Static Code Analysis (SCA) tools try to find bugs by analyzing the source code using some static analysis techniques which do not require executing the code. Different static analysis techniques such as syntactic pattern matching, data flow analysis, model checking and verification theorems have been used by these tools to discover a wide range of bugs. While intending to help quickly identifying bugs in the program, these tools however, usually generate an unduly enormous number of warnings due to the use of underlying approximate analysis techniques. This information overload can easily hinder the potential benefits of such tools. Understanding the warnings and their categorization can help to perceive the strengths and limitations of these SCA tools. Our project aims to develop a tool which automatically filters the false alarms generated by the SCA tools, which will help testers to only concentrate on actual errors. Below figure shows process of identification of false alarms (Phase I is completed).
Software contains bugs. A software bug is a defect in the software. As a result, the functionality of the software might get altered and disrupted. Some bugs are easy to find whereas others are almost impossible to figure out as the code having these bugs may never get exercised, or their execution may not result in observed failures. Some bugs that come up may even go unnoticed because they are not apprehended as bugs or are not enough severe. Software bugs are caused by several types of errors that are made while coding. An error is a mismatch between the program and its specifications. For instance, bugs may be resulted due to the programming errors made intentionally or unintentionally, like logical inconsistencies (e.g., a conditional test that cannot possibly be true), runtime errors (e.g., dereferencing a null pointer), resource leaks (performance of the program degrades until the program crashes) or potential security violations (e.g., SQL injection). Software bugs can outlay companies’ large amounts of money, specifically when they induce to software failures. Hence, fixing bugs before the software is put to use, is very important. SCA can be viewed as an automated code review process. It is used for detecting bugs in the source code without the need of executing the code. It looks for violations within the code and some specific type of programming errors. Additionally it can help in maintaining the coding conventions.