Coverity, a company known for its Java, C and C++ static analyzers, released a static analysis tool for C#. According to the company, Prevent for C# utilizes a new analysis engine developed by Coverity’s research and development lab that is designed specifically for detecting defects in applications built on Microsoft’s .NET framework.

According to Coverity co-founder and chief scientist Andy Chou, the tool was developed in recognition of C#'s increasing role in mission-critical applications:

Coverity developed Prevent for C# in response to requests from our existing customer base and the growing use of the .NET application framework in mission-critical systems where software defects can be tremendously costly. Delivering new technology so that our static analysis product line covers C, C++, C# and Java is a significant milestone on our roadmap for our flagship static analysis solution.

Coverity's new static analysis engine analyzes 100% of the paths through a C# code base, ensuring that all possible execution branches are followed, while avoiding impossible paths to maintain fast execution. The C# analysis engine has a low false positive rate of 15%, in part because it was designed to handle the latest features of the C# language, such as operator overloading, properties, and idioms for iteration and resource management. Prevent for C# also automatically finds third party .NET assemblies to ensure a complete analysis results even in complex applications.

Prevent's Defect Manager provides a web-based interface that enables analysis and remediation with a comprehensive workflow platform. It allows teams to collaboratively view analysis results, triage defects, assign ownership, and more.

Features of Coverity Prevent for C# include:

Coverity provides a free trial download for Prevent for C#.

What are your favorite ways to analyze the correctness of your C# code?