................................................................. 231
V. Dynamic Analysis Ant 任务 ........................................................... 233
cov-dynamic-analyze-java ........................................................... 234
cov-dynamic-analyze-junit .......................................................... 237
cov-start-da-broker ................................................................ 238
cov-stop-da-broker ................................................................. 240
VI. Coverity Connect 命令 .............................................................. 241
cov-admin-db ....................................................................... 242
cov-get-certs ...................................................................... 244
cov-im-ctl ......................................................................... 245
Coverity 8.7.1 命令与 Ant 任务说明书
iii
cov-import-cert .................................................................... 246
cov-manage-im ...................................................................... 247
cov-start-im ....................................................................... 272
cov-stop-im ........................................................................ 273
cov-support ........................................................................ 274
VII. Coverity Integrity Report ......................................................... 275
cov-generate-integrity-report ...................................................... 276
VIII. Security Report .................................................................. 278
cov-security-report ................................................................ 279
cov-generate-security-report ....................................................... 280
IX. Coverity MISRA Report .............................................................. 281
cov-misra-report ................................................................... 282
cov-generate-misra-report .......................................................... 283
A. 接受的日期/时间格式 .................................................................. 284
B. Coverity 术语表 ..................................................................... 285
C. 法律声明 ............................................................................ 293
1
Coverity Analysis 命令
2
名称
cov-analyze, cov-analyze-java 为质量和安全缺陷分析中间目录。
大纲
cov-analyze --dir <intermediate_directory> [OPTIONS]
cov-analyze-java --dir <intermediate_directory> [OPTIONS]
说明
cov-analyze 命令在中间目录中针对捕获的代码运行检查器,并将分析结果存储在使用 --dir 指定
的该目录中。此命令通常在位于同一中间目录中的 cov-build 之后,cov-commit-defects 之前。cov-
analyze-java 命令是 cov-analyze 的已废弃形式,后者仅分析 Java 代码,例如 cov-analyze
--java。尽管 cov-analyze 不报告 Java 和 NET 字节码形式的缺陷,也不报告不是由人员编写的某些
源代码形式,但此命令对它们运行分析,以便发现可编辑源代码中的全局缺陷。
包含分析中使用的检查器相关信息(包括崩溃通知)的日志文件 (analysis-log.txt) 位于以下目录
中:<intermediate_directory>/output。
注意
如果您在试图运行该命令时遇到严重的 No license found 错误,则需要确保将 license.dat
正确复制到 <install_dir>/bin 中。
在某些 Windows 平台中,要将 Coverity Analysis 许可证复制到 <install_dir>/bin 中,可
能需要使用管理员权限。由于某些 Windows 版本中存在文件虚拟化,因此 license.dat 可能看起
来位于 <install_dir>/bin 中,而实际上不在此目录中。
管理员权限通常可以在命令解释器的可执行文件(如 Cmd.exe 或 Cygwin)或 Windows Explorer
的右键菜单选项中设置。
选项
--aggressiveness-level <level>
启用一组检查器标记和 cov-analyze 选项,使 Coverity Analysis 在分析期间做出更攻击性的
假设。级别越高报告的缺陷越多,分析时间越长。level 的值为 low、medium 或 high。默认为
low。
从版本 7.0 开始,此选项适用于使用 cov-analyze 进行分析的所有编程语言。如果检查器选项适
用于多个语言,则攻击性级别调整将适用于所有受支持语言的该选项。对不适用于指定语言的检查器
选项的更改没有任何作用或相关警告。
对于 medium,非分析警告检查器的所有检查器的聚合误报率大约高 50%,对于 high,大约高
70%。不同的攻击性级别不会影响分析警告检查器报告的误报率。分析警告检查器的攻击性级别越高,
针对严重性较低缺陷的警告越多。
值 low 使用所有检查器和选项的默认值。要获得检查器选项默认值列表,请参阅Coverity 8.7.1 检
查器说明书中的检查器选项默认值 。
值 medium 使用 low 级别的设置,并进行以下覆盖:
--enable-parse-warnings:true [C/C++]
--no-field-offset-escape:true [C/C++]
BAD_ALLOC_STRLEN:report_plus_any:true [C/C++]
CALL_SUPER:threshold:.55 [C#, Java]